Check-in [ab1aa551c0]
Overview
Comment:Added more connection status
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: ab1aa551c09f357c6ea1cc7b6b1d7e0bca38de79d4b04ce568d6c5db6e5c6834
User & Date: bohagan on 2024-06-19 20:40:14
Other Links: branch diff | manifest | tags
Context
2024-06-20
01:01
Added support for setting the certificate store check-in: 1cabc3b8f2 user: bohagan tags: tls-1.8
2024-06-19
20:40
Added more connection status check-in: ab1aa551c0 user: bohagan tags: tls-1.8
2024-06-16
20:23
Added shutdown handler check-in: 2e607e483a user: bohagan tags: tls-1.8
Changes

Modified generic/tls.c from [c568200b91] to [1e500c198d].

2090
2091
2092
2093
2094
2095
2096
2097

2098
2099
2100
2101
2102
2103
2104
2090
2091
2092
2093
2094
2095
2096

2097
2098
2099
2100
2101
2102
2103
2104







-
+








    return ctx;
}

/*
 *-------------------------------------------------------------------
 *
 * StatusObjCmd -- return certificate for connected peer.
 * StatusObjCmd -- return certificate for connected peer info.
 *
 * Results:
 *	A standard Tcl result.
 *
 * Side effects:
 *	None.
 *
2264
2265
2266
2267
2268
2269
2270






2271
2272
2273
2274
2275
2276




2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293




















2294
2295
2296
2297
2298
2299
2300
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330







+
+
+
+
+
+






+
+
+
+

















+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+








    objPtr = Tcl_NewListObj(0, NULL);

    /* Connection info */
    statePtr = (State *)Tcl_GetChannelInstanceData(chan);
    ssl = statePtr->ssl;
    if (ssl != NULL) {
	const unsigned char *proto;
	unsigned int ulen;

	/* Initialization finished */
	LAPPEND_BOOL(interp, objPtr, "init_finished", SSL_is_init_finished(ssl));
	
	/* connection state */
	LAPPEND_STR(interp, objPtr, "state", SSL_state_string_long(ssl), -1);

	/* Get SNI requested server name */
	LAPPEND_STR(interp, objPtr, "servername", SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name), -1);

	/* Report the selected protocol as a result of the negotiation */
	SSL_get0_alpn_selected(statePtr->ssl, &proto, &ulen);
	LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (Tcl_Size) ulen);

	/* Get protocol */
	LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1);

	/* Renegotiation allowed */
	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl));

	/* Get security level */
	LAPPEND_INT(interp, objPtr, "security_level", SSL_get_security_level(ssl));

	/* Session info */
	LAPPEND_BOOL(interp, objPtr, "session_reused", SSL_session_reused(ssl));

	/* Is server info */
	LAPPEND_BOOL(interp, objPtr, "is_server", SSL_is_server(ssl));

	/* Is DTLS */
	LAPPEND_BOOL(interp, objPtr, "is_dtls", SSL_is_dtls(ssl));

#if OPENSSL_VERSION_NUMBER >= 0x30200000L
	/* Is QUIC */
	LAPPEND_BOOL(interp, objPtr, "is_quic", SSL_is_quic(ssl));

	/* Is TLS */
	LAPPEND_BOOL(interp, objPtr, "is_tls", SSL_is_tls(ssl));
#endif

	/* DANE TLS authentication */
	LAPPEND_BOOL(interp, objPtr, "dane_auth", SSL_get0_dane(ssl) != NULL);

	/* Waiting for async */
	LAPPEND_BOOL(interp, objPtr, "waiting_for_async", SSL_waiting_for_async(ssl));

	/* Time-out */
	LAPPEND_LONG(interp, objPtr, "time-out", SSL_get_default_timeout(ssl));

	/* Is Certificate Transparency validation enabled */
	LAPPEND_BOOL(interp, objPtr, "ct_enabled", SSL_ct_is_enabled(ssl));
    }

    /* Cipher info */
    cipher = SSL_get_current_cipher(ssl);
    if (cipher != NULL) {
	char buf[BUFSIZ] = {0};
	int bits, alg_bits;