Check-in [ef0be0d731]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Do not expose implementation details in user interface
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | mjanssen-asn1-certs
Files: files | file ages | folders
SHA3-256: ef0be0d731e19a6183250f24b550c4552cd2f0002db14de63190544aeee3778c
User & Date: mjanssen on 2019-06-17 14:27:39
Other Links: branch diff | manifest | tags
Context
2019-06-17
18:08
Align code with option names check-in: 4945b7588e user: mjanssen tags: mjanssen-asn1-certs
14:27
Do not expose implementation details in user interface check-in: ef0be0d731 user: mjanssen tags: mjanssen-asn1-certs
12:05
Add support for ASN1 blobs for certificates and keys check-in: 49278969f2 user: mjanssen tags: mjanssen-asn1-certs
Changes

Modified tls.c from [8332b7761d] to [d8dd86370e].

   816    816   
   817    817   	OPTBOOL( "-ssl2", ssl2);
   818    818   	OPTBOOL( "-ssl3", ssl3);
   819    819   	OPTBOOL( "-tls1", tls1);
   820    820   	OPTBOOL( "-tls1.1", tls1_1);
   821    821   	OPTBOOL( "-tls1.2", tls1_2);
   822    822   	OPTBOOL( "-tls1.3", tls1_3);
          823  +  OPTBYTE("-cert", cert_asn1, cert_asn1_len);
          824  +  OPTBYTE("-key", key_asn1, key_asn1_len);
   823    825   
   824         -  OPTBYTE("-certasn1", cert_asn1, cert_asn1_len);
   825         -  OPTBYTE("-keyasn1", key_asn1, key_asn1_len);
   826         -
   827         -	OPTBAD( "option", "-cadir, -cafile, -certasn1, -certfile, -cipher, -command, -dhparams, -keyasn1, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
          826  +	OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
   828    827   
   829    828   	return TCL_ERROR;
   830    829       }
   831    830       if (request)	    verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
   832    831       if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
   833    832       if (verify == 0)	verify = SSL_VERIFY_NONE;
   834    833   
................................................................................
  1304   1303   	    SSL_CTX_free(ctx);
  1305   1304   	    return (SSL_CTX *)0;
  1306   1305   	}
  1307   1306       } else if (cert_asn1 != NULL) {
  1308   1307   	if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) {
  1309   1308   	    Tcl_DStringFree(&ds);
  1310   1309   	    Tcl_AppendResult(interp,
  1311         -			     "unable to set certificate from ASN1: ",
         1310  +			     "unable to set certificate: ",
  1312   1311   			     REASON(), (char *) NULL);
  1313   1312   	    SSL_CTX_free(ctx);
  1314   1313   	    return (SSL_CTX *)0;
  1315   1314   	}
  1316   1315   	if (key_asn1 == NULL) {
  1317   1316       key_asn1=cert_asn1;
  1318   1317       key_asn1_len = cert_asn1_len;
  1319   1318     }
  1320   1319   	if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) {
  1321   1320   	    Tcl_DStringFree(&ds);
  1322   1321   	    /* flush the passphrase which might be left in the result */
  1323   1322   	    Tcl_SetResult(interp, NULL, TCL_STATIC);
  1324   1323   	    Tcl_AppendResult(interp,
  1325         -			     "unable to set public key from ASN1: ",
         1324  +			     "unable to set public key: ",
  1326   1325   			     REASON(), (char *) NULL);
  1327   1326   	    SSL_CTX_free(ctx);
  1328   1327   	    return (SSL_CTX *)0;
  1329   1328   	}
  1330   1329       } else {
  1331   1330   	cert = (char*)X509_get_default_cert_file();
  1332   1331