Check-in [a87c836d6c]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Merged in trunk
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1-7
Files: files | file ages | folders
SHA1: a87c836d6cf3cddb816c05b7571db462cf64dbfb
User & Date: rkeene on 2016-12-14 14:42:57
Other Links: branch diff | manifest | tags
Context
2016-12-14
14:43
TclTLS 1.7.10 check-in: f0d0acd4b5 user: rkeene tags: tls-1-7, tls-1-7-10
14:42
Merged in trunk check-in: a87c836d6c user: rkeene tags: tls-1-7
14:40
Updated EOF while reading from the BIO to map to soft EOF check-in: 24ce678ecd user: rkeene tags: trunk
2016-12-13
20:23
TclTLS 1.7.9 check-in: 7b0845cfb3 user: rkeene tags: tls-1-7, tls-1-7-9
Changes

Modified Makefile.in from [db739bcb0b] to [d38aebcfd7].

1
2
3
4
5
6
7
8
9
10
11
12
13
14



15
16
17
18
19
20
21
..
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
..
50
51
52
53
54
55
56

57






58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
..
79
80
81
82
83
84
85
86
87
88
CC = @[email protected]
AR = @[email protected]
RANLIB = @[email protected]
CFLAGS = @[email protected] @[email protected]
CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected] @[email protected]
LDFLAGS = @[email protected] @[email protected]
LIBS = @[email protected]
INSTALL = @[email protected]
PACKAGE_VERSION = @[email protected]
prefix = @[email protected]
exec_prefix = @[email protected]
libdir = @[email protected]
TCL_PACKAGE_PATH = @[email protected]
PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)



VPATH = @[email protected]

all: @[email protected]

# The shared object target
[email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)
................................................................................
tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h Makefile
tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h Makefile
tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h Makefile

# Create a C-source-ified version of the script resources
# for TclTLS so that we only need a single file to enable
# this extension
tls.tcl.h: @[email protected]/tls.tcl
	od -A n -v -t xC < '@[email protected]/tls.tcl' > tls.tcl.h.new.1
	sed '[email protected]  *@@g;[email protected]@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2
	rm -f tls.tcl.h.new.1
	mv tls.tcl.h.new.2 tls.tcl.h

# Create default DH parameters
dh_params.h: @[email protected]/gen_dh_params Makefile
................................................................................
# tree -- the default target will not match paths
.c.o:
	$(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<"

# Install the extension
install: @[email protected] pkgIndex.tcl
	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'

	$(INSTALL) -c @[email protected] pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'







# Test target, run the automated test suite
test: @[email protected]
	@[email protected] @[email protected]/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)"

# Clean the local build directory for rebuild against the same configuration
clean:
	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
	rm -f [email protected]@
	rm -f [email protected]@.a [email protected]@.def
	rm -f tcltls.a.new tcltls.a
	rm -f tls.tcl.h.new.1 tls.tcl.h.new.2
	@if [ '@[email protected]' != '.' ]; then echo rm -f tls.tcl.h; rm -f tls.tcl.h; fi

# Clean the local build directory back to what it was after unpacking the
# distribution tarball
distclean: clean
	rm -f config.log config.status
	rm -f dh_params.h.new dh_params.h
	rm -f Makefile pkgIndex.tcl
................................................................................

# Clean the local build directory back to only thing things that exist in
# version control system
mrproper: distclean
	rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh
	rm -f @[email protected]/aclocal.m4
	rm -rf @[email protected]/autom4te.cache
	rm -f @[email protected]/tls.tcl.h

.PHONY: all install clean distclean mrproper test






<






>
>
>







 







|







 







>
|
>
>
>
>
>
>











|
<







 







<

|
1
2
3
4
5
6
7

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
..
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
..
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

79
80
81
82
83
84
85
..
87
88
89
90
91
92
93

94
95
CC = @[email protected]
AR = @[email protected]
RANLIB = @[email protected]
CFLAGS = @[email protected] @[email protected]
CPPFLAGS = @[email protected] [email protected]@ -I. @[email protected] @[email protected]
LDFLAGS = @[email protected] @[email protected]
LIBS = @[email protected]

PACKAGE_VERSION = @[email protected]
prefix = @[email protected]
exec_prefix = @[email protected]
libdir = @[email protected]
TCL_PACKAGE_PATH = @[email protected]
PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)
INSTALL = @[email protected]
INSTALL_PROGRAM = @[email protected]
INSTALL_DATA = @[email protected]
VPATH = @[email protected]

all: @[email protected]

# The shared object target
[email protected]@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile
	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o [email protected]@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)
................................................................................
tlsBIO.o: @[email protected]/tlsBIO.c @[email protected]/tlsInt.h Makefile
tlsIO.o: @[email protected]/tlsIO.c @[email protected]/tlsInt.h Makefile
tlsX509.o: @[email protected]/tlsX509.c @[email protected]/tlsInt.h Makefile

# Create a C-source-ified version of the script resources
# for TclTLS so that we only need a single file to enable
# this extension
tls.tcl.h: @[email protected]/tls.tcl Makefile
	od -A n -v -t xC < '@[email protected]/tls.tcl' > tls.tcl.h.new.1
	sed '[email protected]  *@@g;[email protected]@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2
	rm -f tls.tcl.h.new.1
	mv tls.tcl.h.new.2 tls.tcl.h

# Create default DH parameters
dh_params.h: @[email protected]/gen_dh_params Makefile
................................................................................
# tree -- the default target will not match paths
.c.o:
	$(CC) $(CPPFLAGS) $(CFLAGS) -o "[email protected]" -c "$<"

# Install the extension
install: @[email protected] pkgIndex.tcl
	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
	$(INSTALL_PROGRAM) @[email protected] '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
	$(INSTALL_DATA)    pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'

# A convienent helper to undo the installation just done
uninstall:
	rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/@[email protected]'
	rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/pkgIndex.tcl'
	-rmdir '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'

# Test target, run the automated test suite
test: @[email protected]
	@[email protected] @[email protected]/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)"

# Clean the local build directory for rebuild against the same configuration
clean:
	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
	rm -f [email protected]@
	rm -f [email protected]@.a [email protected]@.def
	rm -f tcltls.a.new tcltls.a
	rm -f tls.tcl.h tls.tcl.h.new.1 tls.tcl.h.new.2


# Clean the local build directory back to what it was after unpacking the
# distribution tarball
distclean: clean
	rm -f config.log config.status
	rm -f dh_params.h.new dh_params.h
	rm -f Makefile pkgIndex.tcl
................................................................................

# Clean the local build directory back to only thing things that exist in
# version control system
mrproper: distclean
	rm -f @[email protected]/configure @[email protected]/config.sub @[email protected]/config.guess @[email protected]/install-sh
	rm -f @[email protected]/aclocal.m4
	rm -rf @[email protected]/autom4te.cache


.PHONY: all install uninstall clean distclean mrproper test

Modified README.txt from [94b77ef274] to [a76b355724].

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).

TLS requires Tcl 8.2.0+, with 8.3.2+ preferred.  The stacked channel
implementation in Tcl was originally introduced in 8.2.0 (previously the
Trf patch) and rewritten for 8.3.2+ due to inherent limitations in the
earlier implementation.  TLS should compile with any stubs-capable Tcl
interpreter, but will require 8.2+ when loaded.  There are known
limitations in the 8.2.0-8.3.1 stacked channel implementation, so it is
encouraged that people use TLS with an 8.3.2+ Tcl interpreter.  These
modifications are by Jeff Hobbs.

Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState
   Tcl Channel mechanism: Andreas Kupries
   Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
                         SSLtcl (Peter Antman)

This code is licensed under the same terms as the Tcl Core.






|
|
<
<
<
<
<
<









12
13
14
15
16
17
18
19
20






21
22
23
24
25
26
27
28
29
Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).

TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
versions of Tcl need to be used.







Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState
   Tcl Channel mechanism: Andreas Kupries
   Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
                         SSLtcl (Peter Antman)

This code is licensed under the same terms as the Tcl Core.

Modified tls.htm from [98bc92e98c] to [4c4e8f1d42].

201
202
203
204
205
206
207
208
209
210
211
212
213




214
215
216
217
218
219
220
            client.(<strong>default</strong>: <em>false</em>)</dd>
        <dt><strong>-servername</strong> <em>host</em></dt>
        <dd>Only available if the OpenSSL library the package is linked
	    against supports the TLS hostname extension for 'Server Name
	    Indication' (SNI). Use to name the logical host we are talking
	    to and expecting a certificate for</dd>
        <dt><strong>-ssl2</strong> <em>bool</em></dt>
        <dd>Enable use of SSL v2. (<strong>default</strong>: <em>true</em>
            unless -DNO_PATENTS was specified in build)</dd>
        <dt><strong>-ssl3 </strong><em>bool</em></dt>
        <dd>Enable use of SSL v3. (<strong>default</strong>: <em>true</em>)</dd>
        <dt>-<strong>tls1</strong> <em>bool</em></dt>
        <dd>Enable use of TLS v1. (<strong>default</strong>: <em>false</em>)</dd>




    </dl>
</blockquote>

<dl>
    <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt>
    <dd>Provided for symmetry to <strong>tls::import</strong>, this
      unstacks the SSL-enabling of a regular Tcl channel.  An error






|
<

|

|
>
>
>
>







201
202
203
204
205
206
207
208

209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
            client.(<strong>default</strong>: <em>false</em>)</dd>
        <dt><strong>-servername</strong> <em>host</em></dt>
        <dd>Only available if the OpenSSL library the package is linked
	    against supports the TLS hostname extension for 'Server Name
	    Indication' (SNI). Use to name the logical host we are talking
	    to and expecting a certificate for</dd>
        <dt><strong>-ssl2</strong> <em>bool</em></dt>
        <dd>Enable use of SSL v2. (<strong>default</strong>: <em>false</em>)</dd>

        <dt><strong>-ssl3 </strong><em>bool</em></dt>
        <dd>Enable use of SSL v3. (<strong>default</strong>: <em>false</em>)</dd>
        <dt>-<strong>tls1</strong> <em>bool</em></dt>
        <dd>Enable use of TLS v1. (<strong>default</strong>: <em>true</em>)</dd>
        <dt>-<strong>tls1.1</strong> <em>bool</em></dt>
        <dd>Enable use of TLS v1.1 (<strong>default</strong>: <em>true</em>)</dd>
        <dt>-<strong>tls1.2</strong> <em>bool</em></dt>
        <dd>Enable use of TLS v1.2 (<strong>default</strong>: <em>true</em>)</dd>
    </dl>
</blockquote>

<dl>
    <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt>
    <dd>Provided for symmetry to <strong>tls::import</strong>, this
      unstacks the SSL-enabling of a regular Tcl channel.  An error

Modified tlsBIO.c from [561dcc523d] to [c3e8b987ad].

125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
...
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
	tclErrno = Tcl_GetErrno();

	dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());

	BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);

	if (tclEofChan && ret <= 0) {
		dprintf("Got %i from Tcl_WriteRaw, and EOF is set; ret = -1", ret);
		Tcl_SetErrno(ECONNRESET);
		ret = -1;
	} else if (ret == 0) {
		dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
		dprintf("Setting retry read flag");
		BIO_set_retry_read(bio);
	} else if (ret < 0) {
		dprintf("We got some kind of I/O error");

................................................................................
	tclErrno = Tcl_GetErrno();

	dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);

	BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);

	if (tclEofChan && ret <= 0) {
		dprintf("Got %i from Tcl_Read or Tcl_ReadRaw, and EOF is set; ret = -1", ret);
		Tcl_SetErrno(ECONNRESET);
		ret = -1;
	} else if (ret == 0) {
		dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0");
		dprintf("Setting retry read flag");
		BIO_set_retry_read(bio);
	} else if (ret < 0) {
		dprintf("We got some kind of I/O error");







|

|







 







|

|







125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
...
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
	tclErrno = Tcl_GetErrno();

	dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());

	BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);

	if (tclEofChan && ret <= 0) {
		dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
		Tcl_SetErrno(ECONNRESET);
		ret = 0;
	} else if (ret == 0) {
		dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
		dprintf("Setting retry read flag");
		BIO_set_retry_read(bio);
	} else if (ret < 0) {
		dprintf("We got some kind of I/O error");

................................................................................
	tclErrno = Tcl_GetErrno();

	dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);

	BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);

	if (tclEofChan && ret <= 0) {
		dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
		Tcl_SetErrno(ECONNRESET);
		ret = 0;
	} else if (ret == 0) {
		dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0");
		dprintf("Setting retry read flag");
		BIO_set_retry_read(bio);
	} else if (ret < 0) {
		dprintf("We got some kind of I/O error");