︙ | | |
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
|
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
|
-
+
|
}
/*
*-------------------------------------------------------------------
*
* Session Callback for Clients --
*
* Called when a new session ticket has been received. In TLS 1.3
* Called when a new session is added to the cache. In TLS 1.3
* this may be received multiple times after the handshake. For
* earlier versions, this will be received during the handshake.
*
* Results:
* None
*
* Side effects:
|
︙ | | |
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
|
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
|
-
-
+
+
+
+
+
|
const unsigned char *session_id;
int len;
int code;
size_t len2;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL)
return 0;
if (statePtr->callback == (Tcl_Obj*)NULL) {
return SSL_TLSEXT_ERR_OK;
} else if (ssl == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("session", -1));
/* Session id */
session_id = SSL_SESSION_get0_id_context(session, &len);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(session_id, len));
|
︙ | | |
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
|
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
|
+
-
+
|
Tcl_BackgroundException(interp, code);
#endif
}
Tcl_DecrRefCount(cmdPtr);
Tcl_Release((ClientData) statePtr);
Tcl_Release((ClientData) interp);
/* If return non-zero, caller will have to do a SSL_SESSION_free() on the structure. */
return 1;
return 0;
}
/*
*-------------------------------------------------------------------
*
* ALPN Callback for Servers --
*
|
︙ | | |
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
|
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
|
-
+
+
+
+
|
State *statePtr = (State*)arg;
Tcl_Interp *interp = statePtr->interp;
Tcl_Obj *cmdPtr;
int code;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL)
if (statePtr->callback == (Tcl_Obj*)NULL) {
return SSL_TLSEXT_ERR_OK;
} else if (ssl == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}
/* Select protocol */
SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len, in, inlen);
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1));
|
︙ | | |
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
|
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
|
-
-
+
+
+
+
+
|
int code;
const char *servername;
const unsigned char *p;
size_t len, remaining;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL)
return SSL_CLIENT_HELLO_SUCCESS;
if (statePtr->callback == (Tcl_Obj*)NULL) {
return SSL_TLSEXT_ERR_OK;
} else if (ssl == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}
/* Get names */
if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) {
return SSL_CLIENT_HELLO_ERROR;
}
/* Extract the length of the supplied list of names. */
|
︙ | | |
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
|
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
|
-
+
+
+
+
|
/*
* SSL Callbacks
*/
SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */
SSL_set_verify(statePtr->ssl, verify, VerifyCallback);
SSL_CTX_set_info_callback(statePtr->ctx, InfoCallback);
SSL_CTX_sess_set_new_cb(statePtr->ctx, SessionCallback);
/* Create Tcl_Channel BIO Handler */
statePtr->p_bio = BIO_new_tcl(statePtr, BIO_NOCLOSE);
statePtr->bio = BIO_new(BIO_f_ssl());
if (server) {
/* Server callbacks */
SSL_CTX_set_alpn_select_cb(statePtr->ctx, ALPNCallback, (void *)statePtr);
SSL_CTX_set_tlsext_servername_arg(statePtr->ctx, (void *)statePtr);
SSL_CTX_set_tlsext_servername_callback(statePtr->ctx, SNICallback);
SSL_CTX_set_client_hello_cb(statePtr->ctx, HelloCallback, (void *)statePtr);
statePtr->flags |= TLS_TCL_SERVER;
SSL_set_accept_state(statePtr->ssl);
} else {
/* Session caching */
SSL_CTX_set_session_cache_mode(statePtr->ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_CTX_sess_set_new_cb(statePtr->ctx, SessionCallback);
SSL_set_connect_state(statePtr->ssl);
}
SSL_set_bio(statePtr->ssl, statePtr->p_bio, statePtr->p_bio);
BIO_set_ssl(statePtr->bio, statePtr->ssl, BIO_NOCLOSE);
/*
* End of SSL Init
|
︙ | | |