︙ | | |
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
|
879
880
881
882
883
884
885
886
887
888
889
890
891
892
|
-
|
Version is the protocol version\&.
.TP
\fIcontent_type\fR
Content type is the message content type\&.
.TP
\fImessage\fR
Message is more info from the \fBSSL_trace\fR API\&.
This argument is new for TclTLS 1\&.8\&.
.RE
.TP
\fBsession\fR \fIchannelId session_id session_ticket lifetime\fR
This form of callback is invoked by the OpenSSL function
\fBSSL_CTX_sess_set_new_cb()\fR whenever a new session id is sent by the
server during the initial connection and handshake and also during the session
if the \fB-post_handshake\fR option is set to true\&. This callback is new for
|
︙ | | |
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
|
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
|
-
+
|
Ticket is the session ticket info
.TP
\fIlifetime\fR
Lifetime is the ticket lifetime in seconds\&.
.RE
.TP
\fBverify\fR \fIchannelId depth cert status error\fR
This callback was moved to the \fB-verify_callback\fR in TclTLS 1\&.8\&.
This callback was moved to \fB-validatecommand\fR in TclTLS 1\&.8\&.
.PP
.SS "VALUES FOR PASSWORD CALLBACK"
The callback for the \fB-password\fR option is invoked by TclTLS whenever OpenSSL needs
to obtain a password\&. See below for the possible arguments passed to the
callback script\&. The user provided password is expected to be returned by the
callback\&.
.TP
|
︙ | | |
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
|
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
|
-
+
-
+
|
\fB-validatecommand\fR option is set to \fBtls::validate_command\fR\&.
.PP
\fIThe use of the variable \fBtls::debug\fR is not recommended\&.
It may be removed from future releases\&.\fR
.SH "DEBUG EXAMPLES"
These examples use the default Unix platform SSL certificates\&. For standard
installations, -cadir and -cafile should not be needed\&. If your certificates
are in non-standard locations, update -cadir or use -cafile as needed\&.
are in non-standard locations, specify -cadir or -cafile as needed\&.
.PP
Example #1: Use HTTP package
.CS
package require http
package require tls
set url "https://www\&.tcl\&.tk/"
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
|
︙ | | |
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
|
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
|
-
+
|
package require tls
set url "www\&.tcl-lang\&.org"
set port 443
set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 -alpn {http/1\&.1} -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
set ch [tls::socket -autoservername 1 -servername $url -require 1 -alpn {http/1\&.1} -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch
puts $ch "GET / HTTP/1\&.1"
flush $ch
after 500
set data [read $ch]
|
︙ | | |
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
|
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
|
-
+
|
package require http
package require tls
set url "https://www\&.tcl\&.tk/"
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
|
︙ | | |
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
|
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
|
-
+
|
package require http
package require tls
set url "https://wiki\&.tcl-lang\&.org/sitemap\&.xml"
set filename [file tail $url]
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]
# Cleanup
close $ch
|
︙ | | |