︙ | | |
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
|
650
651
652
653
654
655
656
657
658
659
660
661
662
663
|
-
|
Version is the protocol version.
[def [arg content_type]]
Content type is the message content type.
[def [arg message]]
Message is more info from the [const SSL_trace] API.
This argument is new for TclTLS 1.8.
[list_end]
[opt_def session [arg "channelId session_id session_ticket lifetime"]]
This form of callback is invoked by the OpenSSL function
[fun SSL_CTX_sess_set_new_cb()] whenever a new session id is sent by the
server during the initial connection and handshake and also during the session
|
︙ | | |
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
|
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
|
-
+
|
[def [arg lifetime]]
Lifetime is the ticket lifetime in seconds.
[list_end]
[opt_def verify [arg "channelId depth cert status error"]]
This callback was moved to the [option -verify_callback] in TclTLS 1.8.
This callback was moved to [option -validatecommand] in TclTLS 1.8.
[list_end]
[subsection "Values for Password Callback"]
The callback for the [option -password] option is invoked by TclTLS whenever OpenSSL needs
to obtain a password. See below for the possible arguments passed to the
|
︙ | | |
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
|
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
|
-
+
-
-
+
+
+
|
[emph "The use of the variable [var tls::debug] is not recommended.
It may be removed from future releases."]
[section "Debug Examples"]
These examples use the default Unix platform SSL certificates. For standard
installations, -cadir and -cafile should not be needed. If your certificates
are in non-standard locations, update -cadir or use -cafile as needed.
are in non-standard locations, specify -cadir or -cafile as needed.
[para]
Example #1: Use HTTP package
[example {
package require http
package require tls
set url "https://www.tcl.tk/"
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs \
-command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1 \
-command ::tls::callback -password ::tls::password \
-validatecommand ::tls::validate_command]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
|
︙ | | |
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
|
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
|
-
-
-
+
+
+
|
[example {
package require tls
set url "www.tcl-lang.org"
set port 443
set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 \
-alpn {http/1.1} -cadir /etc/ssl/certs -command ::tls::callback \
-password ::tls::password -validatecommand ::tls::validate_command $url $port]
set ch [tls::socket -autoservername 1 -servername $url -require 1 \
-alpn {http/1.1} -command ::tls::callback -password ::tls::password \
-validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch
puts $ch "GET / HTTP/1.1"
flush $ch
after 500
set data [read $ch]
|
︙ | | |
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
|
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
|
-
+
|
[example {
package require http
package require tls
set url "https://www.tcl.tk/"
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
|
︙ | | |
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
|
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
|
-
+
|
package require http
package require tls
set url "https://wiki.tcl-lang.org/sitemap.xml"
set filename [file tail $url]
http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]
# Cleanup
close $ch
|
︙ | | |