Overview
Comment: | Integrated mjanssen's work on loading certificates and keys as values |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
b08bbeb9a11fd604308fb59d439f2c81 |
User & Date: | rkeene on 2020-05-04 15:10:15 |
Other Links: | manifest | tags |
Context
2020-10-12
| ||
20:32 | add "version" element with SSL/TLS protocol version to tls::status check-in: 9c32a526ed user: resuna tags: trunk | |
2020-05-04
| ||
15:11 | Merged in trunk check-in: 0f00af3bbb user: rkeene tags: tls-1-7 | |
15:10 | Integrated mjanssen's work on loading certificates and keys as values check-in: b08bbeb9a1 user: rkeene tags: trunk | |
15:09 | Only load private key if we loaded a non-default certificate Closed-Leaf check-in: 51a2b1ec9a user: rkeene tags: mjanssen-asn1-certs | |
2019-11-15
| ||
17:15 | Fixed bug where syms file is cleaned in the wrong stage check-in: c82e9cbcbd user: rkeene tags: trunk | |
Changes
Modified tclOpts.h from [aff9aa3b9c] to [1a6cf1121d].
︙ | |||
40 41 42 43 44 45 46 47 48 49 50 51 52 53 | 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | + + + + + | #define OPTBOOL(option, var) \ OPT_PROLOG(option) \ if (Tcl_GetBooleanFromObj(interp, objv[idx],\ &(var)) != TCL_OK) { \ return TCL_ERROR; \ } \ OPT_POSTLOG() #define OPTBYTE(option, var, lvar) \ OPT_PROLOG(option) \ var = Tcl_GetByteArrayFromObj(objv[idx], &(lvar));\ OPT_POSTLOG() #define OPTBAD(type, list) \ Tcl_AppendResult(interp, "bad ", (type), \ " \"", opt, "\": must be ", \ (list), (char *) NULL) #endif /* _TCL_OPTS_H */ |
Modified tls.c from [c565bf20f1] to [93c7ba9ac0].
︙ | |||
58 59 60 61 62 63 64 | 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | + - - + + | static int MiscObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); static int UnimportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, |
︙ | |||
732 733 734 735 736 737 738 | 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 | - - + + + + + + | SSL_CTX *ctx = NULL; Tcl_Obj *script = NULL; Tcl_Obj *password = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; int idx, len; int flags = TLS_TCL_INIT; int server = 0; /* is connection incoming or outgoing? */ |
︙ | |||
791 792 793 794 795 796 797 | 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 | - + - + + + - + + + | char *opt = Tcl_GetStringFromObj(objv[idx], NULL); if (opt[0] != '-') break; OPTSTR( "-cadir", CAdir); OPTSTR( "-cafile", CAfile); |
︙ | |||
883 884 885 886 887 888 889 | 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 | - + + | Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", NULL); Tls_Free((char *) statePtr); return TCL_ERROR; } ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; } else { |
︙ | |||
1052 1053 1054 1055 1056 1057 1058 | 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 | - + + - - + + + + + + + | * Side effects: * constructs SSL context (CTX) * *------------------------------------------------------------------- */ static SSL_CTX * |
︙ | |||
1247 1248 1249 1250 1251 1252 1253 | 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 | + - + + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - + + - - + - + - - - + - - - - - - - - - - - + - - + + | } SSL_CTX_set_tmp_dh(ctx, dh); DH_free(dh); } #endif /* set our certificate */ load_private_key = 0; |
︙ |
Modified tls.htm from [60845f0ae5] to [ef8070e9b1].
︙ | |||
163 164 165 166 167 168 169 | 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 | - + + + + + | <blockquote> <dl> <dt><strong>-cadir</strong> <em>dir</em></dt> <dd>Provide the directory containing the CA certificates.</dd> <dt><strong>-cafile </strong><em>filename</em></dt> <dd>Provide the CA file.</dd> <dt><strong>-certfile</strong> <em>filename</em></dt> |
︙ |
Modified tls.tcl from [75c0c2a68a] to [ae8c7a0664].
︙ | |||
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | + + | variable socketOptionRules { {0 -async sopts 0} {* -myaddr sopts 1} {0 -myport sopts 1} {* -type sopts 1} {* -cadir iopts 1} {* -cafile iopts 1} {* -cert iopts 1} {* -certfile iopts 1} {* -cipher iopts 1} {* -command iopts 1} {* -dhparams iopts 1} {* -key iopts 1} {* -keyfile iopts 1} {* -password iopts 1} {* -request iopts 1} {* -require iopts 1} {* -autoservername discardOpts 1} {* -servername iopts 1} {* -ssl2 iopts 1} |
︙ |