Overview
| Comment: | Added compression state to connection status |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | status_x509 |
| Files: | files | file ages | folders |
| SHA3-256: |
e5975c80729769e56bf9b42920fd3260 |
| User & Date: | bohagan on 2023-06-02 22:23:11 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-06-03
| ||
| 20:55 | Added version and signature to X509 status check-in: 7d59536ee7 user: bohagan tags: status_x509 | |
|
2023-06-02
| ||
| 22:23 | Added compression state to connection status check-in: e5975c8072 user: bohagan tags: status_x509 | |
|
2023-05-29
| ||
| 23:15 | Added server callbacks for ALPN, SNI, and Hello messages check-in: a04a3aef6b user: bohagan tags: status_x509 | |
Changes
Modified doc/tls.html from [276fc85483] to [0abe3d26ae].
| ︙ | ︙ | |||
310 311 312 313 314 315 316 317 318 319 320 321 322 323 |
<dd>Unique session ticket for use in resuming the session.</dd>
<dt><strong>resumable</strong> <em>boolean</em></dt>
<dd>Can the session be resumed or not.</dd>
<dt><strong>start_time</strong> <em>seconds</em></dt>
<dd>Time since session started in seconds since epoch.</dd>
<dt><strong>timeout</strong> <em>seconds</em></dt>
<dd>Max duration of session in seconds before time-out.</dd>
<dt><strong>session_cache_mode</strong> <em>mode</em></dt>
<dd>Server cache mode (client, server, or both).</dd>
</dl>
</blockquote>
<dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
<em>protocol ?verbose? ?supported?</em></a></dt>
| > > > > | 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 |
<dd>Unique session ticket for use in resuming the session.</dd>
<dt><strong>resumable</strong> <em>boolean</em></dt>
<dd>Can the session be resumed or not.</dd>
<dt><strong>start_time</strong> <em>seconds</em></dt>
<dd>Time since session started in seconds since epoch.</dd>
<dt><strong>timeout</strong> <em>seconds</em></dt>
<dd>Max duration of session in seconds before time-out.</dd>
<dt><strong>compression</strong> <em>mode</em></dt>
<dd>Compression method.</dd>
<dt><strong>expansion</strong> <em>mode</em></dt>
<dd>Expansion method.</dd>
<dt><strong>session_cache_mode</strong> <em>mode</em></dt>
<dd>Server cache mode (client, server, or both).</dd>
</dl>
</blockquote>
<dt><a name="tls::ciphers"><strong>tls::ciphers</strong>
<em>protocol ?verbose? ?supported?</em></a></dt>
|
| ︙ | ︙ |
Modified generic/tls.c from [30923f52a9] to [edf428a0fb].
| ︙ | ︙ | |||
577 578 579 580 581 582 583 |
*
*-------------------------------------------------------------------
*/
static int
SNICallback(const SSL *ssl, int *alert, void *arg) {
State *statePtr = (State*)arg;
Tcl_Interp *interp = statePtr->interp;
| < | | < < < | 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 |
*
*-------------------------------------------------------------------
*/
static int
SNICallback(const SSL *ssl, int *alert, void *arg) {
State *statePtr = (State*)arg;
Tcl_Interp *interp = statePtr->interp;
Tcl_Obj *cmdPtr;
int code;
char *servername = NULL;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL) {
return SSL_TLSEXT_ERR_OK;
} else if (ssl == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}
servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (!servername || servername[0] == '\0') {
return SSL_TLSEXT_ERR_NOACK;
}
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj( "sni", -1));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername , -1));
Tcl_Preserve((ClientData) interp);
|
| ︙ | ︙ | |||
1803 1804 1805 1806 1807 1808 1809 |
Tcl_Obj *objPtr;
const SSL *ssl;
const SSL_CIPHER *cipher;
const SSL_SESSION *session;
const unsigned char *proto;
unsigned int len;
long mode;
| < < < | 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 |
Tcl_Obj *objPtr;
const SSL *ssl;
const SSL_CIPHER *cipher;
const SSL_SESSION *session;
const unsigned char *proto;
unsigned int len;
long mode;
if (objc != 2) {
Tcl_WrongNumArgs(interp, 1, objv, "channel");
return(TCL_ERROR);
}
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
|
| ︙ | ︙ | |||
1927 1928 1929 1930 1931 1932 1933 |
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_time(session)));
/* Timeout value */
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("timeout", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_timeout(session)));
}
| < > > > | > | | | > > > > | < > | 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 |
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_time(session)));
/* Timeout value */
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("timeout", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewLongObj(SSL_SESSION_get_timeout(session)));
}
/* Compression info */
if (ssl != NULL) {
#ifdef HAVE_SSL_COMPRESSION
const COMP_METHOD *comp, *expn;
comp = SSL_get_current_compression(ssl);
expn = SSL_get_current_expansion(ssl);
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("compression", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(comp ? SSL_COMP_get_name(comp) : "NONE", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(expn ? SSL_COMP_get_name(expn) : "NONE", -1));
#else
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("compression", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
#endif
}
/* Server info */
mode = SSL_CTX_get_session_cache_mode(statePtr->ctx);
if (mode & SSL_SESS_CACHE_OFF) {
proto = "off";
} else if (mode & SSL_SESS_CACHE_CLIENT) {
proto = "client";
|
| ︙ | ︙ |