︙ | | |
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
|
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
|
-
-
-
+
+
+
-
+
|
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"
ac_header_c_list=
ac_subst_vars='LTLIBOBJS
TCLSH_PROG
TCLTLS_SSL_INCLUDES
TCLTLS_SSL_CFLAGS
TCLTLS_SSL_LIBS
TCLTLS_SSL_LIBS
TCLTLS_SSL_INCLUDES
TCLTLS_SSL_CFLAGS
GEN_DH_PARAMS_ARGS
PKG_CONFIG
VC_MANIFEST_EMBED_EXE
VC_MANIFEST_EMBED_DLL
RANLIB_STUB
PKG_STUB_LIB_FILE
MAKE_STUB_LIB
MAKE_STATIC_LIB
MAKE_SHARED_LIB
MAKE_LIB
EGREP
GREP
LDFLAGS_DEFAULT
|
︙ | | |
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
|
716
717
718
719
720
721
722
723
724
725
726
727
728
729
|
-
|
PKG_CFLAGS
PKG_LIBS
PKG_INCLUDES
PKG_HEADERS
PKG_TCL_SOURCES
PKG_STUB_OBJECTS
PKG_STUB_SOURCES
PKG_STUB_LIB_FILE
PKG_LIB_FILE9
PKG_LIB_FILE8
PKG_LIB_FILE
EXEEXT
CYGPATH
target_alias
host_alias
|
︙ | | |
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
|
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
|
-
-
-
-
-
+
+
+
|
enable_64bit_vis
enable_rpath
enable_symbols
enable_tls1
enable_tls1_1
enable_tls1_2
enable_tls1_3
enable_deterministic
with_builtin_dh_params_size
enable_ssl_fastpath
enable_hardening
enable_static_ssl
with_openssl_dir
with_openssl_includedir
with_openssl_libdir
with_openssl_pkgconfig
'
ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
LDFLAGS
LIBS
CPPFLAGS
CPP
TCLTLS_SSL_LIBS
TCLTLS_SSL_CFLAGS
TCLTLS_SSL_INCLUDES'
TCLTLS_SSL_CFLAGS
TCLTLS_SSL_INCLUDES
TCLTLS_SSL_LIBS'
# Initialize some variables set by options.
ac_init_help=
ac_init_version=false
ac_unrecognized_opts=
ac_unrecognized_sep=
|
︙ | | |
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
|
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
|
-
-
-
-
|
--enable-64bit-vis enable 64bit Sparc VIS support (default: off)
--disable-rpath disable rpath support (default: on)
--enable-symbols build with debugging symbols (default: off)
--disable-tls1 disable TLS1 protocol
--disable-tls1_1 disable TLS1.1 protocol
--disable-tls1_2 disable TLS1.2 protocol
--disable-tls1_3 disable TLS1.3 protocol
--enable-deterministic enable deterministic DH parameters
--enable-ssl-fastpath enable using the underlying file descriptor for
talking directly to the SSL library
--enable-hardening enable hardening attempts
--enable-static-ssl enable static linking to the SSL library
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-tcl directory containing tcl configuration
(tclConfig.sh)
--with-tcl8 Compile for Tcl8 in Tcl9 environment
--with-tclinclude directory containing the public Tcl header files
--with-builtin-dh-params-size=<bits>
specify the size in bits of the built-in,
precomputed, DH params
--with-openssl-dir=<dir>
path to root directory of OpenSSL or LibreSSL
installation
--with-openssl-includedir=<dir>
path to include directory of OpenSSL or LibreSSL
installation
--with-openssl-libdir=<dir>
|
︙ | | |
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
|
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
|
-
-
+
+
|
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CPP C preprocessor
TCLTLS_SSL_LIBS
libraries to pass to the linker for OpenSSL or LibreSSL
TCLTLS_SSL_CFLAGS
C compiler flags for OpenSSL or LibreSSL
TCLTLS_SSL_INCLUDES
C compiler include paths for OpenSSL or LibreSSL
TCLTLS_SSL_LIBS
libraries to pass to the linker for OpenSSL or LibreSSL
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
Report bugs to the package provider.
_ACEOF
ac_status=$?
|
︙ | | |
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
|
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
|
-
-
|
# This package name must be replaced statically for AC_SUBST to work
# Substitute STUB_LIB_FILE in case package creates a stub library too.
# We AC_SUBST these here to ensure they are subst'ed,
# in case the user doesn't call TEA_ADD_...
|
︙ | | |
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
|
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
|
-
+
|
# Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure
# and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var.
#
# A few miscellaneous platform-specific items:
# TEA_ADD_* any platform specific compiler/build info here.
#--------------------------------------------------------------------
CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status dh_params.h.new dh_params.h Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms"
CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms"
if test "${TEA_PLATFORM}" = "windows" ; then
printf "%s\n" "#define BUILD_tls 1" >>confdefs.h
printf "%s\n" "#define WINDOWS 1" >>confdefs.h
CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch"
else
|
︙ | | |
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
|
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
|
+
+
+
-
+
+
-
-
+
+
+
+
+
-
+
+
+
+
|
PACKAGE_LIB_PREFIX=lib${PACKAGE_LIB_PREFIX}
fi
eval eval "PKG_LIB_FILE8=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE9=${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE=${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
fi
# Some packages build their own stubs libraries
if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then
eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a"
else
eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"
fi
if test "$GCC" = "yes"; then
PKG_STUB_LIB_FILE=lib${PKG_STUB_LIB_FILE}
fi
# These aren't needed on Windows (either MSVC or gcc)
RANLIB=:
RANLIB_STUB=:
else
RANLIB_STUB="${RANLIB}"
if test "${SHARED_BUILD}" = "1" ; then
SHLIB_LD_LIBS="${SHLIB_LD_LIBS} ${TCL_STUB_LIB_SPEC}"
if test x"${TK_BIN_DIR}" != x ; then
SHLIB_LD_LIBS="${SHLIB_LD_LIBS} ${TK_STUB_LIB_SPEC}"
fi
eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}"
RANLIB=:
else
eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"
fi
# Some packages build their own stubs libraries
if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then
eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a"
else
eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"
eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"
fi
fi
# These are escaped so that only CFLAGS is picked up at configure time.
# The other values will be substituted at make time.
CFLAGS="${CFLAGS} \${CFLAGS_DEFAULT} \${CFLAGS_WARNING}"
if test "${SHARED_BUILD}" = "1" ; then
CFLAGS="${CFLAGS} \${SHLIB_CFLAGS}"
fi
# Substitute STUB_LIB_FILE in case package creates a stub library too.
#--------------------------------------------------------------------
|
︙ | | |
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
|
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
|
-
+
|
printf "%s\n" "$ac_ct_PKG_CONFIG" >&6; }
else
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_PKG_CONFIG" = x; then
PKG_CONFIG="false"
PKG_CONFIG=""
else
case $cross_compiling:$ac_tool_warned in
yes:)
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
|
︙ | | |
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
|
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
|
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5
printf "%s\n" "'yes'" >&6; }
fi
fi
# Check whether --enable-deterministic was given.
if test ${enable_deterministic+y}
then :
enableval=$enable_deterministic;
tcltls_deterministic="$enableval"
else $as_nop
tcltls_deterministic='no'
fi
if test "$tcltls_deterministic" = 'yes'; then
GEN_DH_PARAMS_ARGS='fallback'
else
GEN_DH_PARAMS_ARGS=''
fi
# Check whether --with-builtin-dh-params-size was given.
if test ${with_builtin_dh_params_size+y}
then :
withval=$with_builtin_dh_params_size;
case $withval in #(
2048|4096|8192) :
;; #(
*) :
as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;;
esac
GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH params" >&5
printf %s "checking for DH params... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GEN_DH_PARAMS_ARGS" >&5
printf "%s\n" "$GEN_DH_PARAMS_ARGS" >&6; }
# Check whether --enable-ssl-fastpath was given.
if test ${enable_ssl_fastpath+y}
then :
enableval=$enable_ssl_fastpath;
tcltls_ssl_fastpath="$enableval"
|
︙ | | |
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
|
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
|
-
-
-
-
-
-
|
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for static linking of openSSL libraries" >&5
printf %s "checking for static linking of openSSL libraries... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TCLEXT_TLS_STATIC_SSL" >&5
printf "%s\n" "$TCLEXT_TLS_STATIC_SSL" >&6; }
# Static lib
pkgConfigExtraArgs=''
if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
pkgConfigExtraArgs='--static'
fi
# Check whether --with-openssl-dir was given.
if test ${with_openssl_dir+y}
then :
withval=$with_openssl_dir;
openssldir="$withval"
|
︙ | | |
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
|
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
|
-
+
-
+
+
+
+
-
+
-
+
-
-
+
+
+
+
+
+
+
|
then :
withval=$with_openssl_includedir;
opensslincludedir="$withval"
else $as_nop
if test -n "$openssldir"; then
opensslincludedir="${openssldir}${PATH_SEPARATOR}include${PATH_SEPARATOR}openssl"
opensslincludedir="$openssldir/include/openssl"
else
opensslincludedir=''
fi
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL include directory" >&5
printf %s "checking for OpenSSL include directory... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslincludedir" >&5
printf "%s\n" "$opensslincludedir" >&6; }
if test -n "$opensslincludedir"; then
if test -f "${opensslincludedir}${PATH_SEPARATOR}ssl.h"; then
if test -f "$opensslincludedir/ssl.h"; then
TCLTLS_SSL_CFLAGS="-I$opensslincludedir"
TCLTLS_SSL_INCLUDES="-I$opensslincludedir"
else
as_fn_error $? "Unable to locate ssl.h" "$LINENO" 5
fi
else
TCLTLS_SSL_CFLAGS="-I$(includedir)/openssl"
TCLTLS_SSL_INCLUDES="-I$(includedir)/openssl"
fi
# Check whether --with-openssl-libdir was given.
if test ${with_openssl_libdir+y}
then :
withval=$with_openssl_libdir;
openssllibdir="$withval"
else $as_nop
if test -n "$openssldir"; then
if test "$do64bit" == 'yes'; then
openssllibdir="${openssldir}${PATH_SEPARATOR}lib64"
openssllibdir="$openssldir/lib64"
else
openssllibdir="${openssldir}${PATH_SEPARATOR}lib"
openssllibdir="$openssldir/lib"
fi
else
openssllibdir=''
fi
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL lib directory" >&5
printf %s "checking for OpenSSL lib directory... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssllibdir" >&5
printf "%s\n" "$openssllibdir" >&6; }
if test -n "$openssllibdir"; then
if test -f "${openssllibdir}${PATH_SEPARATOR}libssl${SHLIB_SUFFIX}"; then
if test -n "$openssllibdir"; then
if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then
if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then
TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl"
else
# Linux and Solaris
TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic"
# HPUX
# -Wl,-a,archive ... -Wl,-a,shared_archive
fi
else
as_fn_error $? "Unable to locate libssl${SHLIB_SUFFIX}" "$LINENO" 5
fi
else
TCLTLS_SSL_LIBS="-lcrypto -lssl"
fi
# Check whether --with-openssl-pkgconfig was given.
if test ${with_openssl_pkgconfig+y}
then :
withval=$with_openssl_pkgconfig;
|
︙ | | |
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
|
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
|
+
+
+
+
+
+
+
+
-
-
-
-
-
+
+
+
+
+
-
-
-
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
|
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL pkgconfig" >&5
printf %s "checking for OpenSSL pkgconfig... " >&6; }
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslpkgconfigdir" >&5
printf "%s\n" "$opensslpkgconfigdir" >&6; }
# Use Package Config tool to get config
pkgConfigExtraArgs=''
if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
pkgConfigExtraArgs='--static'
fi
if test -n "${PKG_CONFIG}"; then
PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}"
if test -n "${opensslpkgconfigdir}"; then
if ! test -f "${opensslpkgconfigdir}${PATH_SEPARATOR}openssl.pc"; then
as_fn_error $? "Unable to locate ${opensslpkgconfigdir}${PATH_SEPARATOR}openssl.pc" "$LINENO" 5
fi
PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}"
if test -n "${opensslpkgconfigdir}"; then
if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then
as_fn_error $? "Unable to locate ${opensslpkgconfigdir}/openssl.pc" "$LINENO" 5
fi
PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}"
export PKG_CONFIG_PATH
fi
PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}"
export PKG_CONFIG_PATH
fi
if test -z "$TCLTLS_SSL_LIBS"; then
TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
if test -z "$TCLTLS_SSL_CFLAGS"; then
TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
if test -z "$TCLTLS_SSL_INCLUDES"; then
TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"
if test -z "$TCLTLS_SSL_LIBS"; then
TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
if test -z "$TCLTLS_SSL_CFLAGS"; then
TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
if test -z "$TCLTLS_SSL_INCLUDES"; then
TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
fi
PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"
fi
#--------------------------------------------------------------------
# Shared libraries and static libraries have different names.
# Also, windows libraries and unix libraries have different names.
# For the OpenSSL version, I chose to use the same library names that
# OpenSSL uses as its default names.
|
︙ | | |
︙ | | |
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
-
-
-
-
-
-
-
-
|
#define TLS_PROTO_TLS1_1 0x08
#define TLS_PROTO_TLS1_2 0x10
#define TLS_PROTO_TLS1_3 0x20
#define ENABLED(flag, mask) (((flag) & (mask)) == (mask))
#define SSLKEYLOGFILE "SSLKEYLOGFILE"
/*
* Static data structures
*/
#ifndef OPENSSL_NO_DH
#include "dh_params.h"
#endif
/*
* Thread-Safe TLS Code
*/
#ifdef TCL_THREADS
#define OPENSSL_THREAD_DEFINES
#include <openssl/opensslconf.h>
|
︙ | | |
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
|
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
|
-
+
|
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("error", -1));
Tcl_ListObjAppendElement(interp, cmdPtr,
Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
if (msg != NULL) {
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(msg, -1));
} else if ((msg = Tcl_GetStringFromObj(Tcl_GetObjResult(interp), NULL)) != NULL) {
} else if ((msg = Tcl_GetStringFromObj(Tcl_GetObjResult(interp), (Tcl_Size *) NULL)) != NULL) {
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(msg, -1));
} else {
listPtr = Tcl_NewListObj(0, NULL);
while ((err = ERR_get_error()) != 0) {
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(ERR_reason_error_string(err), -1));
}
|
︙ | | |
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
|
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
|
-
+
-
-
+
+
-
+
|
}
Tcl_DecrRefCount(cmdPtr);
Tcl_Release((ClientData) statePtr);
/* If successful, pass back password string and truncate if too long */
if (code == TCL_OK) {
int len;
Tcl_Size len;
char *ret = (char *) Tcl_GetStringFromObj(Tcl_GetObjResult(interp), &len);
if (len > size-1) {
len = size-1;
if (len > (Tcl_Size) size-1) {
len = (Tcl_Size) size-1;
}
strncpy(buf, ret, (size_t) len);
buf[len] = '\0';
Tcl_Release((ClientData) interp);
return(len);
return((int) len);
}
Tcl_Release((ClientData) interp);
return -1;
}
/*
*-------------------------------------------------------------------
|
︙ | | |
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
|
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
|
-
+
-
+
|
cmdPtr = Tcl_DuplicateObj(statePtr->callback);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("session", -1));
Tcl_ListObjAppendElement(interp, cmdPtr,
Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
/* Session id */
session_id = SSL_SESSION_get_id(session, &ulen);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(session_id, (int) ulen));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(session_id, (Tcl_Size) ulen));
/* Session ticket */
SSL_SESSION_get0_ticket(session, &ticket, &len2);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(ticket, (int) len2));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewByteArrayObj(ticket, (Tcl_Size) len2));
/* Lifetime - number of seconds */
Tcl_ListObjAppendElement(interp, cmdPtr,
Tcl_NewLongObj((long) SSL_SESSION_get_ticket_lifetime_hint(session)));
/* Eval callback command */
Tcl_IncrRefCount(cmdPtr);
|
︙ | | |
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
|
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
|
-
+
|
servername = (const char *)p;
/* Create command to eval */
cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("hello", -1));
Tcl_ListObjAppendElement(interp, cmdPtr,
Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername, (int) len));
Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername, (Tcl_Size) len));
/* Eval callback command */
Tcl_IncrRefCount(cmdPtr);
if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) {
res = SSL_CLIENT_HELLO_RETRY;
*alert = SSL_R_TLSV1_ALERT_USER_CANCELLED;
} else if (code == 1) {
|
︙ | | |
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
|
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
|
-
+
|
if (objc != 2) {
Tcl_WrongNumArgs(interp, 1, objv, "channel");
return(TCL_ERROR);
}
ERR_clear_error();
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *) NULL), NULL);
if (chan == (Tcl_Channel) NULL) {
return(TCL_ERROR);
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
|
︙ | | |
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
|
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
|
-
+
+
-
+
-
+
-
+
|
Tcl_Channel chan; /* The channel to set a mode on. */
State *statePtr; /* client state for ssl socket */
SSL_CTX *ctx = NULL;
Tcl_Obj *cmdObj = NULL;
Tcl_Obj *passwdObj = NULL;
Tcl_Obj *vcmd = NULL;
Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar;
int idx, len, fn;
int idx;
Tcl_Size fn, len;
int flags = TLS_TCL_INIT;
int server = 0; /* is connection incoming or outgoing? */
char *keyfile = NULL;
char *certfile = NULL;
unsigned char *key = NULL;
int key_len = 0;
Tcl_Size key_len = 0;
unsigned char *cert = NULL;
int cert_len = 0;
Tcl_Size cert_len = 0;
char *ciphers = NULL;
char *ciphersuites = NULL;
char *CAfile = NULL;
char *CAdir = NULL;
char *DHparams = NULL;
char *model = NULL;
char *servername = NULL; /* hostname for Server Name Indication */
const unsigned char *session_id = NULL;
int sess_len = 0;
Tcl_Size sess_len = 0;
Tcl_Obj *alpnObj = NULL;
int ssl2 = 0, ssl3 = 0;
int tls1 = 1, tls1_1 = 1, tls1_2 = 1, tls1_3 = 1;
int proto = 0, level = -1;
int verify = 0, require = 0, request = 1, post_handshake = 0;
dprintf("Called");
|
︙ | | |
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
|
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
|
-
+
|
if (objc < 2) {
Tcl_WrongNumArgs(interp, 1, objv, "channel ?options?");
return TCL_ERROR;
}
ERR_clear_error();
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *) NULL), NULL);
if (chan == (Tcl_Channel) NULL) {
return TCL_ERROR;
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
|
︙ | | |
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
|
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
|
-
-
+
+
|
"\": not a TLS channel", NULL);
Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *) NULL);
Tls_Free((char *) statePtr);
return TCL_ERROR;
}
ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
} else {
if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len,
cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int) key_len,
(int) cert_len, CAdir, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
Tls_Free((char *) statePtr);
return TCL_ERROR;
}
}
statePtr->ctx = ctx;
|
︙ | | |
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
|
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
|
+
-
+
-
+
-
-
-
-
+
+
+
+
|
/* Enable Application-Layer Protocol Negotiation. Examples are: http/1.0,
http/1.1, h2, h3, ftp, imap, pop3, xmpp-client, xmpp-server, mqtt, irc, etc. */
if (alpnObj != NULL) {
/* Convert a TCL list into a protocol-list in wire-format */
unsigned char *protos, *p;
unsigned int protos_len = 0;
Tcl_Size cnt, i;
int i, len, cnt;
int j;
Tcl_Obj **list;
if (Tcl_ListObjGetElements(interp, alpnObj, &cnt, &list) != TCL_OK) {
Tls_Free((char *) statePtr);
return TCL_ERROR;
}
/* Determine the memory required for the protocol-list */
for (i = 0; i < cnt; i++) {
Tcl_GetStringFromObj(list[i], &len);
if (len > 255) {
Tcl_AppendResult(interp, "ALPN protocol name too long", (char *) NULL);
Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL);
Tls_Free((char *) statePtr);
return TCL_ERROR;
}
protos_len += 1 + len;
protos_len += 1 + (int) len;
}
/* Build the complete protocol-list */
protos = ckalloc(protos_len);
/* protocol-lists consist of 8-bit length-prefixed, byte strings */
for (i = 0, p = protos; i < cnt; i++) {
char *str = Tcl_GetStringFromObj(list[i], &len);
*p++ = len;
memcpy(p, str, len);
for (j = 0, p = protos; j < cnt; j++) {
char *str = Tcl_GetStringFromObj(list[j], &len);
*p++ = (unsigned char) len;
memcpy(p, str, (size_t) len);
p += len;
}
/* SSL_set_alpn_protos makes a copy of the protocol-list */
/* Note: This functions reverses the return value convention */
if (SSL_set_alpn_protos(statePtr->ssl, protos, protos_len)) {
Tcl_AppendResult(interp, "failed to set ALPN protocols", (char *) NULL);
|
︙ | | |
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
|
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
|
-
+
-
+
-
+
-
+
-
+
-
+
-
+
|
int off = 0;
int load_private_key;
const SSL_METHOD *method;
dprintf("Called");
if (!proto) {
Tcl_AppendResult(interp, "no valid protocol selected", NULL);
Tcl_AppendResult(interp, "no valid protocol selected", (char *) NULL);
return NULL;
}
/* create SSL context */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2)
if (ENABLED(proto, TLS_PROTO_SSL2)) {
Tcl_AppendResult(interp, "SSL2 protocol not supported", NULL);
Tcl_AppendResult(interp, "SSL2 protocol not supported", (char *) NULL);
return NULL;
}
#endif
#if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3)
if (ENABLED(proto, TLS_PROTO_SSL3)) {
Tcl_AppendResult(interp, "SSL3 protocol not supported", NULL);
Tcl_AppendResult(interp, "SSL3 protocol not supported", (char *) NULL);
return NULL;
}
#endif
#if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1)
if (ENABLED(proto, TLS_PROTO_TLS1)) {
Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", NULL);
Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", (char *) NULL);
return NULL;
}
#endif
#if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1)
if (ENABLED(proto, TLS_PROTO_TLS1_1)) {
Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", NULL);
Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", (char *) NULL);
return NULL;
}
#endif
#if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2)
if (ENABLED(proto, TLS_PROTO_TLS1_2)) {
Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", NULL);
Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", (char *) NULL);
return NULL;
}
#endif
#if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3)
if (ENABLED(proto, TLS_PROTO_TLS1_3)) {
Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", NULL);
Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", (char *) NULL);
return NULL;
}
#endif
if (proto == 0) {
/* Use full range */
SSL_CTX_set_min_proto_version(ctx, 0);
SSL_CTX_set_max_proto_version(ctx, 0);
|
︙ | | |
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
|
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
|
+
+
+
+
-
-
+
+
+
+
+
-
-
+
|
BIO_free(bio);
Tcl_DStringFree(&ds);
if (!dh) {
Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *) NULL);
SSL_CTX_free(ctx);
return NULL;
}
SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
} else {
/* Use well known DH parameters that have built-in support in OpenSSL */
dh = get_dhParams();
}
if (!SSL_CTX_set_dh_auto(ctx, 1)) {
Tcl_AppendResult(interp, "Could not enable set DH auto: ", REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return NULL;
}
SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
}
}
#endif
/* set our certificate */
load_private_key = 0;
if (certfile != NULL) {
load_private_key = 1;
|
︙ | | |
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
|
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
|
-
+
|
if (objc < 2 || objc > 3 || (objc == 3 && !strcmp(Tcl_GetString(objv[1]), "-local"))) {
Tcl_WrongNumArgs(interp, 1, objv, "?-local? channel");
return TCL_ERROR;
}
/* Get channel Id */
channelName = Tcl_GetStringFromObj(objv[(objc == 2 ? 1 : 2)], NULL);
channelName = Tcl_GetStringFromObj(objv[(objc == 2 ? 1 : 2)], (Tcl_Size *) NULL);
chan = Tcl_GetChannel(interp, channelName, &mode);
if (chan == (Tcl_Channel) NULL) {
return TCL_ERROR;
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
|
︙ | | |
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
|
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
|
-
+
|
}
/* Verify mode depth */
LAPPEND_INT(interp, objPtr, "verifyDepth", SSL_get_verify_depth(statePtr->ssl));
/* Report the selected protocol as a result of the negotiation */
SSL_get0_alpn_selected(statePtr->ssl, &proto, &len);
LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (int) len);
LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (Tcl_Size) len);
LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(statePtr->ssl), -1);
/* Valid for non-RSA signature and TLS 1.3 */
if (objc == 2) {
res = SSL_get_peer_signature_nid(statePtr->ssl, &nid);
} else {
res = SSL_get_signature_nid(statePtr->ssl, &nid);
|
︙ | | |
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
|
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
|
-
+
|
const EVP_MD *md;
if (objc != 2) {
Tcl_WrongNumArgs(interp, 1, objv, "channel");
return(TCL_ERROR);
}
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], NULL), NULL);
chan = Tcl_GetChannel(interp, Tcl_GetStringFromObj(objv[1], (Tcl_Size *) NULL), NULL);
if (chan == (Tcl_Channel) NULL) {
return(TCL_ERROR);
}
/* Make sure to operate on the topmost channel */
chan = Tcl_GetTopChannel(chan);
if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
|
︙ | | |
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
|
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
|
-
+
-
+
-
+
-
+
-
+
-
+
-
+
|
size_t len2;
unsigned int ulen;
const unsigned char *session_id, *proto;
char buffer[SSL_MAX_MASTER_KEY_LENGTH];
/* Report the selected protocol as a result of the ALPN negotiation */
SSL_SESSION_get0_alpn_selected(session, &proto, &len2);
LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (int) len2);
LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (Tcl_Size) len2);
/* Report the selected protocol as a result of the NPN negotiation */
#ifdef USE_NPN
SSL_get0_next_proto_negotiated(ssl, &proto, &ulen);
LAPPEND_STR(interp, objPtr, "npn", (char *) proto, (int) ulen);
LAPPEND_STR(interp, objPtr, "npn", (char *) proto, (Tcl_Size) ulen);
#endif
/* Resumable session */
LAPPEND_BOOL(interp, objPtr, "resumable", SSL_SESSION_is_resumable(session));
/* Session start time (seconds since epoch) */
LAPPEND_LONG(interp, objPtr, "start_time", SSL_SESSION_get_time(session));
/* Timeout value - SSL_CTX_get_timeout (in seconds) */
LAPPEND_LONG(interp, objPtr, "timeout", SSL_SESSION_get_timeout(session));
/* Session id - TLSv1.2 and below only */
session_id = SSL_SESSION_get_id(session, &ulen);
LAPPEND_BARRAY(interp, objPtr, "session_id", session_id, (int) ulen);
LAPPEND_BARRAY(interp, objPtr, "session_id", session_id, (Tcl_Size) ulen);
/* Session context */
session_id = SSL_SESSION_get0_id_context(session, &ulen);
LAPPEND_BARRAY(interp, objPtr, "session_context", session_id, (int) ulen);
LAPPEND_BARRAY(interp, objPtr, "session_context", session_id, (Tcl_Size) ulen);
/* Session ticket - client only */
SSL_SESSION_get0_ticket(session, &ticket, &len2);
LAPPEND_BARRAY(interp, objPtr, "session_ticket", ticket, (int) len2);
LAPPEND_BARRAY(interp, objPtr, "session_ticket", ticket, (Tcl_Size) len2);
/* Session ticket lifetime hint (in seconds) */
LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session));
/* Ticket app data */
SSL_SESSION_get0_ticket_appdata(session, &ticket, &len2);
LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (int) len2);
LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (Tcl_Size) len2);
/* Get master key */
len2 = SSL_SESSION_get_master_key(session, buffer, SSL_MAX_MASTER_KEY_LENGTH);
LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (int) len2);
LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (Tcl_Size) len2);
/* Compression id */
unsigned int id = SSL_SESSION_get_compress_id(session);
LAPPEND_STR(interp, objPtr, "compression_id", id == 1 ? "zlib" : "none", -1);
}
/* Compression info */
|
︙ | | |
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
|
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
|
+
-
+
|
*
*-------------------------------------------------------------------
*/
static int
MiscObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
static const char *commands [] = { "req", "strreq", NULL };
enum command { C_REQ, C_STRREQ, C_DUMMY };
Tcl_Size cmd;
int cmd, isStr;
int isStr;
char buffer[16384];
dprintf("Called");
if (objc < 2) {
Tcl_WrongNumArgs(interp, 1, objv, "subcommand ?args?");
return TCL_ERROR;
|
︙ | | |
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
|
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
|
-
+
+
|
switch ((enum command) cmd) {
case C_REQ:
case C_STRREQ: {
EVP_PKEY *pkey=NULL;
X509 *cert=NULL;
X509_NAME *name=NULL;
Tcl_Obj **listv;
int listc,i;
Tcl_Size listc;
int i;
BIO *out=NULL;
char *k_C="",*k_ST="",*k_L="",*k_O="",*k_OU="",*k_CN="",*k_Email="";
char *keyout,*pemout,*str;
int keysize,serial=0,days=365;
|
︙ | | |
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
|
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
|
-
+
-
|
pemout=Tcl_GetString(objv[4]);
if (isStr) {
Tcl_SetVar(interp,keyout,"",0);
Tcl_SetVar(interp,pemout,"",0);
}
if (objc>=6) {
if (Tcl_ListObjGetElements(interp, objv[5],
if (Tcl_ListObjGetElements(interp, objv[5], &listc, &listv) != TCL_OK) {
&listc, &listv) != TCL_OK) {
return TCL_ERROR;
}
if ((listc%2) != 0) {
Tcl_SetResult(interp,"Information list must have even number of arguments",NULL);
return TCL_ERROR;
}
|
︙ | | |
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
|
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
|
-
+
|
}
#endif
if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) {
return TCL_ERROR;
}
if (TlsLibInit(0) != TCL_OK) {
Tcl_AppendResult(interp, "could not initialize SSL library", NULL);
Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL);
return TCL_ERROR;
}
Tcl_CreateObjCommand(interp, "tls::connection", ConnectionInfoObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::handshake", HandshakeObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::import", ImportObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);
|
︙ | | |
︙ | | |
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
-
+
|
int len = 0;
char buffer[1024];
if (astring != NULL) {
len = String_to_Hex(ASN1_STRING_get0_data(astring),
ASN1_STRING_length(astring), buffer, 1024);
}
resultPtr = Tcl_NewStringObj(buffer, len);
resultPtr = Tcl_NewStringObj(buffer, (Tcl_Size) len);
return resultPtr;
}
/*
* Get Key Usage
*/
Tcl_Obj *Tls_x509KeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) {
|
︙ | | |
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
-
+
|
}
if (names = X509_get_ext_d2i(cert, nid, NULL, NULL)) {
for (int i=0; i < sk_GENERAL_NAME_num(names); i++) {
const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, name), bio, buffer, 1024);
LAPPEND_STR(interp, listPtr, NULL, buffer, len);
LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len);
}
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
return listPtr;
}
/*
|
︙ | | |
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
-
+
-
+
|
if (distpoint->type == 0) {
/* full-name GENERALIZEDNAME */
for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
int type;
ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
if (type == GEN_URI) {
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri));
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
}
}
} else if (distpoint->type == 1) {
/* relative-name X509NAME */
STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), ASN1_STRING_length(d));
LAPPEND_STR(interp, listPtr, NULL, ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
}
}
}
CRL_DIST_POINTS_free(crl);
}
return listPtr;
}
|
︙ | | |
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
|
-
+
|
if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) {
for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
ad = sk_ACCESS_DESCRIPTION_value(ads, i);
if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
if (ad->location->type == GEN_URI) {
len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, len));
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, (Tcl_Size) len));
OPENSSL_free(buf);
break;
}
}
}
/* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */
AUTHORITY_INFO_ACCESS_free(ads);
|
︙ | | |
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
|
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
|
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
-
+
|
int sig_nid;
X509_get0_signature(&sig, &sig_alg, cert);
/* sig_nid = X509_get_signature_nid(cert) */
sig_nid = OBJ_obj2nid(sig_alg->algorithm);
LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, buffer, BUFSIZ) : 0;
LAPPEND_STR(interp, certPtr, "signatureValue", buffer, len);
LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len);
}
/* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */
LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1);
/* Unique number assigned by CA to certificate - RFC 5280 section 4.1.2.2 */
len = BIO_to_Buffer(i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "serialNumber", buffer, len);
LAPPEND_STR(interp, certPtr, "serialNumber", buffer, (Tcl_Size) len);
/* Signature algorithm used by the CA to sign the certificate. Must match
signatureAlgorithm. RFC 5280 section 4.1.2.3 */
LAPPEND_STR(interp, certPtr, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1);
/* Issuer identifies the entity that signed and issued the cert. RFC 5280 section 4.1.2.4 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "issuer", buffer, len);
LAPPEND_STR(interp, certPtr, "issuer", buffer, (Tcl_Size) len);
/* Certificate validity period is the interval the CA warrants that it will
maintain info on the status of the certificate. RFC 5280 section 4.1.2.5 */
/* Get Validity - Not Before */
len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notBefore(cert)), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "notBefore", buffer, len);
LAPPEND_STR(interp, certPtr, "notBefore", buffer, (Tcl_Size) len);
/* Get Validity - Not After */
len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notAfter(cert)), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "notAfter", buffer, len);
LAPPEND_STR(interp, certPtr, "notAfter", buffer, (Tcl_Size) len);
/* Subject identifies the entity associated with the public key stored in
the subject public key field. RFC 5280 section 4.1.2.6 */
len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "subject", buffer, len);
LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
/* SHA1 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha1(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, len);
LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) len);
}
/* SHA256 Digest (Fingerprint) of cert - DER representation */
if (X509_digest(cert, EVP_sha256(), md, &len)) {
len = String_to_Hex(md, len, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, len);
LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) len);
}
/* Subject Public Key Info specifies the public key and identifies the
algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
ASN1_BIT_STRING *key;
unsigned int n;
LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1);
LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */
key = X509_get0_pubkey_bitstr(cert);
len = String_to_Hex(key->data, key->length, buffer, BUFSIZ);
LAPPEND_STR(interp, certPtr, "publicKey", buffer, len);
LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len);
len = 0;
if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) {
len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
}
LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, len);
LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len);
/* digest of the DER representation of the certificate */
len = 0;
if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) {
len = String_to_Hex(md, (int)n, buffer, BUFSIZ);
}
LAPPEND_STR(interp, certPtr, "signatureHash", buffer, len);
LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len);
}
/* Certificate Purpose. Call before checking for extensions. */
LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
/* Get extensions flags */
|
︙ | | |
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
|
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
|
-
+
-
+
|
and/or issuer names over time. RFC 5280 section 4.1.2.8 */
{
const ASN1_BIT_STRING *iuid, *suid;
X509_get0_uids(cert, &iuid, &suid);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
if (iuid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, (Tcl_Size) iuid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
if (suid != NULL) {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, (Tcl_Size) suid->length));
} else {
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
}
}
/* X509 v3 Extensions - RFC 5280 section 4.1.2.9 */
LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
|
︙ | | |
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
|
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
|
-
+
-
+
-
+
|
/* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */
/* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
friendlyName attribute (RFC 2985). */
{
len = 0;
char *string = X509_alias_get0(cert, &len);
LAPPEND_STR(interp, certPtr, "alias", string, len);
LAPPEND_STR(interp, certPtr, "alias", string, (Tcl_Size) len);
}
/* Certificate and dump all data */
{
char certStr[CERT_STR_SIZE];
/* Get certificate */
len = BIO_to_Buffer(PEM_write_bio_X509(bio, cert), bio, certStr, CERT_STR_SIZE);
LAPPEND_STR(interp, certPtr, "certificate", certStr, len);
LAPPEND_STR(interp, certPtr, "certificate", certStr, (Tcl_Size) len);
/* Get all cert info */
len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, certStr, CERT_STR_SIZE);
LAPPEND_STR(interp, certPtr, "all", certStr, len);
LAPPEND_STR(interp, certPtr, "all", certStr, (Tcl_Size) len);
}
BIO_free(bio);
return certPtr;
}
|