Index: generic/tls.c ================================================================== --- generic/tls.c +++ generic/tls.c @@ -1417,11 +1417,11 @@ if (model != NULL) { int mode; /* Get the "model" context */ chan = Tcl_GetChannel(interp, model, &mode); if (chan == (Tcl_Channel) NULL) { - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* * Make sure to operate on the topmost channel @@ -1429,18 +1429,18 @@ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; } else { if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int) key_len, (int) cert_len, CApath, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) { - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } statePtr->ctx = ctx; @@ -1467,11 +1467,11 @@ dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self)); if (statePtr->self == (Tcl_Channel) NULL) { /* * No use of Tcl_EventuallyFree because no possible Tcl_Preserve. */ - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation)); Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding)); @@ -1488,11 +1488,11 @@ statePtr->ssl = SSL_new(statePtr->ctx); if (!statePtr->ssl) { /* SSL library error */ Tcl_AppendResult(interp, "couldn't construct ssl session: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "INIT", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* Set host server name */ if (servername) { @@ -1499,20 +1499,20 @@ /* Sets the server name indication (SNI) in ClientHello extension */ /* Per RFC 6066, hostname is a ASCII encoded string, though RFC 4366 says UTF-8. */ if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) { Tcl_AppendResult(interp, "Set SNI extension failed: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SNI", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* Set hostname for peer certificate hostname verification in clients. Don't use SSL_set1_host since it has limitations. */ if (!SSL_add1_host(statePtr->ssl, servername)) { Tcl_AppendResult(interp, "Set DNS hostname failed: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } /* Resume session id */ @@ -1520,11 +1520,11 @@ /* SSL_set_session() */ if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl), (const unsigned char *) session_id, (unsigned int) strlen(session_id))) { Tcl_AppendResult(interp, "Resume session failed: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } /* Enable Application-Layer Protocol Negotiation. Examples are: http/1.0, @@ -1536,21 +1536,21 @@ Tcl_Size cnt, i; int j; Tcl_Obj **list; if (Tcl_ListObjGetElements(interp, alpn, &cnt, &list) != TCL_OK) { - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* Determine the memory required for the protocol-list */ for (i = 0; i < cnt; i++) { Tcl_GetStringFromObj(list[i], &len); if (len > 255) { Tcl_AppendResult(interp, "ALPN protocol names too long", (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } protos_len += 1 + (int) len; } @@ -1567,11 +1567,11 @@ /* SSL_set_alpn_protos makes a copy of the protocol-list */ /* Note: This function reverses the return value convention */ if (SSL_set_alpn_protos(statePtr->ssl, protos, protos_len)) { Tcl_AppendResult(interp, "Set ALPN protocols failed: ", GET_ERR_REASON(), (char *) NULL); Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL); - Tls_Free((char *) statePtr); + Tls_Free((tls_free_type *) statePtr); ckfree(protos); return TCL_ERROR; } /* Store protocols list */ @@ -2699,11 +2699,11 @@ * Frees all the state * *------------------------------------------------------------------- */ void -Tls_Free(char *blockPtr) { +Tls_Free(tls_free_type *blockPtr) { State *statePtr = (State *)blockPtr; dprintf("Called"); Tls_Clean(statePtr); Index: generic/tlsInt.h ================================================================== --- generic/tlsInt.h +++ generic/tlsInt.h @@ -184,20 +184,26 @@ #ifndef Tcl_StackChannel #error "Unable to compile on this version of Tcl" #endif /* Tcl_GetStackedChannel */ #endif /* USE_TCL_STUBS */ +#if TCL_MAJOR_VERSION < 9 + typedef char tls_free_type; +#else + typedef void tls_free_type; +#endif + /* * Forward declarations */ const Tcl_ChannelType *Tls_ChannelType(void); Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags); Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); void Tls_Error(State *statePtr, char *msg); -void Tls_Free(char *blockPtr); +void Tls_Free(tls_free_type *blockPtr); void Tls_Clean(State *statePtr); int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent); BIO *BIO_new_tcl(State* statePtr, int flags);