Check-in [aaac45cfca]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Simplified code for detecting which SSL protocols to use -- disabled SSLv2 and SSLv3 by default if other options are available
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: aaac45cfca04d7d48962c263ff7f0ac983cdccb3
User & Date: rkeene on 2016-12-13 06:56:11
Other Links: manifest | tags
Context
2016-12-13
07:00
Made SSLv2/SSLv3 compiled in by default (since they are now disabled by default) and made other options more consistently checked check-in: a23045b659 user: rkeene tags: trunk
06:56
Simplified code for detecting which SSL protocols to use -- disabled SSLv2 and SSLv3 by default if other options are available check-in: aaac45cfca user: rkeene tags: trunk
06:47
Removed extraenous cleanup check-in: 5798396954 user: rkeene tags: trunk
Changes

Modified tls.c from [f62df33327] to [6c127f2542].

   730    730       char *CAfile	= NULL;
   731    731       char *CAdir		= NULL;
   732    732       char *DHparams	= NULL;
   733    733       char *model		= NULL;
   734    734   #ifndef OPENSSL_NO_TLSEXT
   735    735       char *servername	= NULL;	/* hostname for Server Name Indication */
   736    736   #endif
   737         -#if defined(NO_SSL2)
   738         -    int ssl2 = 0;
   739         -#else
   740         -    int ssl2 = 1;
   741         -#endif
   742         -#if defined(NO_SSL3)
   743         -    int ssl3 = 0;
   744         -#else
   745         -    int ssl3 = 1;
   746         -#endif
   747         -#if defined(NO_TLS1)
   748         -    int tls1 = 0;
   749         -#else
   750         -    int tls1 = 1;
   751         -#endif
   752         -#if defined(NO_TLS1_1)
   753         -    int tls1_1 = 0;
   754         -#else
   755         -    int tls1_1 = 1;
   756         -#endif
   757         -#if defined(NO_TLS1_2)
   758         -    int tls1_2 = 0;
   759         -#else
   760         -    int tls1_2 = 1;
   761         -#endif
          737  +    int ssl2 = 0, ssl3 = 0;
          738  +    int tls1 = 1, tls1_1 = 1, tls1_2 = 1;
   762    739       int proto = 0;
   763    740       int verify = 0, require = 0, request = 1;
   764    741   
   765    742       dprintf("Called");
          743  +
          744  +#if defined(NO_TLS1) && defined(NO_TLS1_1) && defined(NO_TLS1_2) && defined(NO_SSL3) && !defined(NO_SSL2)
          745  +    ssl2 = 1;
          746  +#endif
          747  +#if defined(NO_TLS1) && defined(NO_TLS1_1) && defined(NO_TLS1_2) && defined(NO_SSL2) && !defined(NO_SSL3)
          748  +    ssl3 = 1;
          749  +#endif
          750  +#if defined(NO_TLS1)
          751  +    tls1 = 0;
          752  +#endif
          753  +#if defined(NO_TLS1_1)
          754  +    tls1_1 = 0;
          755  +#endif
          756  +#if defined(NO_TLS1_2)
          757  +    tls1_2 = 0;
          758  +#endif
   766    759   
   767    760       if (objc < 2) {
   768    761   	Tcl_WrongNumArgs(interp, 1, objv, "channel ?options?");
   769    762   	return TCL_ERROR;
   770    763       }
   771    764   
   772    765       chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);