Overview
| Comment: | Merged in trunk |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | tls-1-7 |
| Files: | files | file ages | folders |
| SHA1: |
a87c836d6cf3cddb816c05b7571db462 |
| User & Date: | rkeene on 2016-12-14 14:42:57 |
| Other Links: | branch diff | manifest | tags |
Context
|
2016-12-14
| ||
| 14:43 | TclTLS 1.7.10 check-in: f0d0acd4b5 user: rkeene tags: tls-1-7, tls-1-7-10 | |
| 14:42 | Merged in trunk check-in: a87c836d6c user: rkeene tags: tls-1-7 | |
| 14:40 | Updated EOF while reading from the BIO to map to soft EOF check-in: 24ce678ecd user: rkeene tags: trunk | |
|
2016-12-13
| ||
| 20:23 | TclTLS 1.7.9 check-in: 7b0845cfb3 user: rkeene tags: tls-1-7, tls-1-7-9 | |
Changes
Modified Makefile.in from [db739bcb0b] to [d38aebcfd7].
1 2 3 4 5 6 7 | CC = @CC@ AR = @AR@ RANLIB = @RANLIB@ CFLAGS = @CFLAGS@ @SHOBJFLAGS@ CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ @TCL_DEFS@ LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@ LIBS = @LIBS@ | < > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | CC = @CC@ AR = @AR@ RANLIB = @RANLIB@ CFLAGS = @CFLAGS@ @SHOBJFLAGS@ CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ @TCL_DEFS@ LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@ LIBS = @LIBS@ PACKAGE_VERSION = @PACKAGE_VERSION@ prefix = @prefix@ exec_prefix = @exec_prefix@ libdir = @libdir@ TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@ PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION) INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ VPATH = @srcdir@ all: @EXTENSION_TARGET@ # The shared object target tcltls.@SHOBJEXT@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tcltls.@SHOBJEXT@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS) |
| ︙ | ︙ | |||
31 32 33 34 35 36 37 | tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h Makefile tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h Makefile tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h Makefile # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension | | > | > > > > > > | < < | | 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 | tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h Makefile tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h Makefile tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h Makefile # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension tls.tcl.h: @srcdir@/tls.tcl Makefile od -A n -v -t xC < '@srcdir@/tls.tcl' > tls.tcl.h.new.1 sed 's@ *@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 rm -f tls.tcl.h.new.1 mv tls.tcl.h.new.2 tls.tcl.h # Create default DH parameters dh_params.h: @srcdir@/gen_dh_params Makefile @srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new mv dh_params.h.new dh_params.h # Generic target for building files from the "srcdir" # tree -- the default target will not match paths .c.o: $(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<" # Install the extension install: @EXTENSION_TARGET@ pkgIndex.tcl $(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_PROGRAM) @EXTENSION_TARGET@ '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_DATA) pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' # A convienent helper to undo the installation just done uninstall: rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/@EXTENSION_TARGET@' rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/pkgIndex.tcl' -rmdir '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' # Test target, run the automated test suite test: @EXTENSION_TARGET@ @TCLSH_PROG@ @srcdir@/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)" # Clean the local build directory for rebuild against the same configuration clean: rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o rm -f tcltls.@SHOBJEXT@ rm -f tcltls.@[email protected] tcltls.@[email protected] rm -f tcltls.a.new tcltls.a rm -f tls.tcl.h tls.tcl.h.new.1 tls.tcl.h.new.2 # Clean the local build directory back to what it was after unpacking the # distribution tarball distclean: clean rm -f config.log config.status rm -f dh_params.h.new dh_params.h rm -f Makefile pkgIndex.tcl rm -f tcltls.a.linkadd # Clean the local build directory back to only thing things that exist in # version control system mrproper: distclean rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh rm -f @srcdir@/aclocal.m4 rm -rf @srcdir@/autom4te.cache .PHONY: all install uninstall clean distclean mrproper test |
Modified README.txt from [94b77ef274] to [a76b355724].
| ︙ | ︙ | |||
12 13 14 15 16 17 18 | Full filevent sematics should also be intact - see tests directory for blocking and non-blocking examples. The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g. For best security and function, always compile from source with the latest official release of OpenSSL (http://www.openssl.org/). | | < < < < < < | | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.
The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).
TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
versions of Tcl need to be used.
Non-exclusive credits for TLS are:
Original work: Matt Newman @ Novadigm
Updates: Jeff Hobbs @ ActiveState
Tcl Channel mechanism: Andreas Kupries
Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
SSLtcl (Peter Antman)
This code is licensed under the same terms as the Tcl Core.
|
Modified tls.htm from [98bc92e98c] to [4c4e8f1d42].
| ︙ | ︙ | |||
201 202 203 204 205 206 207 |
client.(<strong>default</strong>: <em>false</em>)</dd>
<dt><strong>-servername</strong> <em>host</em></dt>
<dd>Only available if the OpenSSL library the package is linked
against supports the TLS hostname extension for 'Server Name
Indication' (SNI). Use to name the logical host we are talking
to and expecting a certificate for</dd>
<dt><strong>-ssl2</strong> <em>bool</em></dt>
| | < | | > > > > | 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 |
client.(<strong>default</strong>: <em>false</em>)</dd>
<dt><strong>-servername</strong> <em>host</em></dt>
<dd>Only available if the OpenSSL library the package is linked
against supports the TLS hostname extension for 'Server Name
Indication' (SNI). Use to name the logical host we are talking
to and expecting a certificate for</dd>
<dt><strong>-ssl2</strong> <em>bool</em></dt>
<dd>Enable use of SSL v2. (<strong>default</strong>: <em>false</em>)</dd>
<dt><strong>-ssl3 </strong><em>bool</em></dt>
<dd>Enable use of SSL v3. (<strong>default</strong>: <em>false</em>)</dd>
<dt>-<strong>tls1</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1. (<strong>default</strong>: <em>true</em>)</dd>
<dt>-<strong>tls1.1</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1.1 (<strong>default</strong>: <em>true</em>)</dd>
<dt>-<strong>tls1.2</strong> <em>bool</em></dt>
<dd>Enable use of TLS v1.2 (<strong>default</strong>: <em>true</em>)</dd>
</dl>
</blockquote>
<dl>
<dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt>
<dd>Provided for symmetry to <strong>tls::import</strong>, this
unstacks the SSL-enabling of a regular Tcl channel. An error
|
| ︙ | ︙ |
Modified tlsBIO.c from [561dcc523d] to [c3e8b987ad].
| ︙ | ︙ | |||
125 126 127 128 129 130 131 |
tclErrno = Tcl_GetErrno();
dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());
BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
| | | | 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
tclErrno = Tcl_GetErrno();
dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());
BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
Tcl_SetErrno(ECONNRESET);
ret = 0;
} else if (ret == 0) {
dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
dprintf("Setting retry read flag");
BIO_set_retry_read(bio);
} else if (ret < 0) {
dprintf("We got some kind of I/O error");
|
| ︙ | ︙ | |||
178 179 180 181 182 183 184 |
tclErrno = Tcl_GetErrno();
dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);
BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
| | | | 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
tclErrno = Tcl_GetErrno();
dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);
BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
Tcl_SetErrno(ECONNRESET);
ret = 0;
} else if (ret == 0) {
dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0");
dprintf("Setting retry read flag");
BIO_set_retry_read(bio);
} else if (ret < 0) {
dprintf("We got some kind of I/O error");
|
| ︙ | ︙ |