Version is the protocol version.
Content type is the message content type.
Message is more info from the SSL_trace API. -This argument is new for TclTLS 1.8.
Message is more info from the SSL_trace API.
This form of callback is invoked by the OpenSSL function SSL_CTX_sess_set_new_cb() whenever a new session id is sent by the server during the initial connection and handshake and also during the session @@ -627,11 +626,11 @@
Ticket is the session ticket info
Lifetime is the ticket lifetime in seconds.
This callback was moved to the -verify_callback in TclTLS 1.8.
This callback was moved to -validatecommand in TclTLS 1.8.
The callback for the -password option is invoked by TclTLS whenever OpenSSL needs to obtain a password. See below for the possible arguments passed to the @@ -736,17 +735,17 @@ It may be removed from future releases.
These examples use the default Unix platform SSL certificates. For standard installations, -cadir and -cafile should not be needed. If your certificates -are in non-standard locations, update -cadir or use -cafile as needed.
+are in non-standard locations, specify -cadir or -cafile as needed.Example #1: Use HTTP package
package require http
package require tls
set url "https://www.tcl.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
@@ -759,11 +758,11 @@
Example #2: Use raw socket
package require tls
set url "www.tcl-lang.org"
set port 443
-set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 -alpn {http/1.1} -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
+set ch [tls::socket -autoservername 1 -servername $url -require 1 -alpn {http/1.1} -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch
puts $ch "GET / HTTP/1.1"
flush $ch
after 500
@@ -784,11 +783,11 @@
Example #3: Get web page
package require http
package require tls
set url "https://www.tcl.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
}
@@ -802,11 +801,11 @@
package require http
package require tls
set url "https://wiki.tcl-lang.org/sitemap.xml"
set filename [file tail $url]
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]
# Cleanup
close $ch
Index: doc/tls.man
==================================================================
--- doc/tls.man
+++ doc/tls.man
@@ -652,11 +652,10 @@
[def [arg content_type]]
Content type is the message content type.
[def [arg message]]
Message is more info from the [const SSL_trace] API.
-This argument is new for TclTLS 1.8.
[list_end]
[opt_def session [arg "channelId session_id session_ticket lifetime"]]
This form of callback is invoked by the OpenSSL function
@@ -677,11 +676,11 @@
Lifetime is the ticket lifetime in seconds.
[list_end]
[opt_def verify [arg "channelId depth cert status error"]]
-This callback was moved to the [option -verify_callback] in TclTLS 1.8.
+This callback was moved to [option -validatecommand] in TclTLS 1.8.
[list_end]
[subsection "Values for Password Callback"]
@@ -825,11 +824,11 @@
[section "Debug Examples"]
These examples use the default Unix platform SSL certificates. For standard
installations, -cadir and -cafile should not be needed. If your certificates
-are in non-standard locations, update -cadir or use -cafile as needed.
+are in non-standard locations, specify -cadir or -cafile as needed.
[para]
Example #1: Use HTTP package
@@ -837,12 +836,13 @@
package require http
package require tls
set url "https://www.tcl.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs \
- -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1 \
+ -command ::tls::callback -password ::tls::password \
+ -validatecommand ::tls::validate_command]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
@@ -863,13 +863,13 @@
package require tls
set url "www.tcl-lang.org"
set port 443
-set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 \
- -alpn {http/1.1} -cadir /etc/ssl/certs -command ::tls::callback \
- -password ::tls::password -validatecommand ::tls::validate_command $url $port]
+set ch [tls::socket -autoservername 1 -servername $url -require 1 \
+ -alpn {http/1.1} -command ::tls::callback -password ::tls::password \
+ -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch
puts $ch "GET / HTTP/1.1"
flush $ch
@@ -899,11 +899,11 @@
package require http
package require tls
set url "https://www.tcl.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
@@ -925,11 +925,11 @@
package require tls
set url "https://wiki.tcl-lang.org/sitemap.xml"
set filename [file tail $url]
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]
Index: doc/tls.n
==================================================================
--- doc/tls.n
+++ doc/tls.n
@@ -881,11 +881,10 @@
\fIcontent_type\fR
Content type is the message content type\&.
.TP
\fImessage\fR
Message is more info from the \fBSSL_trace\fR API\&.
-This argument is new for TclTLS 1\&.8\&.
.RE
.TP
\fBsession\fR \fIchannelId session_id session_ticket lifetime\fR
This form of callback is invoked by the OpenSSL function
\fBSSL_CTX_sess_set_new_cb()\fR whenever a new session id is sent by the
@@ -903,11 +902,11 @@
\fIlifetime\fR
Lifetime is the ticket lifetime in seconds\&.
.RE
.TP
\fBverify\fR \fIchannelId depth cert status error\fR
-This callback was moved to the \fB-verify_callback\fR in TclTLS 1\&.8\&.
+This callback was moved to \fB-validatecommand\fR in TclTLS 1\&.8\&.
.PP
.SS "VALUES FOR PASSWORD CALLBACK"
The callback for the \fB-password\fR option is invoked by TclTLS whenever OpenSSL needs
to obtain a password\&. See below for the possible arguments passed to the
callback script\&. The user provided password is expected to be returned by the
@@ -1021,11 +1020,11 @@
\fIThe use of the variable \fBtls::debug\fR is not recommended\&.
It may be removed from future releases\&.\fR
.SH "DEBUG EXAMPLES"
These examples use the default Unix platform SSL certificates\&. For standard
installations, -cadir and -cafile should not be needed\&. If your certificates
-are in non-standard locations, update -cadir or use -cafile as needed\&.
+are in non-standard locations, specify -cadir or -cafile as needed\&.
.PP
Example #1: Use HTTP package
.CS
@@ -1032,11 +1031,11 @@
package require http
package require tls
set url "https://www\&.tcl\&.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
@@ -1058,11 +1057,11 @@
package require tls
set url "www\&.tcl-lang\&.org"
set port 443
-set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 -alpn {http/1\&.1} -cadir /etc/ssl/certs -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
+set ch [tls::socket -autoservername 1 -servername $url -require 1 -alpn {http/1\&.1} -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch
puts $ch "GET / HTTP/1\&.1"
flush $ch
@@ -1090,11 +1089,11 @@
package require http
package require tls
set url "https://www\&.tcl\&.tk/"
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
puts [format "Error %s" [http::status $token]]
@@ -1117,11 +1116,11 @@
package require tls
set url "https://wiki\&.tcl-lang\&.org/sitemap\&.xml"
set filename [file tail $url]
-http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]
+http::register https 443 [list ::tls::socket -autoservername 1 -require 1]
# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]