Changes In Branch mjanssen-asn1-certs Through [49278969f2] Excluding Merge-Ins
This is equivalent to a diff from 2c8d3629bc to 49278969f2
2019-06-19
| ||
17:45 | Make hardening optional, disabled by default when statically linking because it requires the linking program to fully participate check-in: 25024a31b0 user: rkeene tags: trunk | |
2019-06-17
| ||
14:27 | Do not expose implementation details in user interface check-in: ef0be0d731 user: mjanssen tags: mjanssen-asn1-certs | |
12:05 | Add support for ASN1 blobs for certificates and keys check-in: 49278969f2 user: mjanssen tags: mjanssen-asn1-certs | |
2019-04-25
| ||
16:51 | Merged in changes from trunk check-in: a64e691ada user: rkeene tags: tls-1-7 | |
2019-04-12
| ||
16:58 | Better handling of shared/static naming issues check-in: 2c8d3629bc user: rkeene tags: trunk | |
2019-04-09
| ||
18:47 | Make extension filename more centralized check-in: 8e730964e5 user: rkeene tags: trunk | |
Modified tclOpts.h from [aff9aa3b9c] to [1a6cf1121d].
︙ | |||
40 41 42 43 44 45 46 47 48 49 50 51 52 53 | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | + + + + + | #define OPTBOOL(option, var) \ OPT_PROLOG(option) \ if (Tcl_GetBooleanFromObj(interp, objv[idx],\ &(var)) != TCL_OK) { \ return TCL_ERROR; \ } \ OPT_POSTLOG() #define OPTBYTE(option, var, lvar) \ OPT_PROLOG(option) \ var = Tcl_GetByteArrayFromObj(objv[idx], &(lvar));\ OPT_POSTLOG() #define OPTBAD(type, list) \ Tcl_AppendResult(interp, "bad ", (type), \ " \"", opt, "\": must be ", \ (list), (char *) NULL) #endif /* _TCL_OPTS_H */ |
Modified tls.c from [c565bf20f1] to [8332b7761d].
︙ | |||
58 59 60 61 62 63 64 | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | + - - + + | static int MiscObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); static int UnimportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, char *cert, unsigned char *key_asn1, unsigned char *cert_asn1, |
︙ | |||
725 726 727 728 729 730 731 | 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 | - - - + + + - - - - - - - - - + + + + + + + + + + + + + - + | ClientData clientData; /* Not used. */ Tcl_Interp *interp; int objc; Tcl_Obj *CONST objv[]; { Tcl_Channel chan; /* The channel to set a mode on. */ State *statePtr; /* client state for ssl socket */ |
︙ | |||
812 813 814 815 816 817 818 | 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 | + + + - + - - - - - - + + + + + + + + | OPTBOOL( "-ssl2", ssl2); OPTBOOL( "-ssl3", ssl3); OPTBOOL( "-tls1", tls1); OPTBOOL( "-tls1.1", tls1_1); OPTBOOL( "-tls1.2", tls1_2); OPTBOOL( "-tls1.3", tls1_3); OPTBYTE("-certasn1", cert_asn1, cert_asn1_len); OPTBYTE("-keyasn1", key_asn1, key_asn1_len); |
︙ | |||
883 884 885 886 887 888 889 | 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 | - - + + + | Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", NULL); Tls_Free((char *) statePtr); return TCL_ERROR; } ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; } else { |
︙ | |||
1052 1053 1054 1055 1056 1057 1058 | 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 | - + + + + + + | * Side effects: * constructs SSL context (CTX) * *------------------------------------------------------------------- */ static SSL_CTX * |
︙ | |||
1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 | 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 | + + + + + + + + + + + + + + + + + + + + + + + | * the SSL context */ if (!SSL_CTX_check_private_key(ctx)) { Tcl_AppendResult(interp, "private key does not match the certificate public key", (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } } else if (cert_asn1 != NULL) { if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) { Tcl_DStringFree(&ds); Tcl_AppendResult(interp, "unable to set certificate from ASN1: ", REASON(), (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } if (key_asn1 == NULL) { key_asn1=cert_asn1; key_asn1_len = cert_asn1_len; } if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) { Tcl_DStringFree(&ds); /* flush the passphrase which might be left in the result */ Tcl_SetResult(interp, NULL, TCL_STATIC); Tcl_AppendResult(interp, "unable to set public key from ASN1: ", REASON(), (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } } else { cert = (char*)X509_get_default_cert_file(); if (SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM) <= 0) { #if 0 |
︙ |
Modified tls.tcl from [75c0c2a68a] to [bc6c1405ca].
︙ | |||
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | + + | variable socketOptionRules { {0 -async sopts 0} {* -myaddr sopts 1} {0 -myport sopts 1} {* -type sopts 1} {* -cadir iopts 1} {* -cafile iopts 1} {* -certasn1 iopts 1} {* -certfile iopts 1} {* -cipher iopts 1} {* -command iopts 1} {* -dhparams iopts 1} {* -keyasn1 iopts 1} {* -keyfile iopts 1} {* -password iopts 1} {* -request iopts 1} {* -require iopts 1} {* -autoservername discardOpts 1} {* -servername iopts 1} {* -ssl2 iopts 1} |
︙ |