Overview
Comment: | Merged in trunk |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1-7 |
Files: | files | file ages | folders |
SHA1: |
a87c836d6cf3cddb816c05b7571db462 |
User & Date: | rkeene on 2016-12-14 14:42:57 |
Other Links: | branch diff | manifest | tags |
Context
2016-12-14
| ||
14:43 | TclTLS 1.7.10 check-in: f0d0acd4b5 user: rkeene tags: tls-1-7, tls-1-7-10 | |
14:42 | Merged in trunk check-in: a87c836d6c user: rkeene tags: tls-1-7 | |
14:40 | Updated EOF while reading from the BIO to map to soft EOF check-in: 24ce678ecd user: rkeene tags: trunk | |
2016-12-13
| ||
20:23 | TclTLS 1.7.9 check-in: 7b0845cfb3 user: rkeene tags: tls-1-7, tls-1-7-9 | |
Changes
Modified Makefile.in from [db739bcb0b] to [d38aebcfd7].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 .. 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 .. 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 .. 79 80 81 82 83 84 85 86 87 88 |
CC = @[email protected] AR = @[email protected] RANLIB = @[email protected] CFLAGS = @[email protected] @[email protected] CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected] @[email protected] LDFLAGS = @[email protected] @[email protected] LIBS = @[email protected] INSTALL = @[email protected] PACKAGE_VERSION = @[email protected] prefix = @[email protected] exec_prefix = @[email protected] libdir = @[email protected] TCL_PACKAGE_PATH = @[email protected] PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION) VPATH = @[email protected] all: @[email protected] # The shared object target [email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS) ................................................................................ tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h Makefile tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h Makefile tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h Makefile # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension tls.tcl.h: @[email protected]/tls.tcl od -A n -v -t xC < '@[email protected]/tls.tcl' > tls.tcl.h.new.1 sed '[email protected] *@@g;[email protected]@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 rm -f tls.tcl.h.new.1 mv tls.tcl.h.new.2 tls.tcl.h # Create default DH parameters dh_params.h: @[email protected]/gen_dh_params Makefile ................................................................................ # tree -- the default target will not match paths .c.o: $(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<" # Install the extension install: @[email protected] pkgIndex.tcl $(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL) -c @[email protected] pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' # Test target, run the automated test suite test: @[email protected] @[email protected] @[email protected]/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)" # Clean the local build directory for rebuild against the same configuration clean: rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o rm -f [email protected]@ rm -f [email protected]@.a [email protected]@.def rm -f tcltls.a.new tcltls.a rm -f tls.tcl.h.new.1 tls.tcl.h.new.2 @if [ '@[email protected]' != '.' ]; then echo rm -f tls.tcl.h; rm -f tls.tcl.h; fi # Clean the local build directory back to what it was after unpacking the # distribution tarball distclean: clean rm -f config.log config.status rm -f dh_params.h.new dh_params.h rm -f Makefile pkgIndex.tcl ................................................................................ # Clean the local build directory back to only thing things that exist in # version control system mrproper: distclean rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh rm -f @[email protected]/aclocal.m4 rm -rf @[email protected]/autom4te.cache rm -f @[email protected]/tls.tcl.h .PHONY: all install clean distclean mrproper test |
< > > > | > | > > > > > > | < < | |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 .. 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 .. 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 .. 87 88 89 90 91 92 93 94 95 |
CC = @[email protected] AR = @[email protected] RANLIB = @[email protected] CFLAGS = @[email protected] @[email protected] CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected] @[email protected] LDFLAGS = @[email protected] @S[email protected] LIBS = @[email protected] PACKAGE_VERSION = @[email protected] prefix = @[email protected] exec_prefix = @[email protected] libdir = @[email protected] TCL_PACKAGE_PATH = @[email protected] PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION) INSTALL = @[email protected] INSTALL_PROGRAM = @[email protected] INSTALL_DATA = @[email protected] VPATH = @[email protected] all: @[email protected] # The shared object target [email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS) ................................................................................ tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h Makefile tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h Makefile tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h Makefile # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension tls.tcl.h: @[email protected]/tls.tcl Makefile od -A n -v -t xC < '@[email protected]/tls.tcl' > tls.tcl.h.new.1 sed '[email protected] *@@g;[email protected]@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 rm -f tls.tcl.h.new.1 mv tls.tcl.h.new.2 tls.tcl.h # Create default DH parameters dh_params.h: @[email protected]/gen_dh_params Makefile ................................................................................ # tree -- the default target will not match paths .c.o: $(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<" # Install the extension install: @[email protected] pkgIndex.tcl $(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_PROGRAM) @[email protected] '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_DATA) pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' # A convienent helper to undo the installation just done uninstall: rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/@[email protected]' rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/pkgIndex.tcl' -rmdir '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' # Test target, run the automated test suite test: @[email protected] @[email protected] @[email protected]/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)" # Clean the local build directory for rebuild against the same configuration clean: rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o rm -f [email protected]@ rm -f [email protected]@.a [email protected]@.def rm -f tcltls.a.new tcltls.a rm -f tls.tcl.h tls.tcl.h.new.1 tls.tcl.h.new.2 # Clean the local build directory back to what it was after unpacking the # distribution tarball distclean: clean rm -f config.log config.status rm -f dh_params.h.new dh_params.h rm -f Makefile pkgIndex.tcl ................................................................................ # Clean the local build directory back to only thing things that exist in # version control system mrproper: distclean rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh rm -f @[email protected]/aclocal.m4 rm -rf @[email protected]/autom4te.cache .PHONY: all install uninstall clean distclean mrproper test |
Modified README.txt from [94b77ef274] to [a76b355724].
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
Full filevent sematics should also be intact - see tests directory for blocking and non-blocking examples. The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g. For best security and function, always compile from source with the latest official release of OpenSSL (http://www.openssl.org/). TLS requires Tcl 8.2.0+, with 8.3.2+ preferred. The stacked channel implementation in Tcl was originally introduced in 8.2.0 (previously the Trf patch) and rewritten for 8.3.2+ due to inherent limitations in the earlier implementation. TLS should compile with any stubs-capable Tcl interpreter, but will require 8.2+ when loaded. There are known limitations in the 8.2.0-8.3.1 stacked channel implementation, so it is encouraged that people use TLS with an 8.3.2+ Tcl interpreter. These modifications are by Jeff Hobbs. Non-exclusive credits for TLS are: Original work: Matt Newman @ Novadigm Updates: Jeff Hobbs @ ActiveState Tcl Channel mechanism: Andreas Kupries Impetus/Related work: tclSSL (Colin McCormack, Shared Technology) SSLtcl (Peter Antman) This code is licensed under the same terms as the Tcl Core. |
| | < < < < < < |
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
Full filevent sematics should also be intact - see tests directory for blocking and non-blocking examples. The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g. For best security and function, always compile from source with the latest official release of OpenSSL (http://www.openssl.org/). TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older versions of Tcl need to be used. Non-exclusive credits for TLS are: Original work: Matt Newman @ Novadigm Updates: Jeff Hobbs @ ActiveState Tcl Channel mechanism: Andreas Kupries Impetus/Related work: tclSSL (Colin McCormack, Shared Technology) SSLtcl (Peter Antman) This code is licensed under the same terms as the Tcl Core. |
Modified tls.htm from [98bc92e98c] to [4c4e8f1d42].
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 |
client.(<strong>default</strong>: <em>false</em>)</dd> <dt><strong>-servername</strong> <em>host</em></dt> <dd>Only available if the OpenSSL library the package is linked against supports the TLS hostname extension for 'Server Name Indication' (SNI). Use to name the logical host we are talking to and expecting a certificate for</dd> <dt><strong>-ssl2</strong> <em>bool</em></dt> <dd>Enable use of SSL v2. (<strong>default</strong>: <em>true</em> unless -DNO_PATENTS was specified in build)</dd> <dt><strong>-ssl3 </strong><em>bool</em></dt> <dd>Enable use of SSL v3. (<strong>default</strong>: <em>true</em>)</dd> <dt>-<strong>tls1</strong> <em>bool</em></dt> <dd>Enable use of TLS v1. (<strong>default</strong>: <em>false</em>)</dd> </dl> </blockquote> <dl> <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt> <dd>Provided for symmetry to <strong>tls::import</strong>, this unstacks the SSL-enabling of a regular Tcl channel. An error |
| < | | > > > > |
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 |
client.(<strong>default</strong>: <em>false</em>)</dd> <dt><strong>-servername</strong> <em>host</em></dt> <dd>Only available if the OpenSSL library the package is linked against supports the TLS hostname extension for 'Server Name Indication' (SNI). Use to name the logical host we are talking to and expecting a certificate for</dd> <dt><strong>-ssl2</strong> <em>bool</em></dt> <dd>Enable use of SSL v2. (<strong>default</strong>: <em>false</em>)</dd> <dt><strong>-ssl3 </strong><em>bool</em></dt> <dd>Enable use of SSL v3. (<strong>default</strong>: <em>false</em>)</dd> <dt>-<strong>tls1</strong> <em>bool</em></dt> <dd>Enable use of TLS v1. (<strong>default</strong>: <em>true</em>)</dd> <dt>-<strong>tls1.1</strong> <em>bool</em></dt> <dd>Enable use of TLS v1.1 (<strong>default</strong>: <em>true</em>)</dd> <dt>-<strong>tls1.2</strong> <em>bool</em></dt> <dd>Enable use of TLS v1.2 (<strong>default</strong>: <em>true</em>)</dd> </dl> </blockquote> <dl> <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt> <dd>Provided for symmetry to <strong>tls::import</strong>, this unstacks the SSL-enabling of a regular Tcl channel. An error |
Modified tlsBIO.c from [561dcc523d] to [c3e8b987ad].
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
...
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
tclErrno = Tcl_GetErrno(); dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno()); BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); if (tclEofChan && ret <= 0) { dprintf("Got %i from Tcl_WriteRaw, and EOF is set; ret = -1", ret); Tcl_SetErrno(ECONNRESET); ret = -1; } else if (ret == 0) { dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0"); dprintf("Setting retry read flag"); BIO_set_retry_read(bio); } else if (ret < 0) { dprintf("We got some kind of I/O error"); ................................................................................ tclErrno = Tcl_GetErrno(); dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno); BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); if (tclEofChan && ret <= 0) { dprintf("Got %i from Tcl_Read or Tcl_ReadRaw, and EOF is set; ret = -1", ret); Tcl_SetErrno(ECONNRESET); ret = -1; } else if (ret == 0) { dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0"); dprintf("Setting retry read flag"); BIO_set_retry_read(bio); } else if (ret < 0) { dprintf("We got some kind of I/O error"); |
|
|
|
|
|
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
...
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
tclErrno = Tcl_GetErrno(); dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno()); BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); if (tclEofChan && ret <= 0) { dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF"); Tcl_SetErrno(ECONNRESET); ret = 0; } else if (ret == 0) { dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0"); dprintf("Setting retry read flag"); BIO_set_retry_read(bio); } else if (ret < 0) { dprintf("We got some kind of I/O error"); ................................................................................ tclErrno = Tcl_GetErrno(); dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno); BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); if (tclEofChan && ret <= 0) { dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF"); Tcl_SetErrno(ECONNRESET); ret = 0; } else if (ret == 0) { dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0"); dprintf("Setting retry read flag"); BIO_set_retry_read(bio); } else if (ret < 0) { dprintf("We got some kind of I/O error"); |