Overview
Comment: | Code updates for gcc warnings |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
7e672606f56060cce53c0c7bf9485cee |
User & Date: | bohagan on 2024-02-05 00:55:27 |
Other Links: | manifest | tags |
Context
2024-02-09
| ||
19:24 | Added more error messages and quoted certificate fail message. check-in: e3e0021e31 user: bohagan tags: trunk | |
2024-02-05
| ||
00:55 | Code updates for gcc warnings check-in: 7e672606f5 user: bohagan tags: trunk | |
2024-02-04
| ||
02:58 | Added code to handle unexpected EOF on OpenSSL 3 check-in: 5a33efb87b user: bohagan tags: trunk | |
Changes
Modified generic/tls.c from [893e5c4546] to [76576d8a94].
︙ | |||
290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 | 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 | + + - + | break; case SSL3_RT_HANDSHAKE: type = "Handshake"; break; case SSL3_RT_APPLICATION_DATA: type = "App Data"; break; #if OPENSSL_VERSION_NUMBER < 0x30000000L case DTLS1_RT_HEARTBEAT: type = "Heartbeat"; break; #endif default: type = "unknown"; } /* Needs compile time option "enable-ssl-trace". */ if ((bio = BIO_new(BIO_s_mem())) != NULL) { int n; SSL_trace(write_p, version, content_type, buf, len, ssl, (void *)bio); |
︙ | |||
588 589 590 591 592 593 594 | 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 | - + | * Return codes: * 0 = error where session will be immediately removed from the internal cache. * 1 = success where app retains session in session cache, and must call SSL_SESSION_free() when done. * *------------------------------------------------------------------- */ static int |
︙ | |||
655 656 657 658 659 660 661 | 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 | - + - + - + | * supplied list and the server configuration. The connection will be aborted. * SSL_TLSEXT_ERR_NOACK: ALPN protocol not selected, e.g., because no ALPN * protocols are configured for this connection. The connection continues. * *------------------------------------------------------------------- */ static int |
︙ | |||
777 778 779 780 781 782 783 | 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 | - + | */ static int SNICallback(const SSL *ssl, int *alert, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; |
︙ | |||
844 845 846 847 848 849 850 | 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 | - + | * SSL_CLIENT_HELLO_RETRY: suspend the handshake, and the handshake function will return immediately * SSL_CLIENT_HELLO_ERROR: failure, terminate connection. Set alert to error code. * SSL_CLIENT_HELLO_SUCCESS: success * *------------------------------------------------------------------- */ static int |
︙ | |||
2220 2221 2222 2223 2224 2225 2226 | 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 | - + | /* Get SNI requested server name */ LAPPEND_STR(interp, objPtr, "servername", SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name), -1); /* Get protocol */ LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1); /* Renegotiation allowed */ |
︙ | |||
2293 2294 2295 2296 2297 2298 2299 | 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 | - + | /* Session info */ session = SSL_get_session(ssl); if (session != NULL) { const unsigned char *ticket; size_t len2; unsigned int ulen; const unsigned char *session_id, *proto; |
︙ | |||
2330 2331 2332 2333 2334 2335 2336 | 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 | + - + + | SSL_SESSION_get0_ticket(session, &ticket, &len2); LAPPEND_BARRAY(interp, objPtr, "session_ticket", ticket, (Tcl_Size) len2); /* Session ticket lifetime hint (in seconds) */ LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session)); /* Ticket app data */ #if OPENSSL_VERSION_NUMBER < 0x30000000L |
︙ |
Modified generic/tlsIO.c from [89e79806f0] to [226be28e03].
︙ | |||
69 70 71 72 73 74 75 | 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | - | * Side effects: * Closes the socket of the channel. * *------------------------------------------------------------------- */ static int TlsCloseProc(ClientData instanceData, Tcl_Interp *interp) { State *statePtr = (State *) instanceData; |
︙ | |||
227 228 229 230 231 232 233 | 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 | - + - + - + - + | } else if (backingError == 0 && err == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } |
︙ | |||
365 366 367 368 369 370 371 | 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 | - + | dprintBuffer(buf, bytesRead); break; case SSL_ERROR_SSL: /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ dprintf("SSL error, indicating that the connection has been aborted"); if (backingError != 0) { |
︙ | |||
395 396 397 398 399 400 401 | 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 | - + - + | bytesRead = 0; Tls_Error(statePtr, "EOF reached"); } else if (backingError == 0 && bytesRead == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); bytesRead = -1; |
︙ | |||
563 564 565 566 567 568 569 | 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 | - + - + - + | written = 0; Tls_Error(statePtr, "EOF reached"); } else if (backingError == 0 && written == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); written = -1; |
︙ | |||
944 945 946 947 948 949 950 | 943 944 945 946 947 948 949 950 951 952 | - + | NULL, /* Flush proc */ TlsNotifyProc, /* Handling of events bubbling up */ NULL, /* Wide seek proc */ NULL, /* Thread action */ NULL /* Truncate */ }; |
Modified generic/tlsInt.h from [07c33eb860] to [0918403850].
︙ | |||
170 171 172 173 174 175 176 | 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 | - + - + | int vflags; /* verify flags */ SSL *ssl; /* Struct for SSL processing */ SSL_CTX *ctx; /* SSL Context */ BIO *bio; /* Struct for SSL processing */ BIO *p_bio; /* Parent BIO (that is layered on Tcl_Channel) */ |
︙ |
Modified generic/tlsX509.c from [37e1c520a1] to [ea8ff7e7c8].
︙ | |||
58 59 60 61 62 63 64 | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 | - + - + - + - + - + | const STACK_OF(X509_EXTENSION) *exts; Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); if (listPtr == NULL) { return NULL; } |
︙ | |||
199 200 201 202 203 204 205 | 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 | - + - + | int len; char buffer[1024]; if (listPtr == NULL) { return NULL; } |
︙ | |||
269 270 271 272 273 274 275 | 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 | - + - + - + - + - + - + | STACK_OF(DIST_POINT) *crl; Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); if (listPtr == NULL) { return NULL; } |
︙ | |||
371 372 373 374 375 376 377 378 379 380 381 382 383 384 | 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 | + | */ Tcl_Obj* Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) { Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL); BIO *bio = BIO_new(BIO_s_mem()); int mdnid, pknid, bits, len; unsigned int ulen; uint32_t xflags; char buffer[BUFSIZ]; unsigned char md[EVP_MAX_MD_SIZE]; unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT; flags &= ~ASN1_STRFLGS_ESC_MSB; if (interp == NULL || cert == NULL || bio == NULL || certPtr == NULL) { |
︙ | |||
394 395 396 397 398 399 400 | 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 | - + | const ASN1_BIT_STRING *sig; int sig_nid; X509_get0_signature(&sig, &sig_alg, cert); /* sig_nid = X509_get_signature_nid(cert) */ sig_nid = OBJ_obj2nid(sig_alg->algorithm); LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1); |
︙ | |||
429 430 431 432 433 434 435 | 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 | - - - + + + - - - + + + - + - + - + | /* Subject identifies the entity associated with the public key stored in the subject public key field. RFC 5280 section 4.1.2.6 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ |
︙ | |||
491 492 493 494 495 496 497 | 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 | - + - + | and/or issuer names over time. RFC 5280 section 4.1.2.8 */ { const ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(cert, &iuid, &suid); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { |
︙ | |||
584 585 586 587 588 589 590 | 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 | - - + + + + | /* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */ /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the friendlyName attribute (RFC 2985). */ { len = 0; |
︙ |