577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
|
*
*-------------------------------------------------------------------
*/
static int
SNICallback(const SSL *ssl, int *alert, void *arg) {
State *statePtr = (State*)arg;
Tcl_Interp *interp = statePtr->interp;
/* SSL_CTX* ctx; */
if (!servername || servername[0] == '\0')
return SSL_TLSEXT_ERR_NOACK;
/* Use SSL_set_SSL_CTX to change the SSL connection object to use another
context created from SSL_CTX() for the certificate corresponding to,
the the server name provided by the client. */
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj( "sni", -1));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername , -1));
Tcl_Preserve((ClientData) interp);
|
<
|
|
<
<
<
|
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
|
*
*-------------------------------------------------------------------
*/
static int
SNICallback(const SSL *ssl, int *alert, void *arg) {
State *statePtr = (State*)arg;
Tcl_Interp *interp = statePtr->interp;
Tcl_Obj *cmdPtr;
int code;
char *servername = NULL;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL) {
return SSL_TLSEXT_ERR_OK;
} else if (ssl == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}
servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (!servername || servername[0] == '\0') {
return SSL_TLSEXT_ERR_NOACK;
}
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj( "sni", -1));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername , -1));
Tcl_Preserve((ClientData) interp);
|
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
|
Tcl_Obj *objPtr;
const SSL *ssl;
const SSL_CIPHER *cipher;
const SSL_SESSION *session;
const unsigned char *proto;
unsigned int len;
long mode;
#if defined(HAVE_SSL_COMPRESSION)
const COMP_METHOD *comp;
#endif
|
<
<
<
|
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
|
Tcl_Obj *objPtr;
const SSL *ssl;
const SSL_CIPHER *cipher;
const SSL_SESSION *session;
const unsigned char *proto;
unsigned int len;
long mode;
if (objc != 2) {
Tcl_WrongNumArgs(interp, 1, objv, "channel");
return(TCL_ERROR);
}
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
|
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
|
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_time(session)));
/* Timeout value */
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("timeout", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_timeout(session)));
}
#if defined(HAVE_SSL_COMPRESSION)
comp = SSL_get_current_compression(ssl);
if (comp != NULL) {
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_COMP_get_name(comp), -1));
comp = SSL_get_current_expansion(ssl);
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_COMP_get_name(comp), -1));
}
#endif
/* Server info */
mode = SSL_CTX_get_session_cache_mode(statePtr->ctx);
if (mode & SSL_SESS_CACHE_OFF) {
proto = "off";
} else if (mode & SSL_SESS_CACHE_CLIENT) {
proto = "client";
|
<
>
>
>
|
>
|
|
|
>
>
>
>
|
<
>
|
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
|
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_time(session)));
/* Timeout value */
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("timeout", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_timeout(session)));
}
/* Compression info */
if (ssl != NULL) {
#ifdef HAVE_SSL_COMPRESSION
const COMP_METHOD *comp, *expn;
comp = SSL_get_current_compression(ssl);
expn = SSL_get_current_expansion(ssl);
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("compression", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(comp ? SSL_COMP_get_name(comp) : "NONE", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(expn ? SSL_COMP_get_name(expn) : "NONE", -1));
#else
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("compression", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
#endif
}
/* Server info */
mode = SSL_CTX_get_session_cache_mode(statePtr->ctx);
if (mode & SSL_SESS_CACHE_OFF) {
proto = "off";
} else if (mode & SSL_SESS_CACHE_CLIENT) {
proto = "client";
|