TclTLS
Check-in [2c0be4cb7f]
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Overview
Comment:Updated callback handlers in tls.tcl to be backwards compatible for earlier TCLTLS versions
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: 2c0be4cb7f3e9fab641aa984d140eb8daf3f619cc74a8512e109b67add3cf8d4
User & Date: bohagan on 2024-07-05 18:03:44
Other Links: branch diff | manifest | tags
Context
2024-07-06
04:17
Made updates to enhance event processing, I/O operations, etc. to address reports of stalled connections, etc. check-in: e3d4330c95 user: bohagan tags: tls-1.8
2024-07-05
18:03
Updated callback handlers in tls.tcl to be backwards compatible for earlier TCLTLS versions check-in: 2c0be4cb7f user: bohagan tags: tls-1.8
2024-07-01
01:08
Changed to send SSL_shutdown as part of BIO close channel handler rather than Tls_Clean. check-in: 1505883e4a user: bohagan tags: tls-1.8
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified library/tls.tcl from [756f51c124] to [746b446198]. 

312
313
314
315
316
317
318
319

320
321
322
323
324
325

326
327
328
329
330
331
332

333
334
335
336
337
338


339
340
341
342
343
344
345
346
347
348
349
350
351

352
353
354
355
356

357
358
359



360
361
362

363
364
365
366
367
368
369
370

371
372
373
374
375
376
377

378
379
380
381
382

383
384
385
386
387

388
389
390
391
392
393

394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410

411
412
413
414
415
416
417

312
313
314
315
316
317
318

319
320





321
322


323
324
325

326
327
328
329
330


331
332
333
334
335
336
337
338
339
340
341
342
343


344
345
346
347
348

349
350
351
352
353
354
355
356
357

358
359
360
361
362
363
364
365

366
367
368


369
370

371
372
373
374
375

376
377
378
379
380

381
382
383
384
385


386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402

403
404
405
406
407
408
409
410








-
+

-
-
-
-
-
+

-
-



-
+




-
-
+
+











-
-
+




-
+



+
+
+


-
+







-
+


-
-


-
+




-
+




-
+




-
-
+
















-
+








	error $err $::errorInfo $::errorCode
    } else {
	log 2 "tls::_accept - called \"$callback\" succeeded"
    }
}

#
# Sample callback for hooking: -
# Sample callback for status data from OpenSSL
#
# error
# verify
# info
#
proc tls::callback {option args} {
proc tls::callback {option chan args} {
    variable debug

    #log 2 [concat $option $args]

    switch -- $option {
	"error" {
	    foreach {chan msg} $args break
	    lassign $args msg

	    log 0 "TLS/$chan: error: $msg"
	}
	"info" {
	    # poor man's lassign
	    foreach {chan major minor msg type} $args break
	    set type ""
	    lassign $args major minor msg type

	    if {$msg != ""} {
		append state ": $msg"
	    }
	    # For tracing
	    upvar #0 tls::$chan cb
	    set cb($major) $minor

	    log 2 "TLS/$chan: $major/$minor: $state"
	}
	"message" {
	    # poor man's lassign
	    foreach {chan direction version content_type msg} $args break
	    lassign $args direction version content_type msg

	    log 0 "TLS/$chan: info: $direction $msg"
	}
	"session" {
	    foreach {chan session_id ticket lifetime} $args break
	    lassign $args session_id ticket lifetime

	    log 0 "TLS/$chan: session: lifetime $lifetime"
	}
	"verify" {
	    return [tls::validate_command $option $chan {*}$args]
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of error, info, or session"
		    must be one of error, info, message, or session"
	}
    }
}

#
# Sample callback when return value is needed
#
proc tls::validate_command {option args} {
proc tls::validate_command {option chan args} {
    variable debug

    #log 2 [concat $option $args]

    switch -- $option {
	"alpn" {
	    foreach {chan protocol match} $args break
	    lassign $args protocol match

	    log 0 "TLS/$chan: alpn: $protocol $match"
	}
	"hello" {
	    foreach {chan servername} $args break
	   lassign $args servername

	    log 0 "TLS/$chan: hello: $servername"
	}
	"sni" {
	    foreach {chan servername} $args break
	    lassign $args servername

	    log 0 "TLS/$chan: sni: $servername"
	}
	"verify" {
	    # poor man's lassign
	    foreach {chan depth cert rc err} $args break
	    lassign $args depth cert rc err

	    array set c $cert

	    if {$rc != "1"} {
		log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)"
	    } else {
		log 2 "TLS/$chan: verify/$depth: $c(subject)"
	    }
	    if {$debug > 0} {
		return 1;	# FORCE OK
	    } else {
		return $rc
	    }
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of alpn, info, or verify"
		    must be one of alpn, hello, sni, or verify"
	}
    }
    return 1
}

proc tls::xhandshake {chan} {
    upvar #0 tls::$chan cb

427
428
429
430
431
432
433
434

435
436
437
438
439
440
441

420
421
422
423
424
425
426

427
428
429
430
431
432
433
434








-
+








	}
	if {$cb(handshake) == "done"} {
	    return 1
	}
    }
}

proc tls::password {rwflag size} {
proc tls::password {{option password} {rwflag 0} {size 0}} {
    log 0 "TLS/Password: did you forget to set your passwd!"
    # Return the worlds best kept secret password.
    return "secret"
}

proc tls::log {level msg} {
    variable debug

Modified tests/certs/README.txt from [9915ad53fa] to [abb4ae58f9].

Modified tests/keytest2.tcl from [9ae291a22a] to [4103d4acae].

Modified tests/oldTests/client.pem from [79c7dcaa3d] to [82f79c6079].

Modified tests/oldTests/tls.tcl from [3ec4a78d72] to [97deb6d14e].

Modified tests/oldTests/tlsAuto.tcl from [c6f69ae9dc] to [b149b6351b].

Modified tests/oldTests/tlsBlocking.tcl from [272e10e79e] to [c022208386].

Modified tests/oldTests/tlsCiphers.tcl from [fc1b7f572b] to [73c4a6ada7].

Modified tests/oldTests/tlsUpload.tcl from [7d5a3a1baa] to [542de50b9a].

Powered by Fossil · RSS