static int
CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
    Tcl_Obj *objPtr = NULL;
    SSL_CTX *ctx = NULL;
    SSL *ssl = NULL;
    STACK_OF(SSL_CIPHER) *sk;
    char buf[BUFSIZ];
    Tcl_Size index;
    int index, verbose = 0, use_supported = 0;
    int verbose = 0, use_supported = 0;
    const SSL_METHOD *method;
    (void) clientData;

    dprintf("Called");

    if ((objc < 2) || (objc > 4)) {
	Tcl_WrongNumArgs(interp, 1, objv, "protocol ?verbose? ?supported?");

 *	None
 *
 *-----------------------------------------------------------------------------
 */
Tcl_Obj *String_to_Hex(unsigned char* input, int ilen) {
    unsigned char *iptr = input;
    Tcl_Obj *resultObj = Tcl_NewByteArrayObj(NULL, 0);
    unsigned char *data = Tcl_SetByteArrayLength(resultObj, ilen*2);
    unsigned char *data = Tcl_SetByteArrayLength(resultObj, (Tcl_Size)ilen*2);
    unsigned char *dptr = &data[0];
    const char *hex = "0123456789abcdef";

    if (resultObj == NULL) {
	return NULL;
    }

    unsigned int ulen;
    uint32_t xflags;
    unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
    flags &= ~ASN1_STRFLGS_ESC_MSB;

    char *buffer = ckalloc(BUFSIZ > EVP_MAX_MD_SIZE ? BUFSIZ : EVP_MAX_MD_SIZE);

    printf("Called\n");
    dprintf("Called");

    if (interp == NULL || cert == NULL || bio == NULL || resultObj == NULL || buffer == NULL) {
	Tcl_DecrRefCount(resultObj);
	BIO_free(bio);
	if (buffer != NULL) ckfree(buffer);
	return NULL;
    }

	    log 0 "TLS/$chan: error: $msg"
	}
	"info" {
	    set type ""
	    lassign $args major minor msg type

	    if {$msg != ""} {
	    if {$msg ne ""} {
		append state ": $msg"
	    }
	    # For tracing
	    upvar #0 tls::$chan cb
	    set cb($major) $minor

	    log 2 "TLS/$chan: $major/$minor: $state"

	    log 0 "TLS/$chan: sni: $servername"
	}
	"verify" {
	    lassign $args depth cert rc err

	    array set c $cert

	    if {$rc != "1"} {
	    if {$rc ne "1"} {
		log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)"
	    } else {
		log 2 "TLS/$chan: verify/$depth: $c(subject)"
	    }
	    if {$debug > 0} {
		return 1;	# FORCE OK
	    } else {

    return 1
}

proc tls::xhandshake {chan} {
    upvar #0 tls::$chan cb

    if {[info exists cb(handshake)] && \
	$cb(handshake) == "done"} {
	$cb(handshake) eq "done"} {
	return 1
    }
    while {1} {
	vwait tls::${chan}(handshake)
	if {![info exists cb(handshake)]} {
	    return 0
	}

    return "secret"
}

proc tls::log {level msg} {
    variable debug
    variable logcmd

    if {$level > $debug || $logcmd == ""} {
    if {$level > $debug || $logcmd eq ""} {
	return
    }
    set cmd $logcmd
    lappend cmd $msg
    uplevel #0 $cmd
}

#!/usr/bin/env tclsh

# Common Constraints
package require tls

# Supported protocols
set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
foreach protocol $protocols {

#
# Copyright (C) 1997-2000 Matt Newman <[email protected]>
#
set dir [file dirname [info script]]
regsub {\.} [info tclversion] {} vshort
if {$tcl_platform(platform) == "windows"} {
if {$tcl_platform(platform) eq "windows"} {
    if {[info exists tcl_platform(debug)]} {
	load $dir/../win/Debug$vshort/tls.dll
    } else {
	load $dir/../win/Release$vshort/tls.dll
    }
} else {
    load [glob $dir/../unix/libtls*]

	set ::/Exit 1
	return
    }
    if {[eof $chan]} {
	close $chan
	set ::/Exit 1
    }
    if {$data != ""} {
    if {$data ne ""} {
	puts -nonewline stderr "$data"
    }
}
proc doit {chan count {delay 1000}} {
    if {$count == 0} {
	close $chan
	set ::/Exit 0

    set x hello
    if {[catch {read $chan 1024} data]} {
	puts stderr "EOF ($data)"
	catch {close $chan}
	return
    }

    if {$verbose && $data != ""} {
    if {$verbose && $data ne ""} {
	puts -nonewline stderr $data
    }
    if {[eof $chan]} {    ;# client gone or finished
	puts stderr "EOF"
	close $chan        ;# release the servers client channel
	return
    }

proc reflectCB {chan {verbose 0}} {
    if {[catch {read $chan 1024} data]} {
	puts stderr "EOF ($data)"
	catch {close $chan}
	return
    }

    if {$verbose && $data != ""} {
    if {$verbose && $data ne ""} {
	puts -nonewline stderr $data
    }
    if {[eof $chan]} {    ;# client gone or finished
	puts stderr "EOF"
	close $chan        ;# release the servers client channel
	return
    }

	set ::/Exit 1
	return
    }
    if {[eof $chan]} {
	close $chan
	set ::/Exit 1
    }
    if {$data != ""} {
    if {$data ne ""} {
	puts -nonewline stderr "$data"
    }
}
proc doit {chan count {delay 1000}} {
    if {$count == 0} {
	close $chan
	set ::/Exit 0

#!/usr/bin/env tclsh
# This file contains Tcl code to implement a remote server that can be
# used during testing of Tcl socket code. This server is used by some
# of the tests in socket.test.
#
# Source this file in the remote server you are using to test Tcl against.
#
# Copyright (c) 1995-1996 Sun Microsystems, Inc.

    }
}

proc __readAndExecute__ {s} {
    global command VERBOSE

    set l [gets $s]
    if {[string compare $l "--Marker--Marker--Marker--"] == 0} {
    if {$l eq "--Marker--Marker--Marker--"} {
	if {[info exists command($s)]} {
	    puts $s [list error incomplete_command]
	}
	puts $s "--Marker--Marker--Marker--"
	return
    }
    if {[string compare $l ""] == 0} {
    if {$l eq ""} {
	if {[eof $s]} {
	    if {$VERBOSE} {
		puts "Server closing $s, eof from client"
	    }
	    close $s
	}
	return

    tls::handshake $s
    fileevent $s readable [list __readAndExecute__ $s]
    fconfigure $s -buffering line -translation crlf
}

set serverIsSilent 0
for {set i 0} {$i < $argc} {incr i} {
    if {[string compare -serverIsSilent [lindex $argv $i]] == 0} {
    if {[lindex $argv $i] eq "-serverIsSilent"} {
	set serverIsSilent 1
	break
    }
}
if {![info exists serverPort]} {
    if {[info exists env(serverPort)]} {
	set serverPort $env(serverPort)
    }
}
if {![info exists serverPort]} {
    for {set i 0} {$i < $argc} {incr i} {
	if {[string compare -port [lindex $argv $i]] == 0} {
	if {[lindex $argv $i] eq "-port"} {
	    if {$i < [expr $argc - 1]} {
		set serverPort [lindex $argv [expr $i + 1]]
	    }
	    break
	}
    }
}
if {![info exists serverPort]} {
    set serverPort 8048
}

if {![info exists serverAddress]} {
    if {[info exists env(serverAddress)]} {
	set serverAddress $env(serverAddress)
    }
}
if {![info exists serverAddress]} {
    for {set i 0} {$i < $argc} {incr i} {
	if {[string compare -address [lindex $argv $i]] == 0} {
	if {[lindex $argv $i] eq "-address"} {
	    if {$i < [expr $argc - 1]} {
		set serverAddress [lindex $argv [expr $i + 1]]
	    }
	    break
	}
    }
}

    global OPTS
    if {[catch {read $chan} data]} {
	#dputs "EOF $chan ([shortstr $data])"
	incr OPTS(openports) -1
	catch {close $chan}
	return
    }
    #if {$data != ""} { dputs "got $chan ([shortstr $data])" }
    #if {$data ne ""} { dputs "got $chan ([shortstr $data])" }
    if {[string match *CLOSE\n $data]} {
	dputs "CLOSE $chan"
	incr OPTS(openports) -1
	close $chan
	return
    } elseif {[eof $chan]} {
	# client gone or finished

#
proc respond {chan} {
    if {[catch {read $chan} data]} {
	#dputs "EOF $chan ([shortstr $data)"
	catch {close $chan}
	return
    }
    #if {$data != ""} { dputs "got $chan ([shortstr $data])" }
    #if {$data ne ""} { dputs "got $chan ([shortstr $data])" }
    if {[eof $chan]} {
	# client gone or finished
	dputs "EOF $chan"
	close $chan		;#  release the port
	return
    }
    puts -nonewline $chan $data

set caCert	[file join $certsDir ca.pem]
set serverKey	[file join $certsDir server.key]
set clientKey	[file join $certsDir client.key]

# Some tests require the testthread and exec commands

set ::tcltest::testConstraints(testthread) \
	[expr {[info commands testthread] != {}}]
set ::tcltest::testConstraints(exec) [expr {[info commands exec] != {}}]
	[expr {[info commands testthread] ne {}}]
set ::tcltest::testConstraints(exec) [expr {[info commands exec] ne {}}]

#
# If remoteServerIP or remoteServerPort are not set, check in the
# environment variables for externally set values.
#

if {![info exists remoteServerIP]} {

	set ::do_handshake "eof"
    } elseif {[catch {tls::handshake $s} result]} {
	# Some errors are normal.
	dputs "handshake: $result"
    } elseif {$result == 1} {
	# Handshake complete
	if {[llength $args]} { eval [list fconfigure $s] $args }
	if {$cmd == ""} {
	if {$cmd eq ""} {
	    fileevent $s $type ""
	} else {
	    fileevent $s $type "$cmd [list $s]"
	}
	dputs "handshake: complete"
	set ::do_handshake "complete"
    } else {
	dputs "handshake: in progress"
    }
}

#
# Check if we're supposed to do tests against the remote server
#

set doTestsWithRemoteServer 1
if {![info exists remoteServerIP] && ($tcl_platform(platform) != "macintosh")} {
if {![info exists remoteServerIP] && ($tcl_platform(platform) ne "macintosh")} {
    set remoteServerIP 127.0.0.1
}
if {($doTestsWithRemoteServer == 1) && (![info exists remoteServerPort])} {
    set remoteServerPort $tlsServerPort
}

# Attempt to connect to a remote server if one is already running. If it
# is not running or for some other reason the connect fails, attempt to
# start the remote server on the local host listening on port 8048. This
# is only done on platforms that support exec (i.e. not on the Mac). On
# platforms that do not support exec, the remote server must be started
# by the user before running the tests.

set remoteProcChan ""
set commandSocket ""
if {$doTestsWithRemoteServer} {
    catch {close $commandSocket}
    if {[catch {set commandSocket [tls::socket \
	    -certfile $clientCert -cafile $caCert -keyfile $clientKey \
	    $remoteServerIP $remoteServerPort]}] != 0} {
	if {[info commands exec] == ""} {
	if {[info commands exec] eq ""} {
	    set noRemoteTestReason "can't exec"
	    set doTestsWithRemoteServer 0
	} else {
	    set remoteServerIP 127.0.0.1
	    set remoteFile [file join [pwd] remote.tcl]
	    if {[catch {set remoteProcChan \
		    [open "|[list $::tcltest::tcltest $remoteFile \

	set resp ""
	while {1} {
	    set line [gets $commandSocket]
	    if {[eof $commandSocket]} {
		error "remote server disappeared"
	    }
	    if {[string compare $line "--Marker--Marker--Marker--"] == 0} {
		if {[string compare [lindex $resp 0] error] == 0} {
	    if {$line eq "--Marker--Marker--Marker--"} {
		if {[lindex $resp 0] eq "error"} {
		    error [lindex $resp 1]
		} else {
		    return [lindex $resp 1]
		}
	    } else {
		append resp $line "\n"
	    }

    }
    set f [tls::socket \
	    -certfile $clientCert -cafile $caCert -keyfile $clientKey \
	    $remoteServerIP 8836]
    fconfigure $f -translation crlf -buffering line
    for {set cnt 0} {$cnt < 50} {incr cnt} {
	puts $f "hello, $cnt"
	if {[string compare [gets $f] "hello, $cnt"] != 0} {
	if {[gets $f] ne "hello, $cnt"} {
	    break
	}
    }
    close $f
    sendCommand {close $socket10_7_test_server}
    set cnt
} 50

# Macintosh sockets can have more than one server per port
if {$tcl_platform(platform) == "macintosh"} {
if {$tcl_platform(platform) eq "macintosh"} {
    set conflictResult {0 8836}
} else {
    set conflictResult {1 {couldn't open socket: address already in use}}
}

test tlsIO-11.6 {socket conflict} {socket doTestsWithRemoteServer} {
    set s1 [tls::socket \

    # Read handler on the accepted socket.
    global x
    global failed
    set status [catch {read $file} data]
    if {$status != 0} {
	set x "read failed, error was $data"
	catch { close $file }
    } elseif {[string compare {} $data]} {
    } elseif {$data ne {}} {
    } elseif {[fblocked $file]} {
    } elseif {[eof $file]} {
	if {$failed} {
	    set x "$type socket was inherited"
	} else {
	    set x "$type socket was not inherited"
	}