Diff

Differences From Artifact [4871edf916]:

To Artifact [68573cb13e]:


879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
879
880
881
882
883
884
885

886
887
888
889
890
891
892







-







Version is the protocol version\&.
.TP
\fIcontent_type\fR
Content type is the message content type\&.
.TP
\fImessage\fR
Message is more info from the \fBSSL_trace\fR API\&.
This argument is new for TclTLS 1\&.8\&.
.RE
.TP
\fBsession\fR \fIchannelId session_id session_ticket lifetime\fR
This form of callback is invoked by the OpenSSL function
\fBSSL_CTX_sess_set_new_cb()\fR whenever a new session id is sent by the
server during the initial connection and handshake and also during the session
if the \fB-post_handshake\fR option is set to true\&. This callback is new for
901
902
903
904
905
906
907
908

909
910
911
912
913
914
915
900
901
902
903
904
905
906

907
908
909
910
911
912
913
914







-
+







Ticket is the session ticket info
.TP
\fIlifetime\fR
Lifetime is the ticket lifetime in seconds\&.
.RE
.TP
\fBverify\fR \fIchannelId depth cert status error\fR
This callback was moved to the \fB-verify_callback\fR in TclTLS 1\&.8\&.
This callback was moved to \fB-validatecommand\fR in TclTLS 1\&.8\&.
.PP
.SS "VALUES FOR PASSWORD CALLBACK"
The callback for the \fB-password\fR option is invoked by TclTLS whenever OpenSSL needs
to obtain a password\&. See below for the possible arguments passed to the
callback script\&. The user provided password is expected to be returned by the
callback\&.
.TP
1019
1020
1021
1022
1023
1024
1025
1026

1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037

1038
1039
1040
1041
1042
1043
1044
1018
1019
1020
1021
1022
1023
1024

1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035

1036
1037
1038
1039
1040
1041
1042
1043







-
+










-
+







\fB-validatecommand\fR option is set to \fBtls::validate_command\fR\&.
.PP
\fIThe use of the variable \fBtls::debug\fR is not recommended\&.
It may be removed from future releases\&.\fR
.SH "DEBUG EXAMPLES"
These examples use the default Unix platform SSL certificates\&. For standard
installations, -cadir and -cafile should not be needed\&. If your certificates
are in non-standard locations, update -cadir or use -cafile as needed\&.
are in non-standard locations, specify -cadir or -cafile as needed\&.
.PP
Example #1: Use HTTP package
.CS



package require http
package require tls
set url "https://www\&.tcl\&.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs  -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1  -command ::tls::callback -password ::tls::password  -validatecommand ::tls::validate_command]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

1056
1057
1058
1059
1060
1061
1062
1063

1064
1065
1066
1067
1068
1069
1070
1055
1056
1057
1058
1059
1060
1061

1062
1063
1064
1065
1066
1067
1068
1069







-
+









package require tls

set url "www\&.tcl-lang\&.org"
set port 443

set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1  -alpn {http/1\&.1} -cadir /etc/ssl/certs -command ::tls::callback  -password ::tls::password -validatecommand ::tls::validate_command $url $port]
set ch [tls::socket -autoservername 1 -servername $url -require 1  -alpn {http/1\&.1} -command ::tls::callback -password ::tls::password  -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch

puts $ch "GET / HTTP/1\&.1"
flush $ch
after 500
set data [read $ch]
1088
1089
1090
1091
1092
1093
1094
1095

1096
1097
1098
1099
1100
1101
1102
1087
1088
1089
1090
1091
1092
1093

1094
1095
1096
1097
1098
1099
1100
1101







-
+










package require http
package require tls
set url "https://www\&.tcl\&.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

1115
1116
1117
1118
1119
1120
1121
1122

1123
1124
1125
1126
1127
1128
1129
1114
1115
1116
1117
1118
1119
1120

1121
1122
1123
1124
1125
1126
1127
1128







-
+








package require http
package require tls

set url "https://wiki\&.tcl-lang\&.org/sitemap\&.xml"
set filename [file tail $url]

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]

# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]

# Cleanup
close $ch