Diff
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA

Differences From Artifact [1823f47826]:

To Artifact [afa8cd9482]:


269
270
271
272
273
274
275
276
277


278
279
280
281
282
283






284
285
286
287
288
289
290
269
270
271
272
273
274
275


276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296







-
-
+
+






+
+
+
+
+
+







        <dt><strong>peername</strong> <em>name</em></dt>
        <dd>The peername from the certificate.</dd>
        <dt><strong>sbits</strong> <em>n</em></dt>
        <dd>The number of bits used for the session key.</dd>
        <dt><strong>cipher</strong> <em>cipher</em></dt>
        <dd>The current cipher in use between the client and
            server channels.</dd>
        <dt><strong>validation</strong> <em>result</em></dt>
        <dd>Certificate validation result.</dd>
        <dt><strong>verification<em>result</em></dt>
        <dd>Certificate verification result.</dd>
        <dt><strong>alpn</strong> <em>protocol</em></dt>
        <dd>The protocol selected after Application-Layer Protocol
	    Negotiation (ALPN).</dd>
        <dt><strong>protocol</strong> <em>value</em></dt>
        <dd>The protocol version used for the connection:
	  SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, or unknown</dd>
        <dt><strong>signature_hash</strong> <em>string</em></dt>
        <dd>The signature hash value.</dd>
        <dt><strong>signature_type</strong> <em>type</em></dt>
        <dd>The signature type value.</dd>
        <dt><strong>ca_names</strong> <em>list</em></dt>
        <dd>List of the Certificate Authorities used to create the certificate.</dd>
    </dl>
</blockquote>

    <dt><a name="tls::connection"><strong>tls::connection</strong>
    <em>channel</em></a></dt>
    <dd>Returns the current connection status of an SSL channel. The
        result is a list of key-value pairs describing the
358
359
360
361
362
363
364
365


366
367
368
369
370
371
372
364
365
366
367
368
369
370

371
372
373
374
375
376
377
378
379







-
+
+







	additional information on the cipher. If <em>supported</em>
	is specified as true, then only the ciphers supported for protocol
	will be listed.</dd>

    <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt>
    <dd>Returns a list of supported protocols. Valid values are:
	<b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>,
	and <b>tls1.3</b>.</dd>
	and <b>tls1.3</b>. Exact list depends on OpenSSL version and
	compile time flags.</dd>

    <dt><a name="tls::version"><strong>tls::version</strong></a></dt>
    <dd>Returns the OpenSSL version string.</dd>
</dl>

<h3><a name="CALLBACK OPTIONS">CALLBACK OPTIONS</a></h3>

394
395
396
397
398
399
400
401
402
403




404
405
406
407
408
409
410
401
402
403
404
405
406
407



408
409
410
411
412
413
414
415
416
417
418







-
-
-
+
+
+
+








	<dl>

	<dt>
	  <strong>alpn</strong> <em>protocol</em>
	</dt>
	<dd>
	  This form of callback is invoked when server selects the first
	  -alpn specified protocol common to the client and server. If none,
	  first client one is used.
	  For servers, this form of callback is invoked when the client ALPN
	  header is received and the first -alpn specified protocol common to
	  the both the client and server is selected. If none, the first
	  client specified protocol is used.
	</dd>

	<br>

<!--	This form of callback is disabled.

	<dt>
419
420
421
422
423
424
425
426


427
428
429
430
431
432
433
427
428
429
430
431
432
433

434
435
436
437
438
439
440
441
442







-
+
+







	<br>
-->

	<dt>
	  <strong>hello</strong> <em>servername</em>
	</dt>
	<dd>
	  This form of callback is invoked during client hello message processing.
	  For servers, this form of callback is invoked during client hello
	  message processing.
	</dd>

	<br>

	<dt>
	  <strong>info</strong> <em>channel major minor message</em>
	</dt>
465
466
467
468
469
470
471
472
473
474
475




476
477
478
479
480
481
482
483
484
485
486



487
488
489
490
491
492
493
474
475
476
477
478
479
480




481
482
483
484
485
486
487
488
489
490
491
492
493


494
495
496
497
498
499
500
501
502
503







-
-
-
-
+
+
+
+









-
-
+
+
+








	<br>

	<dt>
	  <strong>sni</strong> <em>servername</em>
	</dt>
	<dd>
	  This form of callback is invoked when the server receives the SNI
	  header from the client where <i>servername</i> is the client
	  specified servername. Used to allow multiple names for
	  same server so the right certificate can be used.
	  For servers, this form of callback is invoked when the SNI header
	  from the client is received. Where <i>servername</i> is the client
	  specified servername. This is used when a server supports multiple
	  names, so the right certificate can be used.
	</dd>

	<br>
	<br>

	<dt>
	  <strong>verify</strong> <em>channel depth cert status error</em>
	</dt>
	<dd>
	  This form of callback is invoked by the OpenSSL function
	  <code>SSL_set_verify()</code>.
	  This form of callback is invoked by OpenSSL when a new certificate
	  is received from the peer. It allows the client to check the
	  certificate verification result and choose whether to continue or not.
	  <br>
	  The <em>depth</em> argument is an integer representing the
	  current depth on the certificate chain, with
	  <code>0</code> as the subject certificate and higher values
	  denoting progressively more indirect issuer certificates.
	  <br>
	  The <em>cert</em> argument is a list of key-value pairs similar