Index: configure.in
==================================================================
--- configure.in
+++ configure.in
@@ -55,10 +55,21 @@
GEN_DH_PARAMS_ARGS='fallback'
else
GEN_DH_PARAMS_ARGS=''
fi
AC_SUBST(GEN_DH_PARAMS_ARGS)
+
+dnl Enable support for a debugging build
+tcltls_debug='false'
+AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
+ if test "$enableval" = "yes"; then
+ tcltls_debug='true'
+ fi
+])
+if test "$tcltls_debug" = 'true'; then
+ AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging build])
+fi
AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])
dnl XXX:TODO: Automatically determine the SSL library to use
dnl defaulting to OpenSSL for compatibility reasons
Index: tls.c
==================================================================
--- tls.c
+++ tls.c
@@ -268,11 +268,11 @@
X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
State *statePtr = (State*)SSL_get_app_data(ssl);
int depth = X509_STORE_CTX_get_error_depth(ctx);
int err = X509_STORE_CTX_get_error(ctx);
- dprintf(stderr, "Verify: %d\n", ok);
+ dprintf("Verify: %d", ok);
if (!ok) {
errStr = (char*)X509_verify_cert_error_string(err);
} else {
errStr = (char *)0;
@@ -1571,16 +1571,16 @@
statePtr->timer = NULL;
}
if (statePtr->bio) {
/* This will call SSL_shutdown. Bug 1414045 */
- dprintf(stderr, "BIO_free_all(%p)\n", statePtr->bio);
+ dprintf("BIO_free_all(%p)", statePtr->bio);
BIO_free_all(statePtr->bio);
statePtr->bio = NULL;
}
if (statePtr->ssl) {
- dprintf(stderr, "SSL_free(%p)\n", statePtr->ssl);
+ dprintf("SSL_free(%p)", statePtr->ssl);
SSL_free(statePtr->ssl);
statePtr->ssl = NULL;
}
if (statePtr->ctx) {
SSL_CTX_free(statePtr->ctx);
Index: tlsBIO.c
==================================================================
--- tlsBIO.c
+++ tlsBIO.c
@@ -57,20 +57,20 @@
int bufLen;
{
Tcl_Channel chan = Tls_GetParent((State*)(bio->ptr));
int ret;
- dprintf(stderr,"\nBioWrite(%p, <buf>, %d) [%p]",
+ dprintf("BioWrite(%p, <buf>, %d) [%p]",
(void *) bio, bufLen, (void *) chan);
if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
ret = Tcl_WriteRaw(chan, buf, bufLen);
} else {
ret = Tcl_Write(chan, buf, bufLen);
}
- dprintf(stderr,"\n[%p] BioWrite(%d) -> %d [%d.%d]",
+ dprintf("[%p] BioWrite(%d) -> %d [%d.%d]",
(void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
BIO_clear_flags(bio, BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
if (ret == 0) {
@@ -92,11 +92,11 @@
int bufLen;
{
Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
int ret = 0;
- dprintf(stderr,"\nBioRead(%p, <buf>, %d) [%p]",
+ dprintf("BioRead(%p, <buf>, %d) [%p]",
(void *) bio, bufLen, (void *) chan);
if (buf == NULL) return 0;
if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
@@ -103,11 +103,11 @@
ret = Tcl_ReadRaw(chan, buf, bufLen);
} else {
ret = Tcl_Read(chan, buf, bufLen);
}
- dprintf(stderr,"\n[%p] BioRead(%d) -> %d [%d.%d]",
+ dprintf("[%p] BioRead(%d) -> %d [%d.%d]",
(void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
BIO_clear_flags(bio, BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
if (ret == 0) {
@@ -139,11 +139,11 @@
{
Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
long ret = 1;
int *ip;
- dprintf(stderr,"\nBioCtrl(%p, 0x%x, 0x%x, %p)",
+ dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)",
(void *) bio, (unsigned int) cmd, (unsigned int) num,
(void *) ptr);
switch (cmd) {
case BIO_CTRL_RESET:
@@ -178,24 +178,24 @@
break;
case BIO_CTRL_SET_CLOSE:
bio->shutdown = (int)num;
break;
case BIO_CTRL_EOF:
- dprintf(stderr, "BIO_CTRL_EOF\n");
+ dprintf("BIO_CTRL_EOF");
ret = Tcl_Eof(chan);
break;
case BIO_CTRL_PENDING:
ret = (Tcl_InputBuffered(chan) ? 1 : 0);
- dprintf(stderr, "BIO_CTRL_PENDING(%d)\n", (int) ret);
+ dprintf("BIO_CTRL_PENDING(%d)", (int) ret);
break;
case BIO_CTRL_WPENDING:
ret = 0;
break;
case BIO_CTRL_DUP:
break;
case BIO_CTRL_FLUSH:
- dprintf(stderr, "BIO_CTRL_FLUSH\n");
+ dprintf("BIO_CTRL_FLUSH");
if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
ret = ((Tcl_WriteRaw(chan, "", 0) >= 0) ? 1 : -1);
} else {
ret = ((Tcl_Flush(chan) == TCL_OK) ? 1 : -1);
}
Index: tlsIO.c
==================================================================
--- tlsIO.c
+++ tlsIO.c
@@ -282,11 +282,11 @@
TlsCloseProc(ClientData instanceData, /* The socket to close. */
Tcl_Interp *interp) /* For error reporting - unused. */
{
State *statePtr = (State *) instanceData;
- dprintf(stderr,"\nTlsCloseProc(%p)", (void *) statePtr);
+ dprintf("TlsCloseProc(%p)", (void *) statePtr);
if (channelTypeVersion == TLS_CHANNEL_VERSION_1) {
/*
* Remove event handler to underlying channel, this could
* be because we are closing for real, or being "unstacked".
@@ -330,11 +330,11 @@
State *statePtr = (State *) instanceData;
int bytesRead; /* How many bytes were read? */
*errorCodePtr = 0;
- dprintf(stderr,"\nBIO_read(%d)", bufSize);
+ dprintf("BIO_read(%d)", bufSize);
if (statePtr->flags & TLS_TCL_CALLBACK) {
/* don't process any bytes while verify callback is running */
bytesRead = 0;
goto input;
@@ -365,20 +365,20 @@
* functions play with the retry flags though, and this seems to work
* correctly. Similar fix in TlsOutputProc. - hobbs
*/
ERR_clear_error();
bytesRead = BIO_read(statePtr->bio, buf, bufSize);
- dprintf(stderr,"\nBIO_read -> %d", bytesRead);
+ dprintf("BIO_read -> %d", bytesRead);
if (bytesRead < 0) {
int err = SSL_get_error(statePtr->ssl, bytesRead);
if (err == SSL_ERROR_SSL) {
Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, bytesRead));
*errorCodePtr = ECONNABORTED;
} else if (BIO_should_retry(statePtr->bio)) {
- dprintf(stderr,"RE! ");
+ dprintf("RE! ");
*errorCodePtr = EAGAIN;
} else {
*errorCodePtr = Tcl_GetErrno();
if (*errorCodePtr == ECONNRESET) {
/* Soft EOF */
@@ -386,11 +386,11 @@
bytesRead = 0;
}
}
}
input:
- dprintf(stderr, "\nInput(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
+ dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
return bytesRead;
}
�
/*
*-------------------------------------------------------------------
@@ -419,11 +419,11 @@
State *statePtr = (State *) instanceData;
int written, err;
*errorCodePtr = 0;
- dprintf(stderr,"\nBIO_write(%p, %d)", (void *) statePtr, toWrite);
+ dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite);
if (statePtr->flags & TLS_TCL_CALLBACK) {
/* don't process any bytes while verify callback is running */
written = -1;
*errorCodePtr = EAGAIN;
@@ -438,11 +438,11 @@
}
if (statePtr->flags & TLS_TCL_INIT) {
statePtr->flags &= ~(TLS_TCL_INIT);
}
if (toWrite == 0) {
- dprintf(stderr, "zero-write\n");
+ dprintf("zero-write");
BIO_flush(statePtr->bio);
written = 0;
goto output;
} else {
/*
@@ -456,11 +456,11 @@
* BIO functions play with the retry flags though, and this seems to
* work correctly. Similar fix in TlsInputProc. - hobbs
*/
ERR_clear_error();
written = BIO_write(statePtr->bio, buf, toWrite);
- dprintf(stderr,"\nBIO_write(%p, %d) -> [%d]",
+ dprintf("BIO_write(%p, %d) -> [%d]",
(void *) statePtr, toWrite, written);
}
if (written <= 0) {
switch ((err = SSL_get_error(statePtr->ssl, written))) {
case SSL_ERROR_NONE:
@@ -467,40 +467,40 @@
if (written < 0) {
written = 0;
}
break;
case SSL_ERROR_WANT_WRITE:
- dprintf(stderr," write W BLOCK");
+ dprintf(" write W BLOCK");
break;
case SSL_ERROR_WANT_READ:
- dprintf(stderr," write R BLOCK");
+ dprintf(" write R BLOCK");
break;
case SSL_ERROR_WANT_X509_LOOKUP:
- dprintf(stderr," write X BLOCK");
+ dprintf(" write X BLOCK");
break;
case SSL_ERROR_ZERO_RETURN:
- dprintf(stderr," closed\n");
+ dprintf(" closed");
written = 0;
break;
case SSL_ERROR_SYSCALL:
*errorCodePtr = Tcl_GetErrno();
- dprintf(stderr," [%d] syscall errr: %d",
+ dprintf(" [%d] syscall errr: %d",
written, *errorCodePtr);
written = -1;
break;
case SSL_ERROR_SSL:
Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, written));
*errorCodePtr = ECONNABORTED;
written = -1;
break;
default:
- dprintf(stderr," unknown err: %d\n", err);
+ dprintf(" unknown err: %d", err);
break;
}
}
output:
- dprintf(stderr, "\nOutput(%d) -> %d", toWrite, written);
+ dprintf("Output(%d) -> %d", toWrite, written);
return written;
}
�
/*
*-------------------------------------------------------------------
@@ -595,11 +595,11 @@
* combination of TCL_READABLE,
* TCL_WRITABLE and TCL_EXCEPTION. */
{
State *statePtr = (State *) instanceData;
- dprintf(stderr, "TlsWatchProc(0x%x)\n", mask);
+ dprintf("TlsWatchProc(0x%x)", mask);
/* Pretend to be dead as long as the verify callback is running.
* Otherwise that callback could be invoked recursively. */
if (statePtr->flags & TLS_TCL_CALLBACK) { return; }
@@ -774,11 +774,11 @@
ClientData clientData;
int mask;
{
State *statePtr = (State *) clientData;
-dprintf(stderr, "HANDLER(0x%x)\n", mask);
+ dprintf("HANDLER(0x%x)", mask);
Tcl_Preserve( (ClientData)statePtr);
if (mask & TCL_READABLE) {
BIO_set_flags(statePtr->p_bio, BIO_FLAGS_READ);
} else {
@@ -883,11 +883,11 @@
State *statePtr;
int *errorCodePtr; /* Where to store error code. */
{
int err;
- dprintf(stderr,"\nWaitForConnect(%p)", (void *) statePtr);
+ dprintf("WaitForConnect(%p)", (void *) statePtr);
if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
/*
* We choose ECONNRESET over ECONNABORTED here because some server
* side code, on the wiki for example, sets up a read handler that
@@ -922,21 +922,21 @@
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNABORTED;
return -1;
} else if (BIO_should_retry(statePtr->bio)) {
if (statePtr->flags & TLS_TCL_ASYNC) {
- dprintf(stderr,"E! ");
+ dprintf("E! ");
*errorCodePtr = EAGAIN;
return -1;
} else {
continue;
}
} else if (err == 0) {
if (Tcl_Eof(statePtr->self)) {
return 0;
}
- dprintf(stderr,"CR! ");
+ dprintf("CR! ");
*errorCodePtr = ECONNRESET;
return -1;
}
if (statePtr->flags & TLS_TCL_SERVER) {
err = SSL_get_verify_result(statePtr->ssl);
@@ -947,14 +947,14 @@
*errorCodePtr = ECONNABORTED;
return -1;
}
}
*errorCodePtr = Tcl_GetErrno();
- dprintf(stderr,"ERR(%d, %d) ", rc, *errorCodePtr);
+ dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
return -1;
}
- dprintf(stderr,"R0! ");
+ dprintf("R0! ");
return 1;
}
}
Tcl_Channel
Index: tlsInt.h
==================================================================
--- tlsInt.h
+++ tlsInt.h
@@ -74,14 +74,14 @@
#endif
#ifndef ECONNRESET
#define ECONNRESET 131 /* Connection reset by peer */
#endif
-#ifdef DEBUG
-#define dprintf fprintf
+#ifdef TCLEXT_TCLTLS_DEBUG
+#define dprintf(...) { fprintf(stderr, "%s:%i:", __func__, __LINE__); fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#else
-#define dprintf if (0) fprintf
+#define dprintf(...) if (0) { fprintf(stderr, __VA_ARGS__); }
#endif
#define SSL_ERROR(ssl,err) \
((char*)ERR_reason_error_string((unsigned long)SSL_get_error((ssl),(err))))
/*