Overview
Comment: | More callback error checking. Added session ticket callback handling. Split set client and server session caching callbacks. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
e1f08bc122aed3fac3ef38b4640e5ba6 |
User & Date: | bohagan on 2023-06-05 02:47:28 |
Other Links: | branch diff | manifest | tags |
Context
2023-06-10
| ||
19:45 | Added ALPN callback update to catch and return errors in select next protocol. check-in: 1a03a74d6e user: bohagan tags: status_x509 | |
2023-06-05
| ||
02:47 | More callback error checking. Added session ticket callback handling. Split set client and server session caching callbacks. check-in: e1f08bc122 user: bohagan tags: status_x509 | |
02:09 | Use SSL connection states instead of custom states. check-in: 3d083cdfaf user: bohagan tags: status_x509 | |
Changes
Modified generic/tls.c
from [a126391165]
to [bf31ce69c0].
︙ | ︙ | |||
428 429 430 431 432 433 434 | } /* *------------------------------------------------------------------- * * Session Callback for Clients -- * | | | 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 | } /* *------------------------------------------------------------------- * * Session Callback for Clients -- * * Called when a new session is added to the cache. In TLS 1.3 * this may be received multiple times after the handshake. For * earlier versions, this will be received during the handshake. * * Results: * None * * Side effects: |
︙ | ︙ | |||
452 453 454 455 456 457 458 | const unsigned char *session_id; int len; int code; size_t len2; dprintf("Called"); | | | > > > | 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 | const unsigned char *session_id; int len; int code; size_t len2; dprintf("Called"); if (statePtr->callback == (Tcl_Obj*)NULL) { return SSL_TLSEXT_ERR_OK; } else if (ssl == NULL) { return SSL_TLSEXT_ERR_NOACK; } cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("session", -1)); /* Session id */ session_id = SSL_SESSION_get0_id_context(session, &len); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(session_id, len)); |
︙ | ︙ | |||
486 487 488 489 490 491 492 | Tcl_BackgroundException(interp, code); #endif } Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); Tcl_Release((ClientData) interp); | > | | 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 | Tcl_BackgroundException(interp, code); #endif } Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); Tcl_Release((ClientData) interp); /* If return non-zero, caller will have to do a SSL_SESSION_free() on the structure. */ return 0; } /* *------------------------------------------------------------------- * * ALPN Callback for Servers -- * |
︙ | ︙ | |||
522 523 524 525 526 527 528 | State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code; dprintf("Called"); | | > > > | 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 | State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code; dprintf("Called"); if (statePtr->callback == (Tcl_Obj*)NULL) { return SSL_TLSEXT_ERR_OK; } else if (ssl == NULL) { return SSL_TLSEXT_ERR_NOACK; } /* Select protocol */ SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len, in, inlen); cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1)); |
︙ | ︙ | |||
656 657 658 659 660 661 662 | int code; const char *servername; const unsigned char *p; size_t len, remaining; dprintf("Called"); | | | > > > | 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 | int code; const char *servername; const unsigned char *p; size_t len, remaining; dprintf("Called"); if (statePtr->callback == (Tcl_Obj*)NULL) { return SSL_TLSEXT_ERR_OK; } else if (ssl == NULL) { return SSL_TLSEXT_ERR_NOACK; } /* Get names */ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) { return SSL_CLIENT_HELLO_ERROR; } /* Extract the length of the supplied list of names. */ |
︙ | ︙ | |||
1327 1328 1329 1330 1331 1332 1333 | /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); SSL_CTX_set_info_callback(statePtr->ctx, InfoCallback); | < > > > > | 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 | /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); SSL_CTX_set_info_callback(statePtr->ctx, InfoCallback); /* Create Tcl_Channel BIO Handler */ statePtr->p_bio = BIO_new_tcl(statePtr, BIO_NOCLOSE); statePtr->bio = BIO_new(BIO_f_ssl()); if (server) { /* Server callbacks */ SSL_CTX_set_alpn_select_cb(statePtr->ctx, ALPNCallback, (void *)statePtr); SSL_CTX_set_tlsext_servername_arg(statePtr->ctx, (void *)statePtr); SSL_CTX_set_tlsext_servername_callback(statePtr->ctx, SNICallback); SSL_CTX_set_client_hello_cb(statePtr->ctx, HelloCallback, (void *)statePtr); statePtr->flags |= TLS_TCL_SERVER; SSL_set_accept_state(statePtr->ssl); } else { /* Session caching */ SSL_CTX_set_session_cache_mode(statePtr->ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_new_cb(statePtr->ctx, SessionCallback); SSL_set_connect_state(statePtr->ssl); } SSL_set_bio(statePtr->ssl, statePtr->p_bio, statePtr->p_bio); BIO_set_ssl(statePtr->bio, statePtr->ssl, BIO_NOCLOSE); /* * End of SSL Init |
︙ | ︙ |