Diff

Differences From Artifact [ec44612f22]:

To Artifact [51bf793bc5]:


650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
650
651
652
653
654
655
656

657
658
659
660
661
662
663







-







Version is the protocol version.

[def [arg content_type]]
Content type is the message content type.

[def [arg message]]
Message is more info from the [const SSL_trace] API.
This argument is new for TclTLS 1.8.

[list_end]

[opt_def session [arg "channelId session_id session_ticket lifetime"]]
This form of callback is invoked by the OpenSSL function
[fun SSL_CTX_sess_set_new_cb()] whenever a new session id is sent by the
server during the initial connection and handshake and also during the session
675
676
677
678
679
680
681
682

683
684
685
686
687
688
689
674
675
676
677
678
679
680

681
682
683
684
685
686
687
688







-
+








[def [arg lifetime]]
Lifetime is the ticket lifetime in seconds.

[list_end]

[opt_def verify [arg "channelId depth cert status error"]]
This callback was moved to the [option -verify_callback] in TclTLS 1.8.
This callback was moved to [option -validatecommand] in TclTLS 1.8.

[list_end]

[subsection "Values for Password Callback"]

The callback for the [option -password] option is invoked by TclTLS whenever OpenSSL needs
to obtain a password. See below for the possible arguments passed to the
823
824
825
826
827
828
829
830

831
832
833
834
835
836
837
838
839
840
841
842
843



844
845
846
847
848
849
850
822
823
824
825
826
827
828

829
830
831
832
833
834
835
836
837
838
839
840


841
842
843
844
845
846
847
848
849
850







-
+











-
-
+
+
+







[emph "The use of the variable [var tls::debug] is not recommended.
It may be removed from future releases."]

[section "Debug Examples"]

These examples use the default Unix platform SSL certificates. For standard
installations, -cadir and -cafile should not be needed. If your certificates
are in non-standard locations, update -cadir or use -cafile as needed.
are in non-standard locations, specify -cadir or -cafile as needed.

[para]

Example #1: Use HTTP package

[example {

package require http
package require tls
set url "https://www.tcl.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs \
    -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1 \
    -command ::tls::callback -password ::tls::password \
    -validatecommand ::tls::validate_command]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

861
862
863
864
865
866
867
868
869
870



871
872
873
874
875
876
877
861
862
863
864
865
866
867



868
869
870
871
872
873
874
875
876
877







-
-
-
+
+
+







[example {

package require tls

set url "www.tcl-lang.org"
set port 443

set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 \
    -alpn {http/1.1} -cadir /etc/ssl/certs -command ::tls::callback \
    -password ::tls::password -validatecommand ::tls::validate_command $url $port]
set ch [tls::socket -autoservername 1 -servername $url -require 1 \
    -alpn {http/1.1} -command ::tls::callback -password ::tls::password \
    -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch

puts $ch "GET / HTTP/1.1"
flush $ch
after 500
set data [read $ch]
897
898
899
900
901
902
903
904

905
906
907
908
909
910
911
897
898
899
900
901
902
903

904
905
906
907
908
909
910
911







-
+








[example {

package require http
package require tls
set url "https://www.tcl.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

923
924
925
926
927
928
929
930

931
932
933
934
935
936
937
923
924
925
926
927
928
929

930
931
932
933
934
935
936
937







-
+








package require http
package require tls

set url "https://wiki.tcl-lang.org/sitemap.xml"
set filename [file tail $url]

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]

# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]

# Cleanup
close $ch