Index: README.txt ================================================================== --- README.txt +++ README.txt @@ -3,20 +3,20 @@ Intro ===== This package provides an extension which implements Secure Socket Layer (SSL) and Transport Layer Security (TLS) encryption over Transmission Control -Protocol (TCP) network communication channels. It utilizes the OpenSSL library. +Protocol (TCP) network communication channels utilizing the OpenSSL library. Description =========== This extension works by creating a layered TCL Channel on top of an existing bi-directional channel created by the TLS socket command. All existing socket -functionality is supported, in addition to several new options. Both client -and server modes are supported. +functionality is supported in addition to several new options. Both client and +server modes are supported. Documentation ============= @@ -24,22 +24,33 @@ Compatibility ============= -This package requires TCL 8.5 or later. It will work with TCL 9. If this -extension is built against TCL 8.x it will not work with TCL 9 or vice versa. -It is best to compile both separately then install them with the compatible -TCL versions. - - -This package is compatible with: -- OpenSSL v1.1.1 or later though 3.2+ is preferred. See (http://www.openssl.org/ - -Note: There are incompatibilities between OpenSSL 1.1.1 and 3.x, so if this -extension is built against OpenSSL 1.1.1 it will not work with an OpenSSL 3.x -installation or vice versa. +TCL +--- + +This package requires TCL 8.5 or later. It will also work with TCL 9, but it is +not binary compatible between major TCL versions. This means if this extension +is built with TCL 8.x it will not load into TCL 9 or vice versa. It is best +to compile both separately then install them with the compatible TCL versions. + +OpenSSL +------- + +This package is compatible with OpenSSL v1.1.1 or later, though 3.2 or later is +preferred. See http://www.openssl.org/. Please note that there are a few API +incompatibilities between OpenSSL 1.1.1 and 3.x, so if this extension is built +against OpenSSL 1.1.1 it is not binary compatible with OpenSSL 3.x or vice +versa. + +TCLTLS +------ + +There were several changes made in the callback command arguments between +versions 1.7 and 2.0. See the doc/tls.html for what changed and library/tls.tcl +for example handler functions that are backwards compatible. Installation ============ @@ -117,11 +128,11 @@ Original TLS Copyright (C) 1997-2000 Matt Newman TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions TLS 1.6 Copyright (C) 2008 ActiveState Software Inc. TLS 1.7 Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState Software Inc, Roy Keene -TLS 1.8 Copyright (C) 2023 Brian O'Hagan +TLS 1.8-2.0 Copyright (C) 2023-2024 Brian O'Hagan Acknowledgments =============== Non-exclusive credits for TLS are: Index: library/tls.tcl ================================================================== --- library/tls.tcl +++ library/tls.tcl @@ -351,10 +351,11 @@ lassign $args session_id ticket lifetime log 0 "TLS/$chan: session: lifetime $lifetime" } "verify" { + # Backwards compatible for v1.7 return [tls::validate_command $option $chan {*}$args] } default { return -code error "bad option \"$option\":\ must be one of error, info, message, or session" @@ -361,11 +362,11 @@ } } } # -# Sample callback when return value is needed +# Sample callback when return value is needed. New for TLS 1.8+. # proc tls::validate_command {option chan args} { variable debug switch -- $option { @@ -424,10 +425,13 @@ return 1 } } } +# +# Sample callback to get password when needed. Args are new for TLS 1.8+. +# proc tls::password {{option password} {rwflag 0} {size 0}} { log 0 "TLS/Password: did you forget to set your passwd!" # Return the worlds best kept secret password. return "secret" }