Check-in [070af72ccb]
Overview
Comment:Updated ConnectionInfoObjCmd to localize variables
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | status_x509
Files: files | file ages | folders
SHA3-256: 070af72ccbb9b223ab0ef8aa43f40c48458dbe09c9b97825ed60f9faf33acf93
User & Date: bohagan on 2023-08-19 20:30:51
Other Links: branch diff | manifest | tags
Context
2023-08-19
22:14
Added CA Issuers URL to X509 status check-in: 3b068ff2f6 user: bohagan tags: status_x509
20:30
Updated ConnectionInfoObjCmd to localize variables check-in: 070af72ccb user: bohagan tags: status_x509
18:04
Optimized CiphersObjCmd to use method variable. check-in: 543e7ab6d3 user: bohagan tags: status_x509
Changes

Modified generic/tls.c from [8772a03dc7] to [4969f5a74b].

2182
2183
2184
2185
2186
2187
2188
2189

2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2182
2183
2184
2185
2186
2187
2188

2189
2190
2191
2192

2193
2194
2195
2196
2197
2198
2199







-
+



-







  *
 *-------------------------------------------------------------------
 */

static int ConnectionInfoObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Channel chan;		/* The channel to set a mode on. */
    State *statePtr;		/* client state for ssl socket */
    Tcl_Obj *objPtr;
    Tcl_Obj *objPtr, *listPtr;
    const SSL *ssl;
    const SSL_CIPHER *cipher;
    const SSL_SESSION *session;
    const unsigned char *proto;
    long mode;

    if (objc != 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channel");
	return(TCL_ERROR);
    }

2281
2282
2283
2284
2285
2286
2287
2288

2289
2290
2291
2292
2293
2294
2295
2280
2281
2282
2283
2284
2285
2286

2287
2288
2289
2290
2291
2292
2293
2294







-
+








    /* Session info */
    session = SSL_get_session(ssl);
    if (session != NULL) {
	const unsigned char *ticket;
	size_t len2;
	unsigned int ulen;
	const unsigned char *session_id;
	const unsigned char *session_id, *proto;
	char buffer[SSL_MAX_MASTER_KEY_LENGTH];

	/* Report the selected protocol as a result of the ALPN negotiation */
	SSL_SESSION_get0_alpn_selected(session, &proto, &len2);
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("alpn", -1));
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj((char *)proto, (int) len2));

2358
2359
2360
2361
2362
2363
2364

2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379


















2380

2381
2382
2383
2384
2385
2386
2387
2357
2358
2359
2360
2361
2362
2363
2364















2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391







+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

+







	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("expansion", -1));
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("NONE", -1));
#endif
    }

    /* Server info */
    {
    mode = SSL_CTX_get_session_cache_mode(statePtr->ctx);
    if (mode & SSL_SESS_CACHE_OFF) {
	proto = "off";
    } else if (mode & SSL_SESS_CACHE_CLIENT) {
	proto = "client";
    } else if (mode & SSL_SESS_CACHE_SERVER) {
	proto = "server";
    } else if (mode & SSL_SESS_CACHE_BOTH) {
	proto = "both";
    } else {
	proto = "unknown";
    }
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("session_cache_mode", -1));
    Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(proto, -1));

	mode = SSL_CTX_get_session_cache_mode(statePtr->ctx);
	char *msg;
	
	if (mode & SSL_SESS_CACHE_OFF) {
	    msg = "off";
	} else if (mode & SSL_SESS_CACHE_CLIENT) {
	    msg = "client";
	} else if (mode & SSL_SESS_CACHE_SERVER) {
	    msg = "server";
	} else if (mode & SSL_SESS_CACHE_BOTH) {
	    msg = "both";
	} else {
	    msg = "unknown";
	}
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("session_cache_mode", -1));
	Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(msg, -1));
    }

    /* CA List */
    /* IF not a server, same as SSL_get0_peer_CA_list. If server same as SSL_CTX_get_client_CA_list */
    listPtr = Tcl_NewListObj(0, NULL);
    STACK_OF(X509_NAME) *ca_list;
    if ((ca_list = SSL_get_client_CA_list(ssl)) != NULL) {
	char buffer[BUFSIZ];
	for (int i = 0; i < sk_X509_NAME_num(ca_list); i++) {
	    X509_NAME *name = sk_X509_NAME_value(ca_list, i);
	    if (name) {