Check-in [22727e2eee]
Overview
Comment:Updated README.txt file.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: 22727e2eee5b18ead1875ef26417154c1ecfbf01ab0653e5cec4f663b8f7a3e8
User & Date: bohagan on 2024-10-26 17:04:46
Other Links: branch diff | manifest | tags
Context
2024-10-26
17:34
Added support for loading CA certificates from virtual file systems. Source: https://core.tcl-lang.org/tcltls/tktview/030c713ca2 check-in: b70fbfd8cf user: bohagan tags: tls-1.8
17:04
Updated README.txt file. check-in: 22727e2eee user: bohagan tags: tls-1.8
16:38
Removed obsolete RCS version strings. Added file header info. check-in: fbdf0eae0a user: bohagan tags: tls-1.8
Changes

Modified README.txt from [36ee4da1c8] to [20f98786f0].

1
2
3
4
5
6
7
8


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33




34

35
36





37
38
39
40
41
42
43
44



45
46
47
48
49

50
51
52
53
54
55
56
57
58


59
60
61
62
63
64
65
1
2
3
4
5
6


7
8




9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

29
30
31
32
33
34
35

36
37
38
39
40
41
42
43
44
45



46
47
48
49
50
51
52

53
54
55
56
57
58
59
60


61
62
63
64
65
66
67
68
69






-
-
+
+
-
-
-
-




















-
+
+
+
+

+

-
+
+
+
+
+





-
-
-
+
+
+




-
+







-
-
+
+







Tool Command Language (TCL) Transport Layer Security (TLS) Extension

Intro
=====

This package provides an extension which implements Secure Socket Layer (SSL)
and Transport Layer Security (TLS) over Transmission Control Protocol (TCP)
network communication channels. It utilizes either the OpenSSL
and Transport Layer Security (TLS) encryption over Transmission Control
Protocol (TCP) network communication channels. It utilizes the OpenSSL library.
software library.

Version 1.9 also provides a cryptography library providing TCL scripts access
to the crypto capabilities of the OpenSSL library.


Description
===========

This extension works by creating a layered TCL Channel on top of an existing
bi-directional channel created by the TLS socket command. All existing socket
functionality is supported, in addition to several new options. Both client
and server modes are supported.


Documentation
=============

See the doc directory for the full usage documentation.


Compatibility
=============

This package requires TCL 8.5 or later.
This package requires TCL 8.5 or later. It will work with TCL 9. If this
extension is built against TCL 8.x it will not work with TCL 9 or vice versa.
It is best to compile both separately then install them with the compatible
TCL versions.


This package is compatible with:
- OpenSSL v1.1.1 or later. See (http://www.openssl.org/
- OpenSSL v1.1.1 or later though 3.2+ is preferred. See (http://www.openssl.org/

Note: There are incompatibilities between OpenSSL 1.1.1 and 3.x, so if this
extension is built against OpenSSL 1.1.1 it will not work with an OpenSSL 3.x
installation or vice versa.


Installation
============

This package uses the Tcl Extension Architecture (TEA) to build and install on
any supported Unix, Mac, or MS Windows system. Either the OpenSSL
software libraries must be built and available prior to building TCL TLS.
This package uses the TCL Extension Architecture (TEA) to build and install on
any supported Unix, Mac, or MS Windows system. It depends on the OpenSSL
libraries being available prior to building the TCLTLS extension.

UNIX and Linux
--------------

The standard TEA config, make and install process is supported.
The standard TEA config, make, and install process is supported.

	$ cd tcltls
	$ ./configure --enable-64bit
	$ make
	$ make test
	$ make install

The supported configure options include all of the standard TEA configure script
options, plus:
The supported configure options include all of the standard TEA configure
script options, plus:

  --disable-tls1          disable TLS1 protocol
  --disable-tls1_1        disable TLS1.1 protocol
  --disable-tls1_2        disable TLS1.2 protocol
  --disable-tls1_3        disable TLS1.3 protocol
  --enable-debug          enable debugging mode and output more status
  --enable-ssl-fastpath   enable using the underlying file descriptor for talking directly to the SSL library
91
92
93
94
95
96
97
98

99
100
101
102


103
104
105
106
107


108
109
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
95
96
97
98
99
100
101

102
103
104


105
106
107
108
109


110
111
112
113
114
115
116
117
118
119
120
121

122
123
124
125
126
127
128
129







-
+


-
-
+
+



-
-
+
+










-
+







	$ make install


Windows
-------

If installing with MinGW, use the TEA build process. If using MS Visual C
(MSVC), see the win/README.txt file for the installation instructions.
(MSVC), see win/README.txt for the build and installation instructions.


Other
-----
Certificate Validation
----------------------

If OpenSSL is not installed on the system, the Certificate Authority (CA)
provided certificates must be downloaded and installed with the software.
The CURL team makes them available at https://curl.se/docs/caextract.html.
Look for the cacert.pem file.
These are used for certificate validation. The CURL team makes them available
at https://curl.se/docs/caextract.html. Look for the cacert.pem file.


Copyrights
==========

Original TLS Copyright (C) 1997-2000 Matt Newman <[email protected]>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.
TLS 1.7      Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState
                                Software Inc, Roy Keene <[email protected]>
TLS 1.8      Copyright (C) 2023 Brian O'Hagan
TLS 1.8     Copyright (C) 2023 Brian O'Hagan

Acknowledgments
===============

Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState

Modified win/makefile.vc from [c7382a6df6] to [4638c1447c].

73
74
75
76
77
78
79



80
81
82
83
84
85
86
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89







+
+
+







$(PRJ_OBJS): $(TMP_DIR)\tls.tcl.h $(TMP_DIR)\tlsUuid.h

# We must define a pkgindex target that will create a pkgIndex.tcl
# file in the $(OUT_DIR) directory. We can just redirect to the
# default-pkgindex target for our sample extension.
pkgindex: default-pkgindex-tea

# Create a C source file version of the script resources for inclusion in the
# build so that only the compiled library file is needed for this extension to
# load and operate.
$(TMP_DIR)\tls.tcl.h: $(LIBDIR)\tls.tcl
	"$(TCLSH)" << $(LIBDIR)\tls.tcl >$(TMP_DIR)\tls.tcl.h
	set in [open [lindex $$argv 0] r]
	while {[gets $$in line] != -1} {
	    switch -regexp -- $$line "^$$" - {^\s*#} continue
	    regsub -all {\\} $$line {\\\\} line
	    regsub -all {"} $$line {\"} line