Check-in [2c0be4cb7f]
Overview
Comment:Updated callback handlers in tls.tcl to be backwards compatible for earlier TCLTLS versions
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: 2c0be4cb7f3e9fab641aa984d140eb8daf3f619cc74a8512e109b67add3cf8d4
User & Date: bohagan on 2024-07-05 18:03:44
Other Links: branch diff | manifest | tags
Context
2024-07-06
04:17
Made updates to enhance event processing, I/O operations, etc. to address reports of stalled connections, etc. check-in: e3d4330c95 user: bohagan tags: tls-1.8
2024-07-05
18:03
Updated callback handlers in tls.tcl to be backwards compatible for earlier TCLTLS versions check-in: 2c0be4cb7f user: bohagan tags: tls-1.8
2024-07-01
01:08
Changed to send SSL_shutdown as part of BIO close channel handler rather than Tls_Clean. check-in: 1505883e4a user: bohagan tags: tls-1.8
Changes

Modified library/tls.tcl from [756f51c124] to [746b446198].

312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359



360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
	error $err $::errorInfo $::errorCode
    } else {
	log 2 "tls::_accept - called \"$callback\" succeeded"
    }
}

#
# Sample callback for hooking: -
#
# error
# verify
# info
#
proc tls::callback {option args} {
    variable debug

    #log 2 [concat $option $args]

    switch -- $option {
	"error" {
	    foreach {chan msg} $args break

	    log 0 "TLS/$chan: error: $msg"
	}
	"info" {
	    # poor man's lassign
	    foreach {chan major minor msg type} $args break

	    if {$msg != ""} {
		append state ": $msg"
	    }
	    # For tracing
	    upvar #0 tls::$chan cb
	    set cb($major) $minor

	    log 2 "TLS/$chan: $major/$minor: $state"
	}
	"message" {
	    # poor man's lassign
	    foreach {chan direction version content_type msg} $args break

	    log 0 "TLS/$chan: info: $direction $msg"
	}
	"session" {
	    foreach {chan session_id ticket lifetime} $args break

	    log 0 "TLS/$chan: session: lifetime $lifetime"
	}



	default	{
	    return -code error "bad option \"$option\":\
		    must be one of error, info, or session"
	}
    }
}

#
# Sample callback when return value is needed
#
proc tls::validate_command {option args} {
    variable debug

    #log 2 [concat $option $args]

    switch -- $option {
	"alpn" {
	    foreach {chan protocol match} $args break

	    log 0 "TLS/$chan: alpn: $protocol $match"
	}
	"hello" {
	    foreach {chan servername} $args break

	    log 0 "TLS/$chan: hello: $servername"
	}
	"sni" {
	    foreach {chan servername} $args break

	    log 0 "TLS/$chan: sni: $servername"
	}
	"verify" {
	    # poor man's lassign
	    foreach {chan depth cert rc err} $args break

	    array set c $cert

	    if {$rc != "1"} {
		log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)"
	    } else {
		log 2 "TLS/$chan: verify/$depth: $c(subject)"
	    }
	    if {$debug > 0} {
		return 1;	# FORCE OK
	    } else {
		return $rc
	    }
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of alpn, info, or verify"
	}
    }
    return 1
}

proc tls::xhandshake {chan} {
    upvar #0 tls::$chan cb







|

<
<
<
<
|

<
<



|




|
|











<
|




|



>
>
>


|







|


<
<


|




|




|




<
|
















|







312
313
314
315
316
317
318
319
320




321
322


323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343

344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368


369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385

386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
	error $err $::errorInfo $::errorCode
    } else {
	log 2 "tls::_accept - called \"$callback\" succeeded"
    }
}

#
# Sample callback for status data from OpenSSL
#




proc tls::callback {option chan args} {
    variable debug



    switch -- $option {
	"error" {
	    lassign $args msg

	    log 0 "TLS/$chan: error: $msg"
	}
	"info" {
	    set type ""
	    lassign $args major minor msg type

	    if {$msg != ""} {
		append state ": $msg"
	    }
	    # For tracing
	    upvar #0 tls::$chan cb
	    set cb($major) $minor

	    log 2 "TLS/$chan: $major/$minor: $state"
	}
	"message" {

	    lassign $args direction version content_type msg

	    log 0 "TLS/$chan: info: $direction $msg"
	}
	"session" {
	    lassign $args session_id ticket lifetime

	    log 0 "TLS/$chan: session: lifetime $lifetime"
	}
	"verify" {
	    return [tls::validate_command $option $chan {*}$args]
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of error, info, message, or session"
	}
    }
}

#
# Sample callback when return value is needed
#
proc tls::validate_command {option chan args} {
    variable debug



    switch -- $option {
	"alpn" {
	    lassign $args protocol match

	    log 0 "TLS/$chan: alpn: $protocol $match"
	}
	"hello" {
	   lassign $args servername

	    log 0 "TLS/$chan: hello: $servername"
	}
	"sni" {
	    lassign $args servername

	    log 0 "TLS/$chan: sni: $servername"
	}
	"verify" {

	    lassign $args depth cert rc err

	    array set c $cert

	    if {$rc != "1"} {
		log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)"
	    } else {
		log 2 "TLS/$chan: verify/$depth: $c(subject)"
	    }
	    if {$debug > 0} {
		return 1;	# FORCE OK
	    } else {
		return $rc
	    }
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of alpn, hello, sni, or verify"
	}
    }
    return 1
}

proc tls::xhandshake {chan} {
    upvar #0 tls::$chan cb
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
	}
	if {$cb(handshake) == "done"} {
	    return 1
	}
    }
}

proc tls::password {rwflag size} {
    log 0 "TLS/Password: did you forget to set your passwd!"
    # Return the worlds best kept secret password.
    return "secret"
}

proc tls::log {level msg} {
    variable debug







|







420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
	}
	if {$cb(handshake) == "done"} {
	    return 1
	}
    }
}

proc tls::password {{option password} {rwflag 0} {size 0}} {
    log 0 "TLS/Password: did you forget to set your passwd!"
    # Return the worlds best kept secret password.
    return "secret"
}

proc tls::log {level msg} {
    variable debug

Modified tests/certs/README.txt from [9915ad53fa] to [abb4ae58f9].

Modified tests/keytest2.tcl from [9ae291a22a] to [4103d4acae].

Modified tests/oldTests/client.pem from [79c7dcaa3d] to [82f79c6079].

Modified tests/oldTests/tls.tcl from [3ec4a78d72] to [97deb6d14e].

Modified tests/oldTests/tlsAuto.tcl from [c6f69ae9dc] to [b149b6351b].

Modified tests/oldTests/tlsBlocking.tcl from [272e10e79e] to [c022208386].

Modified tests/oldTests/tlsCiphers.tcl from [fc1b7f572b] to [73c4a6ada7].

Modified tests/oldTests/tlsUpload.tcl from [7d5a3a1baa] to [542de50b9a].