Index: library/tls.tcl ================================================================== --- library/tls.tcl +++ library/tls.tcl @@ -314,30 +314,24 @@ log 2 "tls::_accept - called \"$callback\" succeeded" } } # -# Sample callback for hooking: - -# -# error -# verify -# info -# -proc tls::callback {option args} { - variable debug - - #log 2 [concat $option $args] +# Sample callback for status data from OpenSSL +# +proc tls::callback {option chan args} { + variable debug switch -- $option { "error" { - foreach {chan msg} $args break + lassign $args msg log 0 "TLS/$chan: error: $msg" } "info" { - # poor man's lassign - foreach {chan major minor msg type} $args break + set type "" + lassign $args major minor msg type if {$msg != ""} { append state ": $msg" } # For tracing @@ -345,54 +339,53 @@ set cb($major) $minor log 2 "TLS/$chan: $major/$minor: $state" } "message" { - # poor man's lassign - foreach {chan direction version content_type msg} $args break + lassign $args direction version content_type msg log 0 "TLS/$chan: info: $direction $msg" } "session" { - foreach {chan session_id ticket lifetime} $args break + lassign $args session_id ticket lifetime log 0 "TLS/$chan: session: lifetime $lifetime" } + "verify" { + return [tls::validate_command $option $chan {*}$args] + } default { return -code error "bad option \"$option\":\ - must be one of error, info, or session" + must be one of error, info, message, or session" } } } # # Sample callback when return value is needed # -proc tls::validate_command {option args} { +proc tls::validate_command {option chan args} { variable debug - #log 2 [concat $option $args] - switch -- $option { "alpn" { - foreach {chan protocol match} $args break + lassign $args protocol match log 0 "TLS/$chan: alpn: $protocol $match" } "hello" { - foreach {chan servername} $args break + lassign $args servername log 0 "TLS/$chan: hello: $servername" } "sni" { - foreach {chan servername} $args break + lassign $args servername log 0 "TLS/$chan: sni: $servername" } "verify" { - # poor man's lassign - foreach {chan depth cert rc err} $args break + lassign $args depth cert rc err array set c $cert if {$rc != "1"} { log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)" @@ -405,11 +398,11 @@ return $rc } } default { return -code error "bad option \"$option\":\ - must be one of alpn, info, or verify" + must be one of alpn, hello, sni, or verify" } } return 1 } @@ -429,11 +422,11 @@ return 1 } } } -proc tls::password {rwflag size} { +proc tls::password {{option password} {rwflag 0} {size 0}} { log 0 "TLS/Password: did you forget to set your passwd!" # Return the worlds best kept secret password. return "secret" } Index: tests/certs/README.txt ================================================================== --- tests/certs/README.txt +++ tests/certs/README.txt Index: tests/keytest2.tcl ================================================================== --- tests/keytest2.tcl +++ tests/keytest2.tcl Index: tests/oldTests/client.pem ================================================================== --- tests/oldTests/client.pem +++ tests/oldTests/client.pem Index: tests/oldTests/tls.tcl ================================================================== --- tests/oldTests/tls.tcl +++ tests/oldTests/tls.tcl Index: tests/oldTests/tlsAuto.tcl ================================================================== --- tests/oldTests/tlsAuto.tcl +++ tests/oldTests/tlsAuto.tcl Index: tests/oldTests/tlsBlocking.tcl ================================================================== --- tests/oldTests/tlsBlocking.tcl +++ tests/oldTests/tlsBlocking.tcl Index: tests/oldTests/tlsCiphers.tcl ================================================================== --- tests/oldTests/tlsCiphers.tcl +++ tests/oldTests/tlsCiphers.tcl Index: tests/oldTests/tlsUpload.tcl ================================================================== --- tests/oldTests/tlsUpload.tcl +++ tests/oldTests/tlsUpload.tcl