Check-in [bed86d3303]
EuroTcl/OpenACS 11 - 12 JULY 2024, VIENNA
Overview
Comment:Merge feature-dump-keys into main
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: bed86d33036e5ba3954f829f4b996af2bf58ed6c1ee6a8cfb108f8901e20c618
User & Date: bohagan on 2023-03-04 16:14:21
Other Links: manifest | tags
Context
2023-03-04
17:58
Minor updates to catch NULL channels. Source: https://www.androwish.org/home/info/982ebf9d31a60440 [982ebf9d31] check-in: 270bf9327b user: bohagan tags: trunk
16:14
Merge feature-dump-keys into main check-in: bed86d3303 user: bohagan tags: trunk
15:44
Merge add-support-alpn into main check-in: 4b4daeada4 user: bohagan tags: trunk
14:51
Added doc update Leaf check-in: e0f002ecb1 user: bohagan tags: feature-dump-keys
Changes

Modified tls.c from [48a25c8f03] to [65324f8bcd].

72
73
74
75
76
77
78


79
80
81
82
83
84
85
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87







+
+







#define TLS_PROTO_SSL3		0x02
#define TLS_PROTO_TLS1		0x04
#define TLS_PROTO_TLS1_1	0x08
#define TLS_PROTO_TLS1_2	0x10
#define TLS_PROTO_TLS1_3	0x20
#define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))

#define SSLKEYLOGFILE		"SSLKEYLOGFILE"

/*
 * Static data structures
 */

#ifndef OPENSSL_NO_DH
#include "dh_params.h"
#endif
400
401
402
403
404
405
406










407
408
409
410
411
412
413
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425







+
+
+
+
+
+
+
+
+
+







	Tcl_BackgroundError(statePtr->interp);
    }
    Tcl_DecrRefCount(cmdPtr);

    Tcl_Release((ClientData) statePtr);
    Tcl_Release((ClientData) statePtr->interp);
}

void KeyLogCallback(const SSL *ssl, const char *line) {
    char *str = getenv(SSLKEYLOGFILE);
    FILE *fd;
    if (str) {
	fd = fopen(str, "a");
	fprintf(fd, "%s\n",line);
	fclose(fd);
    }
}

/*
 *-------------------------------------------------------------------
 *
 * PasswordCallback -- 
 *
 *	Called when a password is needed to unpack RSA and PEM keys.
1242
1243
1244
1245
1246
1247
1248




1249
1250
1251
1252
1253
1254
1255
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271







+
+
+
+







    }
    
    ctx = SSL_CTX_new (method);

    if (!ctx) {
        return(NULL);
    }

    if (getenv(SSLKEYLOGFILE)) {
	SSL_CTX_set_keylog_callback(ctx, KeyLogCallback);
    }

#if !defined(NO_TLS1_3)
    if (proto == TLS_PROTO_TLS1_3) {
        SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION);
        SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION);
    }
#endif

Modified tls.htm from [a801be2344] to [516cdf2a0d].

411
412
413
414
415
416
417






418
419
420
421
422
423
424
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430







+
+
+
+
+
+







<p>
<em>
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="DEBUG">DEBUG</a></h3>

TLS key logging can be enabled by setting the environment variable
<b>SSLKEYLOGFILE</b> to the name of the file to log to. Then whenever TLS
key material is generated or received it will be logged to the file.

<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>

<p>This example uses a sample server.pem provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http