TclTLS: Check-in [d3d16ea77f]

Overview

Comment:	Updated to auto set DH parameters. Updated to use well known Diffie-Hellman (DH) parameters that have built-in support in OpenSSL. This means the DH parameters will be selected to be consistent with the size of the key associated with the server's certificate. If there is no certificate (e.g. for PSK ciphersuites), then it it will be consistent with the size of the negotiated symmetric cipher key.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| dh
Files:	files \| file ages \| folders
SHA3-256:	d3d16ea77fa810d88369837ab3361f585c66df9dd26e5c43784bed2f7cf45b98
User & Date:	bohagan on 2023-12-29 03:09:08
Original User & Date:	bohagan on 2023-12-29 03:09:09
Other Links:	branch diff \| manifest \| tags

Context

2023-12-29
03:09		Merged in dh branch check-in: 594dfd3195 user: bohagan tags: trunk
03:09		Updated to auto set DH parameters. Updated to use well known Diffie-Hellman (DH) parameters that have built-in support in OpenSSL. This means the DH parameters will be selected to be consistent with the size of the key associated with the server's certificate. If there is no certificate (e.g. for PSK ciphersuites), then it it will be consistent with the size of the negotiated symmetric cipher key. Leaf check-in: d3d16ea77f user: bohagan tags: dh
00:46		Use env var for OpenSSL executable path. Source: https://core.tcl-lang.org/tcltls/tktview/034c8d2587 check-in: e63b467c48 user: bohagan tags: dh

Changes

Modified Makefile.in from [3d826d82ee] to [5c4bcb5d55].

Modified acinclude.m4 from [a920d53daa] to [7f4a09fb4a].

Modified configure from [4c56eae107] to [3a830b9e57].

Modified configure.ac from [ac9d3aa5eb] to [d5f3ebd9b3].

Deleted generic/gen_dh_params version [6e6f58d906].

Modified generic/tls.c from [7c1b9c1884] to [54886bd843].

Modified win/README.txt from [5b3b0a3a95] to [9a1eb98644].

︙
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73	59 60 61 62 63 64 65 66 67 68 69 70 71 72 73	- +	PKG_LIB_FILE = @PKG_LIB_FILE@ PKG_LIB_FILE8 = @PKG_LIB_FILE8@ PKG_LIB_FILE9 = @PKG_LIB_FILE9@ PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ lib_BINARIES = $(PKG_LIB_FILE) ~~BINARIES = ~~dh_params.h~~ tls.tcl.h $(lib_BINARIES) pkgIndex.tcl~~ BINARIES = tls.tcl.h $(lib_BINARIES) pkgIndex.tcl SHELL = @SHELL@ srcdir = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@
︙
156 157 158 159 160 161 162 ~~163~~ 164 165 166 167 168 169 170	156 157 158 159 160 161 162 163 164 165 166 167 168 169 170	- +	# that your library may use. TCL_DEFS can actually be a problem if # you do not compile with a similar machine setup as the Tcl core was # compiled with. #DEFS = $(TCL_DEFS) @DEFS@ $(PKG_CFLAGS) DEFS = @DEFS@ $(PKG_CFLAGS) # Move pkgIndex.tcl to 'BINARIES' var if it is generated in the Makefile ~~CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl ~~generic/dh_params.h~~ generic/tls.tcl.h~~ CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl generic/tls.tcl.h CLEANFILES = @CLEANFILES@ CPPFLAGS = @CPPFLAGS@ LIBS = @PKG_LIBS@ @LIBS@ AR = @AR@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@
︙
318 319 320 321 322 323 324 ~~325 326 327 328 329~~ 330 331 332 333 334 335 336	318 319 320 321 322 323 324 325 326 327 328 329 330 331	- - - - -	# this extension tls.tcl.h: @srcdir@/library/tls.tcl Makefile od -A n -v -t xC < '@srcdir@/library/tls.tcl' > tls.tcl.h.new.1 sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 rm -f tls.tcl.h.new.1 mv tls.tcl.h.new.2 @srcdir@/generic/tls.tcl.h ~~# Create default DH parameters~~ ~~dh_params.h: @srcdir@/generic/gen_dh_params Makefile~~ ~~sh @srcdir@/generic/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new~~ ~~mv dh_params.h.new @srcdir@/generic/dh_params.h~~ $(srcdir)/manifest.uuid: printf "git-" >$(srcdir)/manifest.uuid (cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid \|\| \ (printf "svn-r" >$(srcdir)/manifest.uuid ; \ svn info --show-item last-changed-revision >>$(srcdir)/manifest.uuid) \|\| \ printf "unknown" >$(srcdir)/manifest.uuid)
︙

︙
643 644 645 646 647 648 649 ~~650 651 652~~ ~~653~~ 654 655 656 657 658 659 660 661 662 663 664	643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664	- - - + + + - +	#ifdef HAVE_UNISTD_H # include <unistd.h> #endif" ac_header_c_list= ac_subst_vars='LTLIBOBJS TCLSH_PROG ~~TCLTLS_SSL_~~INCLUDE~~S TCLTLS_SSL_~~CFLAG~~S TCLTLS_SSL_~~LIB~~S~~ TCLTLS_SSL_LIBS TCLTLS_SSL_INCLUDES TCLTLS_SSL_CFLAGS ~~GEN_DH_PARAMS_ARGS~~ PKG_CONFIG VC_MANIFEST_EMBED_EXE VC_MANIFEST_EMBED_DLL RANLIB_STUB PKG_STUB_LIB_FILE MAKE_STUB_LIB MAKE_STATIC_LIB MAKE_SHARED_LIB MAKE_LIB EGREP GREP LDFLAGS_DEFAULT
︙
716 717 718 719 720 721 722 ~~723~~ 724 725 726 727 728 729 730	716 717 718 719 720 721 722 723 724 725 726 727 728 729	-	PKG_CFLAGS PKG_LIBS PKG_INCLUDES PKG_HEADERS PKG_TCL_SOURCES PKG_STUB_OBJECTS PKG_STUB_SOURCES ~~PKG_STUB_LIB_FILE~~ PKG_LIB_FILE9 PKG_LIB_FILE8 PKG_LIB_FILE EXEEXT CYGPATH target_alias host_alias
︙
778 779 780 781 782 783 784 ~~785 786~~ 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 ~~804 805 806~~ 807 808 809 810 811 812 813	777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810	- - - - - + + +	enable_64bit_vis enable_rpath enable_symbols enable_tls1 enable_tls1_1 enable_tls1_2 enable_tls1_3 ~~enable_deterministic~~ ~~with_builtin_dh_params_size~~ enable_ssl_fastpath enable_hardening enable_static_ssl with_openssl_dir with_openssl_includedir with_openssl_libdir with_openssl_pkgconfig ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP ~~TCLTLS_SSL_~~LIB~~S TCLTLS_SSL_~~CFLAG~~S TCLTLS_SSL_~~INCLUDE~~S'~~ TCLTLS_SSL_CFLAGS TCLTLS_SSL_INCLUDES TCLTLS_SSL_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep=
︙
1430 1431 1432 1433 1434 1435 1436 ~~1437~~ 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 ~~1450 1451 1452~~ 1453 1454 1455 1456 1457 1458 1459	1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452	- - - -	--enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) --disable-tls1 disable TLS1 protocol --disable-tls1_1 disable TLS1.1 protocol --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol ~~--enable-deterministic enable deterministic DH parameters~~ --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-hardening enable hardening attempts --enable-static-ssl enable static linking to the SSL library Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-tcl directory containing tcl configuration (tclConfig.sh) --with-tcl8 Compile for Tcl8 in Tcl9 environment --with-tclinclude directory containing the public Tcl header files ~~--with-builtin-dh-params-size=<bits>~~ ~~specify the size in bits of the built-in,~~ ~~precomputed, DH params~~ --with-openssl-dir=<dir> path to root directory of OpenSSL or LibreSSL installation --with-openssl-includedir=<dir> path to include directory of OpenSSL or LibreSSL installation --with-openssl-libdir=<dir>
︙
1468 1469 1470 1471 1472 1473 1474 ~~1475 1476~~ 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487	1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480	- - + +	CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a nonstandard directory <lib dir> LIBS libraries to pass to the linker, e.g. -l<library> CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if you have headers in a nonstandard directory <include dir> CPP C preprocessor ~~TCLTLS_SSL_LIBS~~ ~~libraries to pass to the linker for OpenSSL or LibreSSL~~ TCLTLS_SSL_CFLAGS C compiler flags for OpenSSL or LibreSSL TCLTLS_SSL_INCLUDES C compiler include paths for OpenSSL or LibreSSL TCLTLS_SSL_LIBS libraries to pass to the linker for OpenSSL or LibreSSL Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$?
︙
2610 2611 2612 2613 2614 2615 2616 ~~2617 2618~~ 2619 2620 2621 2622 2623 2624 2625	2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616	- -	# This package name must be replaced statically for AC_SUBST to work ~~# Substitute STUB_LIB_FILE in case package creates a stub library too.~~ # We AC_SUBST these here to ensure they are subst'ed, # in case the user doesn't call TEA_ADD_...
︙
5506 5507 5508 5509 5510 5511 5512 ~~5513~~ 5514 5515 5516 5517 5518 5519 5520	5497 5498 5499 5500 5501 5502 5503 5504 5505 5506 5507 5508 5509 5510 5511	- +	# Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # # A few miscellaneous platform-specific items: # TEA_ADD_* any platform specific compiler/build info here. #-------------------------------------------------------------------- ~~CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status ~~dh_params.h.new dh_params.h~~ Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms"~~ CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms" if test "${TEA_PLATFORM}" = "windows" ; then printf "%s\n" "#define BUILD_tls 1" >>confdefs.h printf "%s\n" "#define WINDOWS 1" >>confdefs.h CLEANFILES="pkgIndex.tcl .lib .dll .exp .ilk .pdb vc.pch" else
︙
8869 8870 8871 8872 8873 8874 8875 ~~8876~~ 8877 8878 8879 8880 8881 8882 8883 8884 8885 8886 8887 8888 8889 8890 8891 8892 8893 8894 ~~8895 8896~~ 8897 8898 8899 ~~8900~~ 8901 8902 8903 8904 8905 8906 8907 8908 8909 8910 8911 8912 8913 8914 8915 8916 8917 8918 8919	8860 8861 8862 8863 8864 8865 8866 8867 8868 8869 8870 8871 8872 8873 8874 8875 8876 8877 8878 8879 8880 8881 8882 8883 8884 8885 8886 8887 8888 8889 8890 8891 8892 8893 8894 8895 8896 8897 8898 8899 8900 8901 8902 8903 8904 8905 8906 8907 8908 8909 8910 8911 8912 8913 8914 8915 8916 8917 8918 8919 8920	+ + + - + + - - + + + + + - + + + +	PACKAGE_LIB_PREFIX=lib${PACKAGE_LIB_PREFIX} fi eval eval "PKG_LIB_FILE8=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else ~~eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"~~ eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi if test "$GCC" = "yes"; then PKG_STUB_LIB_FILE=lib${PKG_STUB_LIB_FILE} fi # These aren't needed on Windows (either MSVC or gcc) RANLIB=: RANLIB_STUB=: else RANLIB_STUB="${RANLIB}" if test "${SHARED_BUILD}" = "1" ; then SHLIB_LD_LIBS="${SHLIB_LD_LIBS} ${TCL_STUB_LIB_SPEC}" if test x"${TK_BIN_DIR}" != x ; then SHLIB_LD_LIBS="${SHLIB_LD_LIBS} ${TK_STUB_LIB_SPEC}" fi eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${SHARED_LIB_SUFFIX}" RANLIB=: else ~~eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}"~~ eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else ~~eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}"~~ eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi fi # These are escaped so that only CFLAGS is picked up at configure time. # The other values will be substituted at make time. CFLAGS="${CFLAGS} \${CFLAGS_DEFAULT} \${CFLAGS_WARNING}" if test "${SHARED_BUILD}" = "1" ; then CFLAGS="${CFLAGS} \${SHLIB_CFLAGS}" fi # Substitute STUB_LIB_FILE in case package creates a stub library too. #--------------------------------------------------------------------
︙
9006 9007 9008 9009 9010 9011 9012 ~~9013~~ 9014 9015 9016 9017 9018 9019 9020	9007 9008 9009 9010 9011 9012 9013 9014 9015 9016 9017 9018 9019 9020 9021	- +	printf "%s\n" "$ac_ct_PKG_CONFIG" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi if test "x$ac_ct_PKG_CONFIG" = x; then ~~PKG_CONFIG="~~false~~"~~ PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac
︙
9089 9090 9091 9092 9093 9094 9095 ~~9096 9097 9098 9099 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 9110 9111 9112 9113 9114 9115 9116 9117 9118 9119 9120 9121 9122 9123 9124 9125 9126 9127 9128 9129 9130 9131 9132 9133 9134 9135~~ 9136 9137 9138 9139 9140 9141 9142	9090 9091 9092 9093 9094 9095 9096 9097 9098 9099 9100 9101 9102 9103	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5 printf "%s\n" "'yes'" >&6; } fi fi ~~# Check whether --enable-deterministic was given.~~ ~~if test ${enable_deterministic+y}~~ ~~then :~~ ~~enableval=$enable_deterministic;~~ ~~tcltls_deterministic="$enableval"~~ ~~else $as_nop~~ ~~tcltls_deterministic='no'~~ fi ~~if test "$tcltls_deterministic" = 'yes'; then~~ ~~GEN_DH_PARAMS_ARGS='fallback'~~ ~~else~~ ~~GEN_DH_PARAMS_ARGS=''~~ fi ~~# Check whether --with-builtin-dh-params-size was given.~~ ~~if test ${with_builtin_dh_params_size+y}~~ ~~then :~~ ~~withval=$with_builtin_dh_params_size;~~ ~~case $withval in #(~~ ~~2048\|4096\|8192) :~~ ~~;; #(~~ *) : ~~as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;;~~ ~~esac~~ ~~GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"~~ fi ~~{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH params" >&5~~ ~~printf %s "checking for DH params... " >&6; }~~ ~~{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GEN_DH_PARAMS_ARGS" >&5~~ ~~printf "%s\n" "$GEN_DH_PARAMS_ARGS" >&6; }~~ # Check whether --enable-ssl-fastpath was given. if test ${enable_ssl_fastpath+y} then : enableval=$enable_ssl_fastpath; tcltls_ssl_fastpath="$enableval"
︙
9203 9204 9205 9206 9207 9208 9209 ~~9210 9211 9212 9213 9214 9215~~ 9216 9217 9218 9219 9220 9221 9222	9164 9165 9166 9167 9168 9169 9170 9171 9172 9173 9174 9175 9176 9177	- - - - - -	fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for static linking of openSSL libraries" >&5 printf %s "checking for static linking of openSSL libraries... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TCLEXT_TLS_STATIC_SSL" >&5 printf "%s\n" "$TCLEXT_TLS_STATIC_SSL" >&6; } ~~~~# Static lib~~ ~~pkgConfigExtraArgs=''~~ ~~if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then~~ ~~pkgConfigExtraArgs='--static'~~ fi~~ # Check whether --with-openssl-dir was given. if test ${with_openssl_dir+y} then : withval=$with_openssl_dir; openssldir="$withval"
︙
9235 9236 9237 9238 9239 9240 9241 ~~9242~~ 9243 9244 9245 9246 9247 9248 9249 9250 9251 9252 9253 9254 9255 ~~9256~~ 9257 9258 9259 9260 9261 9262 9263 9264 9265 9266 9267 9268 9269 9270 9271 9272 9273 9274 ~~9275~~ 9276 ~~9277~~ 9278 9279 9280 9281 9282 9283 9284 9285 9286 9287 9288 9289 9290 ~~9291 9292~~ 9293 9294 9295 9296 9297 9298 9299 9300 9301 9302 9303 9304 9305 9306 9307 9308 9309 9310 9311 9312 9313	9190 9191 9192 9193 9194 9195 9196 9197 9198 9199 9200 9201 9202 9203 9204 9205 9206 9207 9208 9209 9210 9211 9212 9213 9214 9215 9216 9217 9218 9219 9220 9221 9222 9223 9224 9225 9226 9227 9228 9229 9230 9231 9232 9233 9234 9235 9236 9237 9238 9239 9240 9241 9242 9243 9244 9245 9246 9247 9248 9249 9250 9251 9252 9253 9254 9255 9256 9257 9258 9259 9260 9261 9262 9263 9264 9265 9266 9267 9268 9269 9270 9271 9272 9273 9274 9275 9276	- + - + + + + - + - + - - + + + + + + +	then : withval=$with_openssl_includedir; opensslincludedir="$withval" else $as_nop if test -n "$openssldir"; then ~~opensslincludedir="${openssldir~~}${PATH_SEPARATOR}~~include~~${PATH_SEPARATOR}~~openssl"~~ opensslincludedir="$openssldir/include/openssl" else opensslincludedir='' fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL include directory" >&5 printf %s "checking for OpenSSL include directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslincludedir" >&5 printf "%s\n" "$opensslincludedir" >&6; } if test -n "$opensslincludedir"; then ~~if test -f "${opensslincludedir~~}${PATH_SEPARATOR}~~ssl.h"; then~~ if test -f "$opensslincludedir/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" else as_fn_error $? "Unable to locate ssl.h" "$LINENO" 5 fi else TCLTLS_SSL_CFLAGS="-I$(includedir)/openssl" TCLTLS_SSL_INCLUDES="-I$(includedir)/openssl" fi # Check whether --with-openssl-libdir was given. if test ${with_openssl_libdir+y} then : withval=$with_openssl_libdir; openssllibdir="$withval" else $as_nop if test -n "$openssldir"; then if test "$do64bit" == 'yes'; then ~~openssllibdir="${openssldir~~}${PATH_SEPARATOR}~~lib64"~~ openssllibdir="$openssldir/lib64" else ~~openssllibdir="${openssldir~~}${PATH_SEPARATOR}~~lib"~~ openssllibdir="$openssldir/lib" fi else openssllibdir='' fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL lib directory" >&5 printf %s "checking for OpenSSL lib directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssllibdir" >&5 printf "%s\n" "$openssllibdir" >&6; } ~~if test -n "$openssllibdir"; then if test -f "${openssllibdir~~}${PATH_SEPARATOR}~~libssl${SHLIB_SUFFIX}"; then~~ if test -n "$openssllibdir"; then if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" else # Linux and Solaris TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" # HPUX # -Wl,-a,archive ... -Wl,-a,shared_archive fi else as_fn_error $? "Unable to locate libssl${SHLIB_SUFFIX}" "$LINENO" 5 fi else TCLTLS_SSL_LIBS="-lcrypto -lssl" fi # Check whether --with-openssl-pkgconfig was given. if test ${with_openssl_pkgconfig+y} then : withval=$with_openssl_pkgconfig;
︙
9321 9322 9323 9324 9325 9326 9327 ~~9328 9329 9330 9331 9332~~ 9333 ~~9334 9335 9336~~ ~~9337 9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 9350~~ 9351 9352 9353 9354 9355 9356 9357	9284 9285 9286 9287 9288 9289 9290 9291 9292 9293 9294 9295 9296 9297 9298 9299 9300 9301 9302 9303 9304 9305 9306 9307 9308 9309 9310 9311 9312 9313 9314 9315 9316 9317 9318 9319 9320 9321 9322 9323 9324 9325	+ + + + + + + + - - - - - + + + + + - - - + + + - - - - - - - - - - - - - - + + + + + + + + + + +	fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL pkgconfig" >&5 printf %s "checking for OpenSSL pkgconfig... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslpkgconfigdir" >&5 printf "%s\n" "$opensslpkgconfigdir" >&6; } # Use Package Config tool to get config pkgConfigExtraArgs='' if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then pkgConfigExtraArgs='--static' fi if test -n "${PKG_CONFIG}"; then PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}~~${PATH_SEPARATOR}~~openssl.pc"; then as_fn_error $? "Unable to locate ${opensslpkgconfigdir}~~${PATH_SEPARATOR}~~openssl.pc" "$LINENO" 5 fi PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then as_fn_error $? "Unable to locate ${opensslpkgconfigdir}/openssl.pc" "$LINENO" 5 fi ~~PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi~~ PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi if test -z "$TCLTLS_SSL_LIBS"; then TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_INCLUDES"; then TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" if test -z "$TCLTLS_SSL_LIBS"; then TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_INCLUDES"; then TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" \|\| as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" fi #-------------------------------------------------------------------- # Shared libraries and static libraries have different names. # Also, windows libraries and unix libraries have different names. # For the OpenSSL version, I chose to use the same library names that # OpenSSL uses as its default names.
︙

︙
60 61 62 63 64 65 66 ~~67 68 69 70 71 72 73 74~~ 75 76 77 78 79 80 81	60 61 62 63 64 65 66 67 68 69 70 71 72 73	- - - - - - - -	#define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) #define SSLKEYLOGFILE "SSLKEYLOGFILE" ~~/* * Static data structures / ~~#ifndef OPENSSL_NO_DH~~ ~~#include "dh_params.h"~~ ~~#endif~~~~ / * Thread-Safe TLS Code */ #ifdef TCL_THREADS #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h>
︙
1908 1909 1910 1911 1912 1913 1914 1915 ~~1916 1917~~ ~~1918 1919~~ 1920 1921 1922 1923 1924 1925 1926	1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924	+ + + + - - + + + + + - - +	BIO_free(bio); Tcl_DStringFree(&ds); if (!dh) { Tcl_AppendResult(interp, "Could not read DH parameters from file", (char ) NULL); SSL_CTX_free(ctx); return NULL; } SSL_CTX_set_tmp_dh(ctx, dh); DH_free(dh); } else { / Use well known DH parameters that have built-in support in OpenSSL / ~~dh ~~= g~~et_dhPa~~rams~~(); }~~ if (!SSL_CTX_set_dh_auto(ctx, 1)) { Tcl_AppendResult(interp, "Could not enable set DH auto: ", REASON(), (char ) NULL); SSL_CTX_free(ctx); return NULL; } ~~SSL_CTX_set_tmp_dh(ctx, dh);~~ ~~DH_free(dh);~~ } } #endif /* set our certificate */ load_private_key = 0; if (certfile != NULL) { load_private_key = 1;
︙