Check-in [36912df18d]
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2019 Conference, Houston/TX, US, Nov 4-8
Send your abstracts to [email protected]
or submit via the online form by Sep 9.

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix TLS version number. Remove outdated references to Tcl 8.2/8.3.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 36912df18d0adcb601fdeaa5739a753e6181d763
User & Date: apnadkarni 2015-06-06 08:56:28
Context
2015-06-06
09:07
Fix for bug #58. Crash/hang on protocol version negotiation failure. See bug report for analysis. Now we keep track of handshake failures through the HANDSHAKE_FAILURE flag and do not call back into SSL_accept/SSL_connect if handshake had already failed. check-in: 9182f29754 user: apnadkarni tags: trunk
08:56
Fix TLS version number. Remove outdated references to Tcl 8.2/8.3. check-in: 36912df18d user: apnadkarni tags: trunk
07:03
Changed ssleay32s.lib and libeay32s.lib to ssleay32.lib and libeay32.lib respectively to match configure.in and what current openssl builds produce. check-in: 5c5e4986a8 user: apnadkarni tags: trunk
Changes

Changes to tls.htm.

15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
..
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
..
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
...
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
    <dd><a href="#NAME">NAME</a> <dl>
            <dd><strong>tls</strong> - binding to <strong>OpenSSL</strong>
                toolkit.</dd>
        </dl>
    </dd>
    <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd>
    <dd><dl>
            <dd><b>package require Tcl </b><em>?8.2?</em></dd>
            <dd><b>package require tls </b><em>?1.5?</em></dd>
            <dt>&nbsp;</dt>
            <dd><b>tls::init </b><i>?options?</i> </dd>
            <dd><b>tls::socket </b><em>?options? host port</em></dd>
            <dd><b>tls::socket</b><em> ?-server command?
                ?options? port</em></dd>
            <dd><b>tls::handshake</b><em> channel</em></dd>
            <dd><b>tls::status </b><em>?-local? channel</em></dd>
................................................................................
<h3><a name="NAME">NAME</a></h3>

<p><strong>tls</strong> - binding to <strong>OpenSSL</strong>
toolkit.</p>

<h3><a name="SYNOPSIS">SYNOPSIS</a></h3>

<p><b>package require Tcl 8.2</b><br>
<b>package require tls 1.6</b><br>
<br>
<a href="#tls::init"><b>tls::init </b><i>?options?</i><br>
</a><a href="#tls::socket"><b>tls::socket </b><em>?options? host
port</em><br>
<b>tls::socket</b><em> ?-server command? ?options? port</em><br>
</a><a href="#tls::status"><b>tls::status </b><em>?-local? channel</em><br>
................................................................................

<p>This extension provides a generic binding to <a
href="http://www.openssl.org/">OpenSSL</a>, utilizing the
<strong>Tcl_StackChannel</strong>
API for Tcl 8.2 and higher. The sockets behave exactly the same
as channels created using Tcl's built-in <strong>socket</strong>
command with additional options for controlling the SSL session.
To use TLS with an earlier version of Tcl than 8.2, please obtain
TLS 1.3.  Please note that there are known limitations with the
stacked channel implementation prior to 8.3.2, so it is recommended
that TLS is used with an 8.3.2+ interpreter.  The current version
of TLS will work with Tcl 8.2+, it is just more stable with 8.3.2+.
</p>

<h3><a name="COMMANDS">COMMANDS</a></h3>

<p>Typically one would use the <strong>tls::socket </strong>command
which provides compatibility with the native Tcl <strong>socket</strong>
command. In such cases <strong>tls::import</strong> should not be
................................................................................
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>

<p>This example requires a patch to the <strong>http</strong>
module that ships with Tcl - this patch has been submitted for
inclusion in Tcl 8.2.1, but is also provided in the tls directory
if needed. A sample server.pem is provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http
package require tls

http::register https 443 [list ::tls::socket -require 1 -cafile ./server.pem]






|
|







 







|







 







|
|
<
<
<







 







<
<
<
|







15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
..
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
..
71
72
73
74
75
76
77
78
79



80
81
82
83
84
85
86
...
384
385
386
387
388
389
390



391
392
393
394
395
396
397
398
    <dd><a href="#NAME">NAME</a> <dl>
            <dd><strong>tls</strong> - binding to <strong>OpenSSL</strong>
                toolkit.</dd>
        </dl>
    </dd>
    <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd>
    <dd><dl>
            <dd><b>package require Tcl </b><em>?8.4?</em></dd>
            <dd><b>package require tls </b><em>?1.6?</em></dd>
            <dt>&nbsp;</dt>
            <dd><b>tls::init </b><i>?options?</i> </dd>
            <dd><b>tls::socket </b><em>?options? host port</em></dd>
            <dd><b>tls::socket</b><em> ?-server command?
                ?options? port</em></dd>
            <dd><b>tls::handshake</b><em> channel</em></dd>
            <dd><b>tls::status </b><em>?-local? channel</em></dd>
................................................................................
<h3><a name="NAME">NAME</a></h3>

<p><strong>tls</strong> - binding to <strong>OpenSSL</strong>
toolkit.</p>

<h3><a name="SYNOPSIS">SYNOPSIS</a></h3>

<p><b>package require Tcl 8.4</b><br>
<b>package require tls 1.6</b><br>
<br>
<a href="#tls::init"><b>tls::init </b><i>?options?</i><br>
</a><a href="#tls::socket"><b>tls::socket </b><em>?options? host
port</em><br>
<b>tls::socket</b><em> ?-server command? ?options? port</em><br>
</a><a href="#tls::status"><b>tls::status </b><em>?-local? channel</em><br>
................................................................................

<p>This extension provides a generic binding to <a
href="http://www.openssl.org/">OpenSSL</a>, utilizing the
<strong>Tcl_StackChannel</strong>
API for Tcl 8.2 and higher. The sockets behave exactly the same
as channels created using Tcl's built-in <strong>socket</strong>
command with additional options for controlling the SSL session.
To use TLS with an earlier version of Tcl than 8.4, please obtain
TLS 1.3.



</p>

<h3><a name="COMMANDS">COMMANDS</a></h3>

<p>Typically one would use the <strong>tls::socket </strong>command
which provides compatibility with the native Tcl <strong>socket</strong>
command. In such cases <strong>tls::import</strong> should not be
................................................................................
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>




<p>This example uses a sample server.pem provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http
package require tls

http::register https 443 [list ::tls::socket -require 1 -cafile ./server.pem]