Check-in [ba5a968fc6]
Overview
Comment:TLS 1.5.0 RELEASED
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk | tls-1-5-0
Files: files | file ages | folders
SHA1: ba5a968fc6eb6f482facd942dcf925eeacaa52c0
User & Date: razzell on 2004-02-17 21:27:20
Other Links: manifest | tags
Context
2004-03-17
17:53
Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280. check-in: 46cae05dcb user: razzell tags: trunk
2004-02-17
21:27
TLS 1.5.0 RELEASED check-in: ba5a968fc6 user: razzell tags: trunk, tls-1-5-0
2004-02-13
02:09
Unify result handling in callback options. check-in: 20fd9291ba user: razzell tags: trunk
Changes

Modified ChangeLog from [06a92d1c72] to [0e9024f29c].





1
2
3
4
5
6
7
1
2
3
4
5
6
7
8
9
10
11
+
+
+
+







2004-02-17  Dan Razzell <[email protected]>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<[email protected]>

	* tls.c:	Allow verify callback to return empty result.
	* tls.htm:	Document callback behaviors.

2004-02-11  Dan Razzell	<[email protected]>

Modified README.txt from [70db8f4bf4] to [bfc624ff8e].

1
2
3
4

5
6
7
8
9







10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
1
2
3

4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27









28
29
30
31
32
33
34



-
+





+
+
+
+
+
+
+











-
-
-
-
-
-
-
-
-







Copyright (C) 1997-2000 Matt Newman <[email protected]>
TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions

$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.5 2003/05/15 21:02:10 razzell Exp $
$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.6 2004/02/17 21:27:20 razzell Exp $

TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.5.0, with binaries built against OpenSSL 0.9.7c.
For best security and function, always compile from source use the latest
official release of OpenSSL.

The TLS 1.4 release requires Tcl 8.2.0+, with 8.3.2+ preferred.  The
stacked channel implementation in Tcl was originally introduced in 8.2.0
(previously the Trf patch) and rewritten for 8.3.2+ due to inherent
limitations in the earlier implementation.  TLS 1.4 should compile with
any stubs-capable Tcl interpreter, but will require 8.2+ when loaded.
There are known limitations in the 8.2.0-8.3.1 stacked channel
implementation, so it is encouraged that people use TLS 1.4+ with an
8.3.2+ Tcl interpreter.  These modifications are by Jeff Hobbs
<[email protected]>.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

This was built (almost) from scratch based upon observation of OpenSSL 0.9.2b.
For correct functioning, use OpenSSL 0.9.6g or later.  This release contains
important fixes to memory management, as well as incorporating the verify
callback correction which appeared in OpenSSL 0.9.6c.  For best security, use
the latest official release of OpenSSL.

Addition credit is due for Andreas Kupries ([email protected]), for
providing the Tcl_ReplaceChannel mechanism and working closely with me
to enhance it to support full fileevent semantics.

Also work done by the follow people provided the impetus to do this "right":-
tclSSL (Colin McCormack, Shared Technology)
SSLtcl (Peter Antman)