Overview
Comment: | Use SSL connection states instead of custom states. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
3d083cdfaf0ed806726d6cbb4e22c241 |
User & Date: | bohagan on 2023-06-05 02:09:41 |
Other Links: | branch diff | manifest | tags |
Context
2023-06-05
| ||
02:47 | More callback error checking. Added session ticket callback handling. Split set client and server session caching callbacks. check-in: e1f08bc122 user: bohagan tags: status_x509 | |
02:09 | Use SSL connection states instead of custom states. check-in: 3d083cdfaf user: bohagan tags: status_x509 | |
2023-06-04
| ||
03:20 | Set host name for certificate checks. Pass peer specified host name to Hello callback. Set host name for certificate checks. This is separate from SNI. Added peername to status command results. Source: https://core.tcl-lang.org/tcltls/tktview/b023257dcf and https://core.tcl-lang.org/tcltls/tktview/3c42b2ba11 check-in: 65f84287e7 user: bohagan tags: status_x509 | |
Changes
Modified generic/tls.c
from [62ec7882d5]
to [a126391165].
︙ | ︙ | |||
764 765 766 767 768 769 770 771 772 773 774 775 776 777 | } if ((objc > 2) && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) { return TCL_ERROR; } if ((objc > 3) && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK) { return TCL_ERROR; } switch ((enum protocol)index) { case TLS_SSL2: #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2) Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL); return TCL_ERROR; #else | > > | 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 | } if ((objc > 2) && Tcl_GetBooleanFromObj(interp, objv[2], &verbose) != TCL_OK) { return TCL_ERROR; } if ((objc > 3) && Tcl_GetBooleanFromObj(interp, objv[3], &use_supported) != TCL_OK) { return TCL_ERROR; } ERR_clear_error(); switch ((enum protocol)index) { case TLS_SSL2: #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2) Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL); return TCL_ERROR; #else |
︙ | ︙ | |||
1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 | #endif #if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3) off |= (ENABLED(proto, TLS_PROTO_TLS1_3) ? 0 : SSL_OP_NO_TLSv1_3); #endif break; } ctx = SSL_CTX_new(method); if (!ctx) { return(NULL); } if (getenv(SSLKEYLOGFILE)) { | > | 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 | #endif #if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3) off |= (ENABLED(proto, TLS_PROTO_TLS1_3) ? 0 : SSL_OP_NO_TLSv1_3); #endif break; } ERR_clear_error(); ctx = SSL_CTX_new(method); if (!ctx) { return(NULL); } if (getenv(SSLKEYLOGFILE)) { |
︙ | ︙ | |||
1887 1888 1889 1890 1891 1892 1893 | objPtr = Tcl_NewListObj(0, NULL); /* Connection info */ statePtr = (State *)Tcl_GetChannelInstanceData(chan); ssl = statePtr->ssl; if (ssl != NULL) { | < < < < < < < < < | | 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 | objPtr = Tcl_NewListObj(0, NULL); /* Connection info */ statePtr = (State *)Tcl_GetChannelInstanceData(chan); ssl = statePtr->ssl; if (ssl != NULL) { /* connection state */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("state", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_state_string_long(ssl), -1)); /* Get server name */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("servername", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name), -1)); /* Get protocol */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("protocol", -1)); |
︙ | ︙ |