Index: configure.in ================================================================== --- configure.in +++ configure.in @@ -55,10 +55,21 @@ GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi AC_SUBST(GEN_DH_PARAMS_ARGS) + +dnl Enable support for a debugging build +tcltls_debug='false' +AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [ + if test "$enableval" = "yes"; then + tcltls_debug='true' + fi +]) +if test "$tcltls_debug" = 'true'; then + AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging build]) +fi AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons Index: tls.c ================================================================== --- tls.c +++ tls.c @@ -268,11 +268,11 @@ X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); - dprintf(stderr, "Verify: %d\n", ok); + dprintf("Verify: %d", ok); if (!ok) { errStr = (char*)X509_verify_cert_error_string(err); } else { errStr = (char *)0; @@ -1571,16 +1571,16 @@ statePtr->timer = NULL; } if (statePtr->bio) { /* This will call SSL_shutdown. Bug 1414045 */ - dprintf(stderr, "BIO_free_all(%p)\n", statePtr->bio); + dprintf("BIO_free_all(%p)", statePtr->bio); BIO_free_all(statePtr->bio); statePtr->bio = NULL; } if (statePtr->ssl) { - dprintf(stderr, "SSL_free(%p)\n", statePtr->ssl); + dprintf("SSL_free(%p)", statePtr->ssl); SSL_free(statePtr->ssl); statePtr->ssl = NULL; } if (statePtr->ctx) { SSL_CTX_free(statePtr->ctx); Index: tlsBIO.c ================================================================== --- tlsBIO.c +++ tlsBIO.c @@ -57,20 +57,20 @@ int bufLen; { Tcl_Channel chan = Tls_GetParent((State*)(bio->ptr)); int ret; - dprintf(stderr,"\nBioWrite(%p, , %d) [%p]", + dprintf("BioWrite(%p, , %d) [%p]", (void *) bio, bufLen, (void *) chan); if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { ret = Tcl_WriteRaw(chan, buf, bufLen); } else { ret = Tcl_Write(chan, buf, bufLen); } - dprintf(stderr,"\n[%p] BioWrite(%d) -> %d [%d.%d]", + dprintf("[%p] BioWrite(%d) -> %d [%d.%d]", (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno()); BIO_clear_flags(bio, BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); if (ret == 0) { @@ -92,11 +92,11 @@ int bufLen; { Tcl_Channel chan = Tls_GetParent((State*)bio->ptr); int ret = 0; - dprintf(stderr,"\nBioRead(%p, , %d) [%p]", + dprintf("BioRead(%p, , %d) [%p]", (void *) bio, bufLen, (void *) chan); if (buf == NULL) return 0; if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { @@ -103,11 +103,11 @@ ret = Tcl_ReadRaw(chan, buf, bufLen); } else { ret = Tcl_Read(chan, buf, bufLen); } - dprintf(stderr,"\n[%p] BioRead(%d) -> %d [%d.%d]", + dprintf("[%p] BioRead(%d) -> %d [%d.%d]", (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno()); BIO_clear_flags(bio, BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); if (ret == 0) { @@ -139,11 +139,11 @@ { Tcl_Channel chan = Tls_GetParent((State*)bio->ptr); long ret = 1; int *ip; - dprintf(stderr,"\nBioCtrl(%p, 0x%x, 0x%x, %p)", + dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)", (void *) bio, (unsigned int) cmd, (unsigned int) num, (void *) ptr); switch (cmd) { case BIO_CTRL_RESET: @@ -178,24 +178,24 @@ break; case BIO_CTRL_SET_CLOSE: bio->shutdown = (int)num; break; case BIO_CTRL_EOF: - dprintf(stderr, "BIO_CTRL_EOF\n"); + dprintf("BIO_CTRL_EOF"); ret = Tcl_Eof(chan); break; case BIO_CTRL_PENDING: ret = (Tcl_InputBuffered(chan) ? 1 : 0); - dprintf(stderr, "BIO_CTRL_PENDING(%d)\n", (int) ret); + dprintf("BIO_CTRL_PENDING(%d)", (int) ret); break; case BIO_CTRL_WPENDING: ret = 0; break; case BIO_CTRL_DUP: break; case BIO_CTRL_FLUSH: - dprintf(stderr, "BIO_CTRL_FLUSH\n"); + dprintf("BIO_CTRL_FLUSH"); if (channelTypeVersion == TLS_CHANNEL_VERSION_2) { ret = ((Tcl_WriteRaw(chan, "", 0) >= 0) ? 1 : -1); } else { ret = ((Tcl_Flush(chan) == TCL_OK) ? 1 : -1); } Index: tlsIO.c ================================================================== --- tlsIO.c +++ tlsIO.c @@ -282,11 +282,11 @@ TlsCloseProc(ClientData instanceData, /* The socket to close. */ Tcl_Interp *interp) /* For error reporting - unused. */ { State *statePtr = (State *) instanceData; - dprintf(stderr,"\nTlsCloseProc(%p)", (void *) statePtr); + dprintf("TlsCloseProc(%p)", (void *) statePtr); if (channelTypeVersion == TLS_CHANNEL_VERSION_1) { /* * Remove event handler to underlying channel, this could * be because we are closing for real, or being "unstacked". @@ -330,11 +330,11 @@ State *statePtr = (State *) instanceData; int bytesRead; /* How many bytes were read? */ *errorCodePtr = 0; - dprintf(stderr,"\nBIO_read(%d)", bufSize); + dprintf("BIO_read(%d)", bufSize); if (statePtr->flags & TLS_TCL_CALLBACK) { /* don't process any bytes while verify callback is running */ bytesRead = 0; goto input; @@ -365,20 +365,20 @@ * functions play with the retry flags though, and this seems to work * correctly. Similar fix in TlsOutputProc. - hobbs */ ERR_clear_error(); bytesRead = BIO_read(statePtr->bio, buf, bufSize); - dprintf(stderr,"\nBIO_read -> %d", bytesRead); + dprintf("BIO_read -> %d", bytesRead); if (bytesRead < 0) { int err = SSL_get_error(statePtr->ssl, bytesRead); if (err == SSL_ERROR_SSL) { Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, bytesRead)); *errorCodePtr = ECONNABORTED; } else if (BIO_should_retry(statePtr->bio)) { - dprintf(stderr,"RE! "); + dprintf("RE! "); *errorCodePtr = EAGAIN; } else { *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { /* Soft EOF */ @@ -386,11 +386,11 @@ bytesRead = 0; } } } input: - dprintf(stderr, "\nInput(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr); + dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr); return bytesRead; } /* *------------------------------------------------------------------- @@ -419,11 +419,11 @@ State *statePtr = (State *) instanceData; int written, err; *errorCodePtr = 0; - dprintf(stderr,"\nBIO_write(%p, %d)", (void *) statePtr, toWrite); + dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite); if (statePtr->flags & TLS_TCL_CALLBACK) { /* don't process any bytes while verify callback is running */ written = -1; *errorCodePtr = EAGAIN; @@ -438,11 +438,11 @@ } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } if (toWrite == 0) { - dprintf(stderr, "zero-write\n"); + dprintf("zero-write"); BIO_flush(statePtr->bio); written = 0; goto output; } else { /* @@ -456,11 +456,11 @@ * BIO functions play with the retry flags though, and this seems to * work correctly. Similar fix in TlsInputProc. - hobbs */ ERR_clear_error(); written = BIO_write(statePtr->bio, buf, toWrite); - dprintf(stderr,"\nBIO_write(%p, %d) -> [%d]", + dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written); } if (written <= 0) { switch ((err = SSL_get_error(statePtr->ssl, written))) { case SSL_ERROR_NONE: @@ -467,40 +467,40 @@ if (written < 0) { written = 0; } break; case SSL_ERROR_WANT_WRITE: - dprintf(stderr," write W BLOCK"); + dprintf(" write W BLOCK"); break; case SSL_ERROR_WANT_READ: - dprintf(stderr," write R BLOCK"); + dprintf(" write R BLOCK"); break; case SSL_ERROR_WANT_X509_LOOKUP: - dprintf(stderr," write X BLOCK"); + dprintf(" write X BLOCK"); break; case SSL_ERROR_ZERO_RETURN: - dprintf(stderr," closed\n"); + dprintf(" closed"); written = 0; break; case SSL_ERROR_SYSCALL: *errorCodePtr = Tcl_GetErrno(); - dprintf(stderr," [%d] syscall errr: %d", + dprintf(" [%d] syscall errr: %d", written, *errorCodePtr); written = -1; break; case SSL_ERROR_SSL: Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, written)); *errorCodePtr = ECONNABORTED; written = -1; break; default: - dprintf(stderr," unknown err: %d\n", err); + dprintf(" unknown err: %d", err); break; } } output: - dprintf(stderr, "\nOutput(%d) -> %d", toWrite, written); + dprintf("Output(%d) -> %d", toWrite, written); return written; } /* *------------------------------------------------------------------- @@ -595,11 +595,11 @@ * combination of TCL_READABLE, * TCL_WRITABLE and TCL_EXCEPTION. */ { State *statePtr = (State *) instanceData; - dprintf(stderr, "TlsWatchProc(0x%x)\n", mask); + dprintf("TlsWatchProc(0x%x)", mask); /* Pretend to be dead as long as the verify callback is running. * Otherwise that callback could be invoked recursively. */ if (statePtr->flags & TLS_TCL_CALLBACK) { return; } @@ -774,11 +774,11 @@ ClientData clientData; int mask; { State *statePtr = (State *) clientData; -dprintf(stderr, "HANDLER(0x%x)\n", mask); + dprintf("HANDLER(0x%x)", mask); Tcl_Preserve( (ClientData)statePtr); if (mask & TCL_READABLE) { BIO_set_flags(statePtr->p_bio, BIO_FLAGS_READ); } else { @@ -883,11 +883,11 @@ State *statePtr; int *errorCodePtr; /* Where to store error code. */ { int err; - dprintf(stderr,"\nWaitForConnect(%p)", (void *) statePtr); + dprintf("WaitForConnect(%p)", (void *) statePtr); if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { /* * We choose ECONNRESET over ECONNABORTED here because some server * side code, on the wiki for example, sets up a read handler that @@ -922,21 +922,21 @@ statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return -1; } else if (BIO_should_retry(statePtr->bio)) { if (statePtr->flags & TLS_TCL_ASYNC) { - dprintf(stderr,"E! "); + dprintf("E! "); *errorCodePtr = EAGAIN; return -1; } else { continue; } } else if (err == 0) { if (Tcl_Eof(statePtr->self)) { return 0; } - dprintf(stderr,"CR! "); + dprintf("CR! "); *errorCodePtr = ECONNRESET; return -1; } if (statePtr->flags & TLS_TCL_SERVER) { err = SSL_get_verify_result(statePtr->ssl); @@ -947,14 +947,14 @@ *errorCodePtr = ECONNABORTED; return -1; } } *errorCodePtr = Tcl_GetErrno(); - dprintf(stderr,"ERR(%d, %d) ", rc, *errorCodePtr); + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); return -1; } - dprintf(stderr,"R0! "); + dprintf("R0! "); return 1; } } Tcl_Channel Index: tlsInt.h ================================================================== --- tlsInt.h +++ tlsInt.h @@ -74,14 +74,14 @@ #endif #ifndef ECONNRESET #define ECONNRESET 131 /* Connection reset by peer */ #endif -#ifdef DEBUG -#define dprintf fprintf +#ifdef TCLEXT_TCLTLS_DEBUG +#define dprintf(...) { fprintf(stderr, "%s:%i:", __func__, __LINE__); fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); } #else -#define dprintf if (0) fprintf +#define dprintf(...) if (0) { fprintf(stderr, __VA_ARGS__); } #endif #define SSL_ERROR(ssl,err) \ ((char*)ERR_reason_error_string((unsigned long)SSL_get_error((ssl),(err)))) /*