ADDED .fossil-settings/crlf-glob Index: .fossil-settings/crlf-glob ================================================================== --- /dev/null +++ .fossil-settings/crlf-glob @@ -0,0 +1,1 @@ +win/*.vc Index: .fossil-settings/ignore-glob ================================================================== --- .fossil-settings/ignore-glob +++ .fossil-settings/ignore-glob @@ -15,14 +15,15 @@ config.log config.status configure manifest.uuid pkgIndex.tcl -tls.tcl.h -tls.tcl.h.new.1 -tls.tcl.h.new.2 -tlsUuid.h -win/versions.vc +*Uuid.h +win/Debug* win/Release* -win/Debug* +win/version*.vc +win/nmakehlp.exe +win/nmakehlp.obj +win/nmakehlp.out +win/_junk.pch win/nmhlp-out.txt *~ Index: ChangeLog ================================================================== --- ChangeLog +++ ChangeLog @@ -1,5 +1,12 @@ +TclTLS 1.7.22 +========== + +Release Date: Mon Oct 12 15:40:16 CDT 2020 + +https://tcltls.rkeene.org/ + 2015-05-01 Andreas Kupries * configure.in: Bump to version 1.6.5. * win/makefile.vc: * configure: regen with ac-2.59 @@ -23,21 +30,21 @@ * win/makefile.vc: * configure: regen with ac-2.59 * tls.c (MiscObjCmd): Fixed non-static string array used in call of Tcl_GetIndexFromObj(). Memory smash waiting to happen. Thanks - to Brian Griffin for alerting us all to the problem. + to Brian Griffin for alerting us all to the problem. 2012-06-01 Andreas Kupries * tls.c: Applied Jeff's patch from http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html * configure.in: Bump to version 1.6.2. * win/makefile.vc: * configure: regen with ac-2.59 - + 2010-08-11 Jeff Hobbs *** TLS 1.6.1 TAGGED *** * configure: regen with ac-2.59 @@ -101,11 +108,11 @@ * win/makefile.vc: with MSVC8 * win/rules.vc: 2007-06-22 Jeff Hobbs - * tlsIO.c (TlsInputProc, TlsOutputProc, TlsWatchProc): + * tlsIO.c (TlsInputProc, TlsOutputProc, TlsWatchProc): * tls.c (VerifyCallback): add an state flag in the verify callback that prevents possibly recursion (on 'update'). [Bug 1652380] * tests/ciphers.test: reworked to make test output cleaner to understand missing ciphers (if any) @@ -113,11 +120,11 @@ * Makefile.in, tclconfig/tcl.m4: update to TEA 3.6 * configure, configure.in: using autoconf-2.59 2007-02-28 Pat Thoyts - * win/makefile.vc: Rebase the DLL sensibly. Additional libs for + * win/makefile.vc: Rebase the DLL sensibly. Additional libs for static link of openssl. * tls.tcl: bug #1579837 - TIP 278 bug (possibly) - fixed. 2006-03-30 Pat Thoyts @@ -135,19 +142,19 @@ build directory. 2004-12-22 Pat Thoyts * configure.in: Incremented minor version to 1.5.1 - * configure: + * configure: 2004-12-17 Pat Thoyts * win/makefile.vc: Added the MSVC build system (from the Tcl * win/rules.vc: sampleextension). * win/nmakehlp.c: * win/tls.rc Added Windows resource file. - + * tls.tcl: From patch #948155, added support for alternate socket commands. * tls.c: Quieten some MSVC warnings. Prefer ckalloc over Tcl_Alloc. (David Graveraux). @@ -180,11 +187,11 @@ * tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4: 2004-03-17 Dan Razzell * tlsX509.c: Add support for long serial numbers per RFC 3280. - Format is now hexadecimal. + Format is now hexadecimal. [Request #915313] Correctly convert certificate Distinguished Names to Tcl string representation. Eliminates use of deprecated OpenSSL function. Format is now compliant with RFC 2253. [Request #915315] @@ -231,11 +238,11 @@ * tls.c (Tls_Init): added tls::misc command provided by * tlsX509.c: Wojciech Kocjan (wojciech kocjan.org) * tests/keytest1.tcl: to expose more low-level SSL commands * tests/keytest2.tcl: -2003-05-15 Dan Razzell +2003-05-15 Dan Razzell * tls.tcl: * tlsInt.h: * tls.c: add support for binding a password callback to the socket. Now each socket can have its own command and password callbacks instead @@ -370,11 +377,11 @@ loaded into. TLS will fail the test suite with Tcl 8.2-8.3.1. * tests/all.tcl: added catch around ::tcltest::normalizePath because it doesn't exist in pre-8.3 tcltest. - * tests/simpleClient.tcl: + * tests/simpleClient.tcl: * tests/simpleServer.tcl: added simple client/server test scripts that use test certs and can do simple stress tests. 2000-08-14 Jeff Hobbs @@ -473,11 +480,11 @@ 2000-06-05 Scott Stanton * Makefile.in: Fixed broken test target. - * tlsInt.h: + * tlsInt.h: * tls.c: Cleaned up declarations of Tls_Clean to avoid errors on Windows (lint). 2000-06-05 Brent Welch Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -158,11 +158,11 @@ # compiled with. #DEFS = $(TCL_DEFS) @DEFS@ $(PKG_CFLAGS) DEFS = @DEFS@ $(PKG_CFLAGS) # Move pkgIndex.tcl to 'BINARIES' var if it is generated in the Makefile -CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl generic/tls.tcl.h tlsUuid.h +CONFIG_CLEAN_FILES = Makefile CLEANFILES = @CLEANFILES@ CPPFLAGS = @CPPFLAGS@ LIBS = @PKG_LIBS@ @LIBS@ AR = @AR@ @@ -214,11 +214,11 @@ @echo "If you have documentation to create, place the commands to" @echo "build the docs in the 'doc:' target. For example:" @echo " xml2nroff sample.xml > sample.n" @echo " xml2html sample.xml > sample.html" -install: all install-binaries install-libraries install-doc +install: all install-binaries install-libraries install-doc-n install-doc-html install-binaries: binaries install-lib-binaries install-bin-binaries #======================================================================== # This rule installs platform-independent files, such as header files. @@ -229,23 +229,34 @@ @$(INSTALL_DATA_DIR) "$(DESTDIR)$(includedir)" @echo "Installing header files in $(DESTDIR)$(includedir)" @list='$(PKG_HEADERS)'; for i in $$list; do \ echo "Installing $(srcdir)/$$i" ; \ $(INSTALL_DATA) $(srcdir)/$$i "$(DESTDIR)$(includedir)" ; \ - done; + done #======================================================================== # Install documentation. Unix manpages should go in the $(mandir) # directory. #======================================================================== -install-doc: doc +install-doc-html: doc + @$(INSTALL_DATA_DIR) "$(DESTDIR)$(pkglibdir)/html" + @list='$(srcdir)/doc/*.html'; for i in $$list; do \ + if test -f $$i ; then \ + echo "Installing $$i"; \ + $(INSTALL_DATA) $$i "$(DESTDIR)$(pkglibdir)/html"; \ + fi; \ + done + +install-doc-n: doc @$(INSTALL_DATA_DIR) "$(DESTDIR)$(mandir)/mann" @echo "Installing documentation in $(DESTDIR)$(mandir)" @list='$(srcdir)/doc/*.n'; for i in $$list; do \ - echo "Installing $$i"; \ - $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \ + if test -f $$i ; then \ + echo "Installing $$i"; \ + $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \ + fi; \ done test: binaries libraries $(TCLSH) `@CYGPATH@ $(srcdir)/tests/all.tcl` $(TESTFLAGS) \ -load "package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \ @@ -308,23 +319,15 @@ # As necessary, add $(srcdir):$(srcdir)/compat:.... #======================================================================== VPATH = $(srcdir):$(srcdir)/generic:$(srcdir)/unix:$(srcdir)/win:$(srcdir)/macosx -.c.@OBJEXT@: - $(COMPILE) -c `@CYGPATH@ $<` -o $@ - # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension -tls.tcl.h: @srcdir@/library/tls.tcl Makefile - od -A n -v -t xC < '@srcdir@/library/tls.tcl' > tls.tcl.h.new.1 - sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 - rm -f tls.tcl.h.new.1 - mv tls.tcl.h.new.2 @srcdir@/generic/tls.tcl.h - -tls.o: tlsUuid.h +tls.tcl.h: $(srcdir)/library/tls.tcl + sed -e '/^\\s*\#/d' -e '/^\\s*$$/d' -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/^/"/' -e 's/$$/\\n\"/' < `@CYGPATH@ $<` > $@ || { rm -f $@; exit 1; } $(srcdir)/manifest.uuid: printf "git-" >$(srcdir)/manifest.uuid (cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid || \ (printf "svn-r" >$(srcdir)/manifest.uuid ; \ @@ -334,10 +337,15 @@ tlsUuid.h: $(srcdir)/manifest.uuid echo "#define TLS_VERSION_UUID \\" >$@ cat $(srcdir)/manifest.uuid >>$@ echo "" >>$@ +tls.@OBJEXT@: tlsUuid.h tls.tcl.h + +.c.@OBJEXT@: + $(COMPILE) -c `@CYGPATH@ $<` -o $@ + #======================================================================== # Create the pkgIndex.tcl file. # It is usually easiest to let Tcl do this for you with pkg_mkIndex, but # you may find that you need to customize the package. If so, either # modify the -hand version, or create a pkgIndex.tcl.in file and have @@ -361,13 +369,13 @@ DIST_INSTALL_DATA = CPPROG='cp -p' $(INSTALL) -m 644 DIST_INSTALL_DATA_RECUR = CPPROG='cp -p -R' $(INSTALL) DIST_INSTALL_SCRIPT = CPPROG='cp -p' $(INSTALL) -m 755 dist-clean: - rm -rf $(DIST_DIR) $(DIST_ROOT)/$(PKG_DIR).tar.* + rm -rf $(DIST_DIR) $(top_builddir)/$(PKG_DIR).tar.* -dist: dist-clean +dist: dist-clean $(srcdir)/manifest.uuid # TEA files $(INSTALL_DATA_DIR) $(DIST_DIR) $(DIST_INSTALL_DATA) $(srcdir)/Makefile.in \ $(srcdir)/acinclude.m4 $(srcdir)/aclocal.m4 \ $(srcdir)/configure.ac $(DIST_DIR)/ @@ -376,32 +384,21 @@ # Extension files $(DIST_INSTALL_DATA) $(srcdir)/ChangeLog \ $(srcdir)/license.terms $(srcdir)/manifest.uuid \ $(srcdir)/README.txt $(srcdir)/pkgIndex.tcl.in $(DIST_DIR)/ - # TEA files - $(INSTALL_DATA_DIR) $(DIST_DIR)/tclconfig - $(DIST_INSTALL_DATA) $(srcdir)/tclconfig/README.txt \ - $(srcdir)/tclconfig/tcl.m4 $(srcdir)/tclconfig/install-sh \ - $(srcdir)/tclconfig/license.terms $(DIST_DIR)/tclconfig/ - - $(INSTALL_DATA_DIR) $(DIST_DIR)/win - $(DIST_INSTALL_DATA) \ - $(srcdir)/win/README.txt $(srcdir)/win/*.vc \ - $(srcdir)/win/nmakehlp.c $(srcdir)/win/*.in $(DIST_DIR)/win/ - - list='build demos doc generic library macosx tests unix'; \ + list='build demos doc generic library tclconfig tests win'; \ for p in $$list; do \ if test -d $(srcdir)/$$p ; then \ $(INSTALL_DATA_DIR) $(DIST_DIR)/$$p; \ $(DIST_INSTALL_DATA_RECUR) $(srcdir)/$$p/* $(DIST_DIR)/$$p/; \ fi; \ done (cd $(DIST_ROOT); $(COMPRESS);) - cd $(top_builddir) mv $(DIST_ROOT)/$(PKG_DIR).tar.gz $(top_builddir) + cd $(top_builddir) #======================================================================== # End of user-definable section #======================================================================== @@ -416,11 +413,11 @@ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean: clean -rm -f *.tab.c -rm -f $(CONFIG_CLEAN_FILES) - -rm -f config.cache config.log config.status + -rm -f config.cache config.log config.status configure~ -rm -fR autom4te.cache #======================================================================== # Install binary object libraries. On Windows this includes both .dll and # .lib files. Because the .lib files are not explicitly listed anywhere, @@ -457,10 +454,13 @@ done @if test "x$(SHARED_BUILD)" = "x1"; then \ echo " Install pkgIndex.tcl $(DESTDIR)$(pkglibdir)"; \ $(INSTALL_DATA) pkgIndex.tcl "$(DESTDIR)$(pkglibdir)"; \ fi + @if test -f "$(srcdir)/tlsConfig.sh"; then \ + $(INSTALL_DATA) $(srcdir)/tlsConfig.sh $(DESTDIR)$(libdir); \ + fi #======================================================================== # Install binary executables (e.g. .exe files and dependent .dll files) # This is for files that must go in the bin directory (located next to # wish and tclsh), like dependent .dll files on Windows. Index: README.txt ================================================================== --- README.txt +++ README.txt @@ -5,11 +5,11 @@ This package provides an extension which implements Secure Socket Layer (SSL) and Transport Layer Security (TLS) over Transmission Control Protocol (TCP) network communication channels. It utilizes either the OpenSSL or LibreSSL software library. - + Version 1.9 also provides a cryptography library providing TCL scripts access to the crypto capabilities of the OpenSSL library. Description @@ -60,10 +60,11 @@ --disable-tls1 disable TLS1 protocol --disable-tls1_1 disable TLS1.1 protocol --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol + --enable-debug enable debugging mode and output more status --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-hardening enable hardening attempts --enable-static-ssl enable static linking to the SSL library If either TCL or OpenSSL are installed in non-standard locations, the following @@ -95,10 +96,19 @@ ------- If installing with MinGW, use the TEA build process. If using MS Visual C (MSVC), see the win/README.txt file for the installation instructions. + +Other +----- + +If OpenSSL is not installed on the system, the Certificate Authority (CA) +provided certificates must be downloaded and installed with the software. +The CURL team makes them available at https://curl.se/docs/caextract.html. +Look for the cacert.pem file. + Copyrights ========== Original TLS Copyright (C) 1997-2000 Matt Newman Index: acinclude.m4 ================================================================== --- acinclude.m4 +++ acinclude.m4 @@ -7,57 +7,81 @@ # # Add here whatever m4 macros you want to define for your package # AC_DEFUN([TCLTLS_SSL_OPENSSL], [ + dnl Determine if pkg-config tool is available AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) + dnl Enable support for SSL 3.0 protocol + AC_ARG_ENABLE([ssl3], AS_HELP_STRING([--disable-ssl3], [disable SSL3 protocol]), [ + if test "${enableval}" == "no"; then + AC_DEFINE([NO_SSL3], [1], [Disable SSL3 protocol]) + AC_MSG_CHECKING([for disable SSL3 protocol]) + AC_MSG_RESULT([yes]) + fi + ], AC_DEFINE([NO_SSL3], [1], [Disable SSL3 protocol])) + dnl Disable support for TLS 1.0 protocol AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) AC_MSG_CHECKING([for disable TLS1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.1 protocol AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) AC_MSG_CHECKING([for disable TLS1.1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.2 protocol AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) AC_MSG_CHECKING([for disable TLS1.2 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.3 protocol AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) AC_MSG_CHECKING([for disable TLS1.3 protocol]) AC_MSG_RESULT([yes]) fi ]) + + dnl Determine if debugging mode should be enabled + AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], + [enable debugging mode and output more status]), [ + tcltls_debug_mode="$enableval" + ], [ + tcltls_debug_mode='no' + ]) + if test "$tcltls_debug_mode" == 'yes'; then + AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging mode]) + fi + AC_MSG_CHECKING([for debug mode]) + AC_MSG_RESULT([$tcltls_debug_mode]) + dnl Determine if we have been asked to use a fast path if possible AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [ tcltls_ssl_fastpath="$enableval" ], [ tcltls_ssl_fastpath='no' ]) - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Enable SSL library direct use of the underlying file descriptor]) fi AC_MSG_CHECKING([for fast path]) AC_MSG_RESULT([$tcltls_ssl_fastpath]) @@ -66,12 +90,12 @@ AC_ARG_ENABLE([hardening], AS_HELP_STRING([--enable-hardening], [enable hardening attempts]), [ tcltls_enable_hardening="$enableval" ], [ tcltls_enable_hardening='yes' ]) - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then TEA_ADD_CFLAGS([-fstack-protector-all]) TEA_ADD_CFLAGS([-fno-strict-overflow]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) fi fi @@ -107,29 +131,28 @@ AS_HELP_STRING([--with-openssl-includedir=], [path to include directory of OpenSSL or LibreSSL installation] ), [ opensslincludedir="$withval" ], [ - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi ] ) AC_MSG_CHECKING([for OpenSSL include directory]) AC_MSG_RESULT($opensslincludedir) - dnl Set SSL include vars - if test ! -z "$opensslincludedir"; then + dnl Set SSL include variables + if test -n "$opensslincludedir"; then + AC_MSG_CHECKING([for ssl.h]) if test -f "$opensslincludedir/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" - AC_MSG_CHECKING([for ssl.h]) AC_MSG_RESULT([yes]) else - AC_MSG_CHECKING([for ssl.h]) AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to locate ssl.h]) fi fi @@ -138,12 +161,12 @@ AS_HELP_STRING([--with-openssl-libdir=], [path to lib directory of OpenSSL or LibreSSL installation] ), [ openssllibdir="$withval" ], [ - if test ! -z "$openssldir"; then - if test "$do64bit" == 'yes'; then + if test -n "$openssldir"; then + if test "$do64bit" == 'yes' -a -d $openssldir/lib64; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi else @@ -152,23 +175,23 @@ ] ) AC_MSG_CHECKING([for OpenSSL lib directory]) AC_MSG_RESULT($openssllibdir) - dnl Set SSL lib vars - if test ! -z "$openssllibdir"; then - if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + dnl Set SSL lib variables + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + LIBEXT=${SHLIB_SUFFIX} + else + LIBEXT='.a' + fi + + if test -f "$openssllibdir/libssl${LIBEXT}"; then + SSL_LIBS_PATH="-L$openssllibdir" else - AC_MSG_ERROR([Unable to locate libssl${SHLIB_SUFFIX}]) + AC_MSG_ERROR([Unable to locate libssl${LIBEXT}]) fi fi dnl Set location of pkgconfig files AC_ARG_WITH([openssl-pkgconfig], @@ -185,19 +208,15 @@ ] ) AC_MSG_CHECKING([for OpenSSL pkgconfig]) AC_MSG_RESULT($opensslpkgconfigdir) - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - dnl Use pkg-config to find the libraries - if test -n "${PKG_CONFIG}"; then + dnl Check if OpenSSL is available + USE_PKG_CONFIG=`"${PKG_CONFIG}" --list-package-names | grep openssl` + + dnl Use pkg-config to find the library names + if test -n "${PKG_CONFIG}" -a -n "${USE_PKG_CONFIG}"; then dnl Temporarily update PKG_CONFIG_PATH PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then AC_MSG_ERROR([Unable to locate ${opensslpkgconfigdir}/openssl.pc]) @@ -204,12 +223,21 @@ fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "${SHARED_BUILD}" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi if test -z "$TCLTLS_SSL_INCLUDES"; then @@ -216,24 +244,29 @@ TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" fi - - dnl Fallback settings for OpenSSL includes and libs - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi + dnl Use fall-back settings for OpenSSL include and library paths if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi + fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + # HPUX: -Wl,-a,archive ... -Wl,-a,shared_archive + fi fi dnl Include config variables in --help list and make available to be substituted via AC_SUBST. AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL]) AC_ARG_VAR([TCLTLS_SSL_INCLUDES], [C compiler include paths for OpenSSL or LibreSSL]) AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL]) ]) Index: configure ================================================================== --- configure +++ configure @@ -1,11 +1,11 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for tls 1.8.0. +# Generated by GNU Autoconf 2.72 for tls 1.8.0. # # -# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, # Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. @@ -13,25 +13,25 @@ ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -99,11 +99,11 @@ done IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then @@ -129,32 +129,32 @@ *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="as_nop=: -if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 + as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else \$as_nop - case \`(set -o) 2>/dev/null\` in #( +else case e in #( + e) case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } @@ -168,12 +168,13 @@ as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : -else \$as_nop - exitcode=1; echo positional parameters were not saved. +else case e in #( + e) exitcode=1; echo positional parameters were not saved. ;; +esac fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" @@ -183,18 +184,19 @@ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null then : as_have_required=yes -else $as_nop - as_have_required=no +else case e in #( + e) as_have_required=no ;; +esac fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS case $as_dir in #((( @@ -223,16 +225,17 @@ done IFS=$as_save_IFS if $as_found then : -else $as_nop - if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +else case e in #( + e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes -fi +fi ;; +esac fi if test "x$CONFIG_SHELL" != x then : @@ -250,11 +253,11 @@ *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno @@ -269,11 +272,12 @@ $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 -fi +fi ;; +esac fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. @@ -308,18 +312,10 @@ { set +e as_fn_set_status $1 exit $1 } # as_fn_exit -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () @@ -384,15 +380,16 @@ then : eval 'as_fn_append () { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the @@ -402,25 +399,18 @@ then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the @@ -490,10 +480,12 @@ sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' + t clear + :clear s/[$]LINENO.*/&-/ t lineno b :lineno N @@ -538,11 +530,10 @@ # the shell variables $as_echo and $as_echo_n. New code should use # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. as_echo='printf %s\n' as_echo_n='printf %s' - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir @@ -550,13 +541,13 @@ fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else @@ -577,14 +568,16 @@ as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated test -n "$DJDIR" || exec 7<&0 &1 @@ -657,12 +650,10 @@ PKG_STUB_LIB_FILE MAKE_STUB_LIB MAKE_STATIC_LIB MAKE_SHARED_LIB MAKE_LIB -EGREP -GREP LDFLAGS_DEFAULT CFLAGS_DEFAULT LD_LIBRARY_PATH_VAR SHLIB_CFLAGS SHLIB_LD_LIBS @@ -775,14 +766,16 @@ enable_stubs enable_64bit enable_64bit_vis enable_rpath enable_symbols +enable_ssl3 enable_tls1 enable_tls1_1 enable_tls1_2 enable_tls1_3 +enable_debug enable_ssl_fastpath enable_hardening enable_static_ssl with_openssl_dir with_openssl_includedir @@ -907,11 +900,11 @@ -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -933,11 +926,11 @@ -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -1146,11 +1139,11 @@ -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1162,11 +1155,11 @@ -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1192,20 +1185,20 @@ ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" + -*) as_fn_error $? "unrecognized option: '$ac_option' +Try '$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: '$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) @@ -1251,11 +1244,11 @@ NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done -# There might be people who depend on the old broken behavior: `$host' +# There might be people who depend on the old broken behavior: '$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias @@ -1319,11 +1312,11 @@ fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1347,11 +1340,11 @@ # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tls 1.8.0 to adapt to many kinds of systems. +'configure' configures tls 1.8.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. @@ -1361,26 +1354,26 @@ Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages + -q, --quiet, --silent do not print 'checking ...' messages --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' + -C, --config-cache alias for '--cache-file=config.cache' -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] + --srcdir=DIR find the sources in DIR [configure dir or '..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. +By default, 'make install' will install all the files in +'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc. You can specify +an installation prefix other than '$ac_default_prefix' using '--prefix', +for instance '--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] @@ -1425,14 +1418,16 @@ shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) + --disable-ssl3 disable SSL3 protocol --disable-tls1 disable TLS1 protocol --disable-tls1_1 disable TLS1.1 protocol --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol + --enable-debug enable debugging mode and output more status --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-hardening enable hardening attempts --enable-static-ssl enable static linking to the SSL library @@ -1470,11 +1465,11 @@ TCLTLS_SSL_INCLUDES C compiler include paths for OpenSSL or LibreSSL TCLTLS_SSL_LIBS libraries to pass to the linker for OpenSSL or LibreSSL -Use these variables to override the choices made by `configure' or to help +Use these variables to override the choices made by 'configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? @@ -1538,13 +1533,13 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF tls configure 1.8.0 -generated by GNU Autoconf 2.71 +generated by GNU Autoconf 2.72 -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi @@ -1579,15 +1574,16 @@ test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile @@ -1617,97 +1613,22 @@ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that -# executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: program exited with status $ac_status" >&5 - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - -# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists and can be compiled using the include files in -# INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -printf %s "checking for $2... " >&6; } -if eval test \${$3+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - eval "$3=yes" -else $as_nop - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -fi -eval ac_res=\$$3 - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -printf "%s\n" "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_compile - # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { @@ -1735,15 +1656,16 @@ test "$cross_compiling" = yes || test -x conftest$ac_exeext } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. @@ -1751,10 +1673,89 @@ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else case e in #( + e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status ;; +esac +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$3=yes" +else case e in #( + e) eval "$3=no" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { @@ -1762,19 +1763,19 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 printf %s "checking for $2... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. */ + which can conflict with char $2 (void); below. */ #include #undef $2 /* Override any GCC internal prototype to avoid an error. @@ -1781,11 +1782,11 @@ Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif -char $2 (); +char $2 (void); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me @@ -1800,15 +1801,17 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext + conftest$ac_exeext conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno @@ -1837,11 +1840,11 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by tls $as_me 1.8.0, which was -generated by GNU Autoconf 2.71. Invocation command line was +generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log @@ -2083,14 +2086,14 @@ if test -f "$ac_site_file" && test -r "$ac_site_file"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files @@ -2122,13 +2125,11 @@ #include struct stat; /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; +static char *e (char **p, int i) { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { @@ -2138,10 +2139,25 @@ s = g (p, va_arg (v,int)); va_end (v); return s; } +/* C89 style stringification. */ +#define noexpand_stringify(a) #a +const char *stringified = noexpand_stringify(arbitrary+token=sequence); + +/* C89 style token pasting. Exercises some of the corner cases that + e.g. old MSVC gets wrong, but not very hard. */ +#define noexpand_concat(a,b) a##b +#define expand_concat(a,b) noexpand_concat(a,b) +extern int vA; +extern int vbee; +#define aye A +#define bee B +int *pvA = &expand_concat(v,aye); +int *pvbee = &noexpand_concat(v,bee); + /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated as an "x". The following induces an error, until -std is added to get proper ANSI mode. Curiously \x00 != x always comes out true, for an @@ -2165,20 +2181,23 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); ' # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' -// Does the compiler advertise C99 conformance? +/* Does the compiler advertise C99 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif + +// See if C++-style comments work. #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); +extern void free (void *); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare // FILE and stderr. #define debug(...) dprintf (2, __VA_ARGS__) @@ -2224,11 +2243,10 @@ typedef const char *ccp; static inline int test_restrict (ccp restrict text) { - // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) continue; return 0; @@ -2290,10 +2308,12 @@ struct incomplete_array *ia = malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; + // Work around memory leak warnings. + free (ia); // Check named initializers. struct named_init ni = { .number = 34, .name = L"Test wide string", @@ -2311,11 +2331,11 @@ || dynamic_array[ni.number - 1] != 543); ' # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' -// Does the compiler advertise C11 conformance? +/* Does the compiler advertise C11 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif // Check _Alignas. @@ -2434,36 +2454,36 @@ eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: '$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: '$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: '$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in @@ -2475,15 +2495,15 @@ *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## @@ -2527,12 +2547,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CYGPATH+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CYGPATH"; then +else case e in #( + e) if test -n "$CYGPATH"; then ac_cv_prog_CYGPATH="$CYGPATH" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2551,11 +2571,12 @@ done done IFS=$as_save_IFS test -z "$ac_cv_prog_CYGPATH" && ac_cv_prog_CYGPATH="echo" -fi +fi ;; +esac fi CYGPATH=$ac_cv_prog_CYGPATH if test -n "$CYGPATH"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CYGPATH" >&5 printf "%s\n" "$CYGPATH" >&6; } @@ -2630,12 +2651,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking system version" >&5 printf %s "checking system version... " >&6; } if test ${tcl_cv_sys_version+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # TEA specific: if test "${TEA_PLATFORM}" = "windows" ; then tcl_cv_sys_version=windows else tcl_cv_sys_version=`uname -s`-`uname -r` @@ -2650,11 +2671,12 @@ if test "`uname -s`" = "NetBSD" -a -f /etc/debian_version ; then tcl_cv_sys_version=NetBSD-Debian fi fi fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_sys_version" >&5 printf "%s\n" "$tcl_cv_sys_version" >&6; } system=$tcl_cv_sys_version @@ -2706,12 +2728,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Tcl configuration" >&5 printf %s "checking for Tcl configuration... " >&6; } if test ${ac_cv_c_tclconfig+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # First check to see if --with-tcl was specified. if test x"${with_tclconfig}" != x ; then case "${with_tclconfig}" in */tclConfig.sh ) @@ -2824,11 +2846,12 @@ ac_cv_c_tclconfig="`(cd $i/unix; pwd)`" break fi done fi - + ;; +esac fi if test x"${ac_cv_c_tclconfig}" = x ; then TCL_BIN_DIR="# no Tcl configs found" @@ -2861,12 +2884,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2884,11 +2907,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -2906,12 +2930,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2929,11 +2953,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -2964,12 +2989,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2987,11 +3012,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3009,12 +3035,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -3049,11 +3075,12 @@ # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3073,12 +3100,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3096,11 +3123,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3122,12 +3150,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3145,11 +3173,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -3183,12 +3212,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3206,11 +3235,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3228,12 +3258,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3251,11 +3281,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -3280,14 +3311,14 @@ fi fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 @@ -3355,12 +3386,12 @@ (eval "$ac_link_default") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. +# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do @@ -3376,11 +3407,11 @@ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' + # safe: cross compilers may not add the suffix if given an '-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) @@ -3387,27 +3418,29 @@ break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= -else $as_nop - ac_file='' +else case e in #( + e) ac_file='' ;; +esac fi if test -z "$ac_file" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +See 'config.log' for more details" "$LINENO" 5; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 printf "%s\n" "$ac_file" >&6; } @@ -3427,28 +3460,29 @@ (eval "$ac_link") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. + # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) +# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will +# work properly (i.e., refer to 'conftest.exe'), while it won't with +# 'rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 printf "%s\n" "$ac_cv_exeext" >&6; } @@ -3460,10 +3494,12 @@ #include int main (void) { FILE *f = fopen ("conftest.out", "w"); + if (!f) + return 1; return ferror (f) || fclose (f) != 0; ; return 0; } @@ -3499,30 +3535,31 @@ cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use '--host'. +See 'config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_exeext \ + conftest.o conftest.obj conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -3550,20 +3587,22 @@ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext +rm -f conftest.$ac_cv_objext conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT @@ -3570,12 +3609,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -3588,16 +3627,18 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ac_compiler_gnu=$ac_cv_c_compiler_gnu @@ -3611,12 +3652,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3630,12 +3671,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) @@ -3646,12 +3687,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3664,16 +3705,19 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS @@ -3696,12 +3740,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c11_program _ACEOF @@ -3714,40 +3758,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c99_program _ACEOF @@ -3760,40 +3807,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c89_program _ACEOF @@ -3806,29 +3856,32 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -3919,22 +3972,22 @@ # first test we've already retrieved platform (cross-compile), fallback to unix otherwise: TEA_PLATFORM="${TEA_PLATFORM-unix}" CYGPATH=echo -else $as_nop - +else case e in #( + e) TEA_PLATFORM="windows" # Extract the first word of "cygpath", so it can be a program name with args. set dummy cygpath; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CYGPATH+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CYGPATH"; then +else case e in #( + e) if test -n "$CYGPATH"; then ac_cv_prog_CYGPATH="$CYGPATH" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3953,11 +4006,12 @@ done done IFS=$as_save_IFS test -z "$ac_cv_prog_CYGPATH" && ac_cv_prog_CYGPATH="echo" -fi +fi ;; +esac fi CYGPATH=$ac_cv_prog_CYGPATH if test -n "$CYGPATH"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CYGPATH" >&5 printf "%s\n" "$CYGPATH" >&6; } @@ -3965,11 +4019,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CC=$hold_cc { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TEA_PLATFORM" >&5 printf "%s\n" "$TEA_PLATFORM" >&6; } @@ -4055,12 +4110,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4078,11 +4133,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4100,12 +4156,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4123,11 +4179,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4158,12 +4215,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4181,11 +4238,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4203,12 +4261,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -4243,11 +4301,12 @@ # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4267,12 +4326,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4290,11 +4349,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4316,12 +4376,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4339,11 +4399,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4377,12 +4438,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4400,11 +4461,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4422,12 +4484,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4445,11 +4507,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4474,14 +4537,14 @@ fi fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 @@ -4509,12 +4572,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -4527,16 +4590,18 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ac_compiler_gnu=$ac_cv_c_compiler_gnu @@ -4550,12 +4615,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4569,12 +4634,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) @@ -4585,12 +4650,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4603,16 +4668,19 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS @@ -4635,12 +4703,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c11_program _ACEOF @@ -4653,40 +4721,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c99_program _ACEOF @@ -4699,40 +4770,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c89_program _ACEOF @@ -4745,29 +4819,32 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4788,12 +4865,12 @@ fi if test -z "$CPP"; then if test ${ac_cv_prog_CPP+y} then : printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded +else case e in #( + e) # Double quotes because $CC needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do @@ -4807,13 +4884,14 @@ Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4823,28 +4901,30 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : break fi done ac_cv_prog_CPP=$CPP - + ;; +esac fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi @@ -4863,13 +4943,14 @@ Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4879,28 +4960,30 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -4917,12 +5000,12 @@ set x ${MAKE-make} ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. @@ -4930,11 +5013,12 @@ *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } SET_MAKE= @@ -4955,12 +5039,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then +else case e in #( + e) if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4978,11 +5062,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 printf "%s\n" "$RANLIB" >&6; } @@ -5000,12 +5085,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -5023,11 +5108,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 printf "%s\n" "$ac_ct_RANLIB" >&6; } @@ -5101,12 +5187,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the compiler understands -pipe" >&5 printf %s "checking if the compiler understands -pipe... " >&6; } if test ${tcl_cv_cc_pipe+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS; CFLAGS="$CFLAGS -pipe" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -5118,15 +5204,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_cc_pipe=yes -else $as_nop - tcl_cv_cc_pipe=no +else case e in #( + e) tcl_cv_cc_pipe=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_pipe" >&5 printf "%s\n" "$tcl_cv_cc_pipe" >&6; } if test $tcl_cv_cc_pipe = yes; then CFLAGS="$CFLAGS -pipe" @@ -5146,12 +5234,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 printf %s "checking whether byte ordering is bigendian... " >&6; } if test ${ac_cv_c_bigendian+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_c_bigendian=unknown +else case e in #( + e) ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler @@ -5193,12 +5281,12 @@ #include int main (void) { -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ - && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \\ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \\ && LITTLE_ENDIAN) bogus endian macros #endif ; @@ -5225,12 +5313,13 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -5270,12 +5359,13 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -5298,37 +5388,39 @@ unsigned short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } - extern int foo; - -int -main (void) -{ -return use_ascii (foo) == use_ebcdic (foo); - ; - return 0; -} + int + main (int argc, char **argv) + { + /* Intimidate the compiler so that it does not + optimize the arrays away. */ + char *p = argv[0]; + ascii_mm[1] = *p++; ebcdic_mm[1] = *p++; + ascii_ii[1] = *p++; ebcdic_ii[1] = *p++; + return use_ascii (argc) == use_ebcdic (*p); + } _ACEOF -if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_link "$LINENO" then : - if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + if grep BIGenDianSyS conftest$ac_exeext >/dev/null; then ac_cv_c_bigendian=yes fi - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if grep LiTTleEnDian conftest$ac_exeext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main (void) { @@ -5347,18 +5439,21 @@ } _ACEOF if ac_fn_c_try_run "$LINENO" then : ac_cv_c_bigendian=no -else $as_nop - ac_cv_c_bigendian=yes +else case e in #( + e) ac_cv_c_bigendian=yes ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 printf "%s\n" "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) @@ -5375,11 +5470,10 @@ esac #----------------------------------------------------------------------- -# __CHANGE__ # Specify the C source files to compile in TEA_ADD_SOURCES, # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS @@ -5477,11 +5571,11 @@ done - vars="library/tls.tcl" + vars="library/tls.tcl license.terms README.txt" for i in $vars; do # check for existence, be strict because it is installed if test ! -f "${srcdir}/$i" ; then as_fn_error $? "could not find tcl source file '${srcdir}/$i'" "$LINENO" 5 fi @@ -5489,29 +5583,31 @@ done #-------------------------------------------------------------------- -# # You can add more files to clean if your extension creates any extra # files by extending CLEANFILES. # Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # # A few miscellaneous platform-specific items: # TEA_ADD_* any platform specific compiler/build info here. #-------------------------------------------------------------------- -CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms" + + CLEANFILES="$CLEANFILES pkgIndex.tcl generic/tls.tcl.h tlsUuid.h" + + if test "${TEA_PLATFORM}" = "windows" ; then - printf "%s\n" "#define BUILD_tls 1" >>confdefs.h - printf "%s\n" "#define WINDOWS 1" >>confdefs.h + CLEANFILES="$CLEANFILES *.lib *.dll *.exp *.ilk *.pdb vc*.pch" - CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch" else - CLEANFILES="pkgIndex.tcl *.so" + + CLEANFILES="$CLEANFILES *.so" + fi #-------------------------------------------------------------------- # Choose which headers you need. Extension authors should try very @@ -5534,12 +5630,12 @@ if test ${ac_cv_c_tclh+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # Use the value from --with-tclinclude, if it was given if test x"${with_tclinclude}" != x ; then if test -f "${with_tclinclude}/tcl.h" ; then ac_cv_c_tclh=${with_tclinclude} @@ -5584,11 +5680,12 @@ ac_cv_c_tclh=$i break fi done fi - + ;; +esac fi # Print a message based on how we determined the include path @@ -5621,12 +5718,13 @@ # Check whether --enable-threads was given. if test ${enable_threads+y} then : enableval=$enable_threads; tcl_ok=$enableval -else $as_nop - tcl_ok=yes +else case e in #( + e) tcl_ok=yes ;; +esac fi if test "${enable_threads+set}" = set; then enableval="$enable_threads" @@ -5660,20 +5758,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lpthread" >&5 printf %s "checking for pthread_mutex_init in -lpthread... " >&6; } if test ${ac_cv_lib_pthread_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5681,24 +5785,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthread_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthread_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthread_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthread_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthread_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then # Check a little harder for __pthread_mutex_init in the same # library, as some systems hide it there until pthread.h is @@ -5708,20 +5815,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __pthread_mutex_init in -lpthread" >&5 printf %s "checking for __pthread_mutex_init in -lpthread... " >&6; } if test ${ac_cv_lib_pthread___pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char __pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char __pthread_mutex_init (void); int main (void) { return __pthread_mutex_init (); ; @@ -5729,24 +5842,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthread___pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthread___pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthread___pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread___pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthread___pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthread___pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi fi if test "$tcl_ok" = "yes"; then @@ -5756,20 +5872,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lpthreads" >&5 printf %s "checking for pthread_mutex_init in -lpthreads... " >&6; } if test ${ac_cv_lib_pthreads_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthreads $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5777,24 +5899,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthreads_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthreads_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthreads_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthreads_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthreads_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "yes"; then # The space is needed THREADS_LIBS=" -lpthreads" @@ -5802,20 +5927,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lc" >&5 printf %s "checking for pthread_mutex_init in -lc... " >&6; } if test ${ac_cv_lib_c_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5823,42 +5954,51 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_c_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_c_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_c_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_c_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lc_r" >&5 printf %s "checking for pthread_mutex_init in -lc_r... " >&6; } if test ${ac_cv_lib_c_r_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lc_r $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5866,24 +6006,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_r_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_c_r_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_c_r_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_r_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_c_r_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_c_r_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "yes"; then # The space is needed THREADS_LIBS=" -pthread" @@ -5939,12 +6082,13 @@ printf %s "checking how to build libraries... " >&6; } # Check whether --enable-shared was given. if test ${enable_shared+y} then : enableval=$enable_shared; shared_ok=$enableval -else $as_nop - shared_ok=yes +else case e in #( + e) shared_ok=yes ;; +esac fi if test "${enable_shared+set}" = set; then enableval="$enable_shared" @@ -5955,12 +6099,13 @@ # Check whether --enable-stubs was given. if test ${enable_stubs+y} then : enableval=$enable_stubs; stubs_ok=$enableval -else $as_nop - stubs_ok=yes +else case e in #( + e) stubs_ok=yes ;; +esac fi if test "${enable_stubs+set}" = set; then enableval="$enable_stubs" @@ -6018,12 +6163,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then +else case e in #( + e) if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6041,11 +6186,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 printf "%s\n" "$RANLIB" >&6; } @@ -6063,12 +6209,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6086,11 +6232,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 printf "%s\n" "$ac_ct_RANLIB" >&6; } @@ -6123,12 +6270,13 @@ printf %s "checking if 64bit support is requested... " >&6; } # Check whether --enable-64bit was given. if test ${enable_64bit+y} then : enableval=$enable_64bit; do64bit=$enableval -else $as_nop - do64bit=no +else case e in #( + e) do64bit=no ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $do64bit" >&5 printf "%s\n" "$do64bit" >&6; } @@ -6138,12 +6286,13 @@ printf %s "checking if 64bit Sparc VIS support is requested... " >&6; } # Check whether --enable-64bit-vis was given. if test ${enable_64bit_vis+y} then : enableval=$enable_64bit_vis; do64bitVIS=$enableval -else $as_nop - do64bitVIS=no +else case e in #( + e) do64bitVIS=no ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $do64bitVIS" >&5 printf "%s\n" "$do64bitVIS" >&6; } # Force 64bit on with VIS @@ -6158,12 +6307,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler supports visibility \"hidden\"" >&5 printf %s "checking if compiler supports visibility \"hidden\"... " >&6; } if test ${tcl_cv_cc_visibility_hidden+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS; CFLAGS="$CFLAGS -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern __attribute__((__visibility__("hidden"))) void f(void); @@ -6177,16 +6326,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_visibility_hidden=yes -else $as_nop - tcl_cv_cc_visibility_hidden=no +else case e in #( + e) tcl_cv_cc_visibility_hidden=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_visibility_hidden" >&5 printf "%s\n" "$tcl_cv_cc_visibility_hidden" >&6; } if test $tcl_cv_cc_visibility_hidden = yes then : @@ -6206,12 +6357,13 @@ printf %s "checking if rpath support is requested... " >&6; } # Check whether --enable-rpath was given. if test ${enable_rpath+y} then : enableval=$enable_rpath; doRpath=$enableval -else $as_nop - doRpath=yes +else case e in #( + e) doRpath=yes ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $doRpath" >&5 printf "%s\n" "$doRpath" >&6; } @@ -6222,12 +6374,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking system version" >&5 printf %s "checking system version... " >&6; } if test ${tcl_cv_sys_version+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # TEA specific: if test "${TEA_PLATFORM}" = "windows" ; then tcl_cv_sys_version=windows else tcl_cv_sys_version=`uname -s`-`uname -r` @@ -6242,11 +6394,12 @@ if test "`uname -s`" = "NetBSD" -a -f /etc/debian_version ; then tcl_cv_sys_version=NetBSD-Debian fi fi fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_sys_version" >&5 printf "%s\n" "$tcl_cv_sys_version" >&6; } system=$tcl_cv_sys_version @@ -6276,26 +6429,27 @@ then : CFLAGS_OPTIMIZE=-O2 CFLAGS_WARNING="-Wall" -else $as_nop - +else case e in #( + e) CFLAGS_OPTIMIZE=-O CFLAGS_WARNING="" - + ;; +esac fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AR"; then +else case e in #( + e) if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6313,11 +6467,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi AR=$ac_cv_prog_AR if test -n "$AR"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 printf "%s\n" "$AR" >&6; } @@ -6335,12 +6490,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AR"; then +else case e in #( + e) if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6358,11 +6513,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 printf "%s\n" "$ac_ct_AR" >&6; } @@ -6389,12 +6545,13 @@ STLIB_LD='${AR} cr' LD_LIBRARY_PATH_VAR="LD_LIBRARY_PATH" if test "x$SHLIB_VERSION" = x then : SHLIB_VERSION="" -else $as_nop - SHLIB_VERSION=".$SHLIB_VERSION" +else case e in #( + e) SHLIB_VERSION=".$SHLIB_VERSION" ;; +esac fi case $system in # TEA specific: windows) MACHINE="X86" @@ -6474,12 +6631,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RC"; then +else case e in #( + e) if test -n "$RC"; then ac_cv_prog_RC="$RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6497,11 +6654,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RC=$ac_cv_prog_RC if test -n "$RC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RC" >&5 printf "%s\n" "$RC" >&6; } @@ -6519,12 +6677,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RC"; then +else case e in #( + e) if test -n "$ac_ct_RC"; then ac_cv_prog_ac_ct_RC="$ac_ct_RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6542,11 +6700,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RC=$ac_cv_prog_ac_ct_RC if test -n "$ac_ct_RC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RC" >&5 printf "%s\n" "$ac_ct_RC" >&6; } @@ -6580,12 +6739,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cross-compile version of gcc" >&5 printf %s "checking for cross-compile version of gcc... " >&6; } if test ${ac_cv_cross+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef _WIN32 #error cross-compiler #endif @@ -6599,15 +6758,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_cross=yes -else $as_nop - ac_cv_cross=no +else case e in #( + e) ac_cv_cross=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cross" >&5 printf "%s\n" "$ac_cv_cross" >&6; } if test "$ac_cv_cross" = "yes"; then case "$do64bit" in @@ -6689,19 +6850,20 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;} -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS -q64" LDFLAGS_ARCH="-q64" RANLIB="${RANLIB} -X64" AR="${AR} -X64" SHLIB_LD_FLAGS="-b64" - + ;; +esac fi fi if test "`uname -m`" = ia64 @@ -6712,34 +6874,37 @@ if test "$GCC" = yes then : CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' -else $as_nop - +else case e in #( + e) CC_SEARCH_FLAGS='"-R${LIB_RUNTIME_DIR}"' - + ;; +esac fi LD_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' -else $as_nop - +else case e in #( + e) if test "$GCC" = yes then : SHLIB_LD='${CC} -shared -Wl,-bexpall' -else $as_nop - +else case e in #( + e) SHLIB_LD="/bin/ld -bhalt:4 -bM:SRE -bexpall -H512 -T512 -bnoentry" LDFLAGS="$LDFLAGS -brtl" - + ;; +esac fi SHLIB_LD="${SHLIB_LD} ${SHLIB_LD_FLAGS}" CC_SEARCH_FLAGS='"-L${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} - + ;; +esac fi ;; BeOS*) SHLIB_CFLAGS="-fPIC" SHLIB_LD='${CC} -nostart' @@ -6753,20 +6918,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_ntoa in -lbind" >&5 printf %s "checking for inet_ntoa in -lbind... " >&6; } if test ${ac_cv_lib_bind_inet_ntoa+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lbind $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char inet_ntoa (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntoa (void); int main (void) { return inet_ntoa (); ; @@ -6774,16 +6945,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_bind_inet_ntoa=yes -else $as_nop - ac_cv_lib_bind_inet_ntoa=no +else case e in #( + e) ac_cv_lib_bind_inet_ntoa=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bind_inet_ntoa" >&5 printf "%s\n" "$ac_cv_lib_bind_inet_ntoa" >&6; } if test "x$ac_cv_lib_bind_inet_ntoa" = xyes then : @@ -6832,20 +7005,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_ntoa in -lnetwork" >&5 printf %s "checking for inet_ntoa in -lnetwork... " >&6; } if test ${ac_cv_lib_network_inet_ntoa+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lnetwork $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char inet_ntoa (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntoa (void); int main (void) { return inet_ntoa (); ; @@ -6853,16 +7032,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_network_inet_ntoa=yes -else $as_nop - ac_cv_lib_network_inet_ntoa=no +else case e in #( + e) ac_cv_lib_network_inet_ntoa=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_inet_ntoa" >&5 printf "%s\n" "$ac_cv_lib_network_inet_ntoa" >&6; } if test "x$ac_cv_lib_network_inet_ntoa" = xyes then : @@ -6882,30 +7063,37 @@ if test "`uname -m`" = ia64 then : SHLIB_SUFFIX=".so" -else $as_nop - +else case e in #( + e) SHLIB_SUFFIX=".sl" - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { return shl_load (); ; @@ -6913,24 +7101,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = yes then : @@ -6946,14 +7137,15 @@ then : SHLIB_LD='${CC} -shared' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -z" - + ;; +esac fi # Check to enable 64-bit flags for compiler/linker if test "$do64bit" = "yes" then : @@ -6977,16 +7169,17 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;} ;; esac -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS +DD64" LDFLAGS_ARCH="+DD64" - + ;; +esac fi fi ;; HP-UX-*.08.*|HP-UX-*.09.*|HP-UX-*.10.*) SHLIB_SUFFIX=".sl" @@ -6993,20 +7186,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { return shl_load (); ; @@ -7014,24 +7213,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = yes then : @@ -7075,12 +7277,12 @@ then : CFLAGS="$CFLAGS -mabi=n32" LDFLAGS="$LDFLAGS -mabi=n32" -else $as_nop - +else case e in #( + e) case $system in IRIX-6.3) # Use to build 6.2 compatible binaries on 6.3. CFLAGS="$CFLAGS -n32 -D_OLD_TERMIOS" ;; @@ -7087,11 +7289,12 @@ *) CFLAGS="$CFLAGS -n32" ;; esac LDFLAGS="$LDFLAGS -n32" - + ;; +esac fi ;; IRIX64-6.*) SHLIB_CFLAGS="" SHLIB_LD="ld -n32 -shared -rdata_shared" @@ -7112,17 +7315,18 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported by gcc" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported by gcc" >&2;} -else $as_nop - +else case e in #( + e) do64bit_ok=yes SHLIB_LD="ld -64 -shared -rdata_shared" CFLAGS="$CFLAGS -64" LDFLAGS_ARCH="-64" - + ;; +esac fi fi ;; Linux*|GNU*|NetBSD-Debian|DragonFly-*|FreeBSD-*) @@ -7165,12 +7369,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -m64 flag" >&5 printf %s "checking if compiler accepts -m64 flag... " >&6; } if test ${tcl_cv_cc_m64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -m64" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7183,16 +7387,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_m64=yes -else $as_nop - tcl_cv_cc_m64=no +else case e in #( + e) tcl_cv_cc_m64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_m64" >&5 printf "%s\n" "$tcl_cv_cc_m64" >&6; } if test $tcl_cv_cc_m64 = yes then : @@ -7294,12 +7500,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -arch ppc64 flag" >&5 printf %s "checking if compiler accepts -arch ppc64 flag... " >&6; } if test ${tcl_cv_cc_arch_ppc64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -arch ppc64 -mpowerpc64 -mcpu=G5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7312,16 +7518,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_arch_ppc64=yes -else $as_nop - tcl_cv_cc_arch_ppc64=no +else case e in #( + e) tcl_cv_cc_arch_ppc64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_arch_ppc64" >&5 printf "%s\n" "$tcl_cv_cc_arch_ppc64" >&6; } if test $tcl_cv_cc_arch_ppc64 = yes then : @@ -7334,12 +7542,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -arch x86_64 flag" >&5 printf %s "checking if compiler accepts -arch x86_64 flag... " >&6; } if test ${tcl_cv_cc_arch_x86_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -arch x86_64" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7352,16 +7560,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_arch_x86_64=yes -else $as_nop - tcl_cv_cc_arch_x86_64=no +else case e in #( + e) tcl_cv_cc_arch_x86_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_arch_x86_64" >&5 printf "%s\n" "$tcl_cv_cc_arch_x86_64" >&6; } if test $tcl_cv_cc_arch_x86_64 = yes then : @@ -7373,30 +7583,31 @@ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Don't know how enable 64-bit on architecture \`arch\`" >&5 printf "%s\n" "$as_me: WARNING: Don't know how enable 64-bit on architecture \`arch\`" >&2;};; esac -else $as_nop - +else case e in #( + e) # Check for combined 32-bit and 64-bit fat build if echo "$CFLAGS " |grep -E -q -- '-arch (ppc64|x86_64) ' \ && echo "$CFLAGS " |grep -E -q -- '-arch (ppc|i386) ' then : fat_32_64=yes fi - + ;; +esac fi # TEA specific: use LDFLAGS_DEFAULT instead of LDFLAGS SHLIB_LD='${CC} -dynamiclib ${CFLAGS} ${LDFLAGS_DEFAULT}' { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ld accepts -single_module flag" >&5 printf %s "checking if ld accepts -single_module flag... " >&6; } if test ${tcl_cv_ld_single_module+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -dynamiclib -Wl,-single_module" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7409,16 +7620,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_ld_single_module=yes -else $as_nop - tcl_cv_ld_single_module=no +else case e in #( + e) tcl_cv_ld_single_module=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags + LDFLAGS=$hold_ldflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_single_module" >&5 printf "%s\n" "$tcl_cv_ld_single_module" >&6; } if test $tcl_cv_ld_single_module = yes then : @@ -7434,12 +7647,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ld accepts -search_paths_first flag" >&5 printf %s "checking if ld accepts -search_paths_first flag... " >&6; } if test ${tcl_cv_ld_search_paths_first+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-search_paths_first" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7452,16 +7665,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_ld_search_paths_first=yes -else $as_nop - tcl_cv_ld_search_paths_first=no +else case e in #( + e) tcl_cv_ld_search_paths_first=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags + LDFLAGS=$hold_ldflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_search_paths_first" >&5 printf "%s\n" "$tcl_cv_ld_search_paths_first" >&6; } if test $tcl_cv_ld_search_paths_first = yes then : @@ -7492,12 +7707,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit X11" >&5 printf %s "checking for 64-bit X11... " >&6; } if test ${tcl_cv_lib_x11_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) for v in CFLAGS CPPFLAGS LDFLAGS; do eval 'hold_'$v'="$'$v'";'$v'="`echo "$'$v' "|sed -e "s/-arch ppc / /g" -e "s/-arch i386 / /g"`"' done CPPFLAGS="$CPPFLAGS -I/usr/X11R6/include" LDFLAGS="$LDFLAGS -L/usr/X11R6/lib -lX11" @@ -7513,18 +7728,20 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_lib_x11_64=yes -else $as_nop - tcl_cv_lib_x11_64=no +else case e in #( + e) tcl_cv_lib_x11_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext for v in CFLAGS CPPFLAGS LDFLAGS; do eval $v'="$hold_'$v'"' - done + done ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_lib_x11_64" >&5 printf "%s\n" "$tcl_cv_lib_x11_64" >&6; } fi @@ -7534,12 +7751,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit Tk" >&5 printf %s "checking for 64-bit Tk... " >&6; } if test ${tcl_cv_lib_tk_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) for v in CFLAGS CPPFLAGS LDFLAGS; do eval 'hold_'$v'="$'$v'";'$v'="`echo "$'$v' "|sed -e "s/-arch ppc / /g" -e "s/-arch i386 / /g"`"' done CPPFLAGS="$CPPFLAGS -DUSE_TCL_STUBS=1 -DUSE_TK_STUBS=1 ${TCL_INCLUDES} ${TK_INCLUDES}" LDFLAGS="$LDFLAGS ${TCL_STUB_LIB_SPEC} ${TK_STUB_LIB_SPEC}" @@ -7555,18 +7772,20 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_lib_tk_64=yes -else $as_nop - tcl_cv_lib_tk_64=no +else case e in #( + e) tcl_cv_lib_tk_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext for v in CFLAGS CPPFLAGS LDFLAGS; do eval $v'="$hold_'$v'"' - done + done ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_lib_tk_64" >&5 printf "%s\n" "$tcl_cv_lib_tk_64" >&6; } fi @@ -7596,14 +7815,15 @@ if test "$SHARED_BUILD" = 1 then : SHLIB_LD='ld -shared -expect_unresolved "*"' -else $as_nop - +else case e in #( + e) SHLIB_LD='ld -non_shared -expect_unresolved "*"' - + ;; +esac fi SHLIB_SUFFIX=".so" if test $doRpath = yes then : @@ -7611,13 +7831,14 @@ LD_SEARCH_FLAGS='-rpath ${LIB_RUNTIME_DIR}' fi if test "$GCC" = yes then : CFLAGS="$CFLAGS -mieee" -else $as_nop - - CFLAGS="$CFLAGS -DHAVE_TZSET -std1 -ieee" +else case e in #( + e) + CFLAGS="$CFLAGS -DHAVE_TZSET -std1 -ieee" ;; +esac fi # see pthread_intro(3) for pthread support on osf1, k.furukawa CFLAGS="$CFLAGS -DHAVE_PTHREAD_ATTR_SETSTACKSIZE" CFLAGS="$CFLAGS -DTCL_THREAD_STACK_MIN=PTHREAD_STACK_MIN*64" LIBS=`echo $LIBS | sed s/-lpthreads//` @@ -7624,15 +7845,16 @@ if test "$GCC" = yes then : LIBS="$LIBS -lpthread -lmach -lexc" -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -pthread" LDFLAGS="$LDFLAGS -pthread" - + ;; +esac fi ;; QNX-6*) # QNX RTP # This may work for all QNX, but it was only reported for v6. @@ -7648,15 +7870,16 @@ then : SHLIB_CFLAGS="-fPIC -melf" LDFLAGS="$LDFLAGS -melf -Wl,-Bexport" -else $as_nop - +else case e in #( + e) SHLIB_CFLAGS="-Kpic -belf" LDFLAGS="$LDFLAGS -belf -Wl,-Bexport" - + ;; +esac fi SHLIB_LD="ld -G" SHLIB_LD_LIBS="" SHLIB_SUFFIX=".so" CC_SEARCH_FLAGS="" @@ -7682,16 +7905,17 @@ SHLIB_LD='${CC} -shared' CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} -else $as_nop - +else case e in #( + e) SHLIB_LD="/usr/ccs/bin/ld -G -z text" CC_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} - + ;; +esac fi ;; SunOS-5*) # Note: If _REENTRANT isn't defined, then Solaris # won't define thread-safe library routines. @@ -7720,41 +7944,44 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC < 3.2 on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC < 3.2 on $system" >&2;} -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS -m64 -mcpu=v9" LDFLAGS="$LDFLAGS -m64 -mcpu=v9" SHLIB_CFLAGS="-fPIC" - + ;; +esac fi -else $as_nop - +else case e in #( + e) do64bit_ok=yes if test "$do64bitVIS" = yes then : CFLAGS="$CFLAGS -xarch=v9a" LDFLAGS_ARCH="-xarch=v9a" -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -xarch=v9" LDFLAGS_ARCH="-xarch=v9" - + ;; +esac fi # Solaris 64 uses this as well #LD_LIBRARY_PATH_VAR="LD_LIBRARY_PATH_64" - + ;; +esac fi -else $as_nop - if test "$arch" = "amd64 i386" +else case e in #( + e) if test "$arch" = "amd64 i386" then : if test "$GCC" = yes then : @@ -7766,28 +7993,31 @@ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;};; esac -else $as_nop - +else case e in #( + e) do64bit_ok=yes case $system in SunOS-5.1[1-9]*|SunOS-5.[2-9][0-9]*) CFLAGS="$CFLAGS -m64" LDFLAGS="$LDFLAGS -m64";; *) CFLAGS="$CFLAGS -xarch=amd64" LDFLAGS="$LDFLAGS -xarch=amd64";; esac - + ;; +esac fi -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported for $arch" >&5 -printf "%s\n" "$as_me: WARNING: 64bit mode not supported for $arch" >&2;} -fi +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported for $arch" >&5 +printf "%s\n" "$as_me: WARNING: 64bit mode not supported for $arch" >&2;} ;; +esac +fi ;; +esac fi fi SHLIB_SUFFIX=".so" @@ -7811,35 +8041,37 @@ # for finding sparcv9 libgcc, get the regular libgcc # path, remove so name and append 'sparcv9' #v9gcclibdir="`gcc -print-file-name=libgcc_s.so` | ..." #CC_SEARCH_FLAGS="${CC_SEARCH_FLAGS},-R,$v9gcclibdir" -else $as_nop - if test "$arch" = "amd64 i386" +else case e in #( + e) if test "$arch" = "amd64 i386" then : # JH: static-libgcc is necessary for core Tcl, but may # not be necessary for extensions. SHLIB_LD="$SHLIB_LD -m64 -static-libgcc" -fi +fi ;; +esac fi fi -else $as_nop - +else case e in #( + e) case $system in SunOS-5.[1-9][0-9]*) # TEA specific: use LDFLAGS_DEFAULT instead of LDFLAGS SHLIB_LD='${CC} -G -z text ${LDFLAGS_DEFAULT}';; *) SHLIB_LD='/usr/ccs/bin/ld -G -z text';; esac CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' - + ;; +esac fi ;; UNIX_SV* | UnixWare-5*) SHLIB_CFLAGS="-KPIC" SHLIB_LD='${CC} -G' @@ -7850,12 +8082,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld accepts -Bexport flag" >&5 printf %s "checking for ld accepts -Bexport flag... " >&6; } if test ${tcl_cv_ld_Bexport+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-Bexport" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7868,16 +8100,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_ld_Bexport=yes -else $as_nop - tcl_cv_ld_Bexport=no +else case e in #( + e) tcl_cv_ld_Bexport=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags + LDFLAGS=$hold_ldflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_Bexport" >&5 printf "%s\n" "$tcl_cv_ld_Bexport" >&6; } if test $tcl_cv_ld_Bexport = yes then : @@ -7950,16 +8184,16 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SEH support in compiler" >&5 printf %s "checking for SEH support in compiler... " >&6; } if test ${tcl_cv_seh+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "$cross_compiling" = yes +else case e in #( + e) if test "$cross_compiling" = yes then : tcl_cv_seh=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define WIN32_LEAN_AND_MEAN #include #undef WIN32_LEAN_AND_MEAN @@ -7977,18 +8211,21 @@ _ACEOF if ac_fn_c_try_run "$LINENO" then : tcl_cv_seh=yes -else $as_nop - tcl_cv_seh=no +else case e in #( + e) tcl_cv_seh=no ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_seh" >&5 printf "%s\n" "$tcl_cv_seh" >&6; } if test "$tcl_cv_seh" = "no" ; then @@ -8005,12 +8242,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EXCEPTION_DISPOSITION support in include files" >&5 printf %s "checking for EXCEPTION_DISPOSITION support in include files... " >&6; } if test ${tcl_cv_eh_disposition+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define WIN32_LEAN_AND_MEAN # include # undef WIN32_LEAN_AND_MEAN @@ -8026,15 +8263,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_eh_disposition=yes -else $as_nop - tcl_cv_eh_disposition=no +else case e in #( + e) tcl_cv_eh_disposition=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_eh_disposition" >&5 printf "%s\n" "$tcl_cv_eh_disposition" >&6; } if test "$tcl_cv_eh_disposition" = "no" ; then @@ -8049,12 +8288,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winnt.h that ignores VOID define" >&5 printf %s "checking for winnt.h that ignores VOID define... " >&6; } if test ${tcl_cv_winnt_ignore_void+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define VOID void #define WIN32_LEAN_AND_MEAN #include @@ -8073,15 +8312,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_winnt_ignore_void=yes -else $as_nop - tcl_cv_winnt_ignore_void=no +else case e in #( + e) tcl_cv_winnt_ignore_void=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_winnt_ignore_void" >&5 printf "%s\n" "$tcl_cv_winnt_ignore_void" >&6; } if test "$tcl_cv_winnt_ignore_void" = "yes" ; then @@ -8097,12 +8338,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cast to union support" >&5 printf %s "checking for cast to union support... " >&6; } if test ${tcl_cv_cast_to_union+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -8115,15 +8356,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_cast_to_union=yes -else $as_nop - tcl_cv_cast_to_union=no +else case e in #( + e) tcl_cv_cast_to_union=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cast_to_union" >&5 printf "%s\n" "$tcl_cv_cast_to_union" >&6; } if test "$tcl_cv_cast_to_union" = "yes"; then @@ -8162,12 +8405,12 @@ tcl_flags="" if test ${tcl_cv_flag__isoc99_source+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) { @@ -8177,12 +8420,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__isoc99_source=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _ISOC99_SOURCE 1 #include int main (void) @@ -8193,16 +8436,19 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__isoc99_source=yes -else $as_nop - tcl_cv_flag__isoc99_source=no +else case e in #( + e) tcl_cv_flag__isoc99_source=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_flag__isoc99_source}" = "xyes" ; then printf "%s\n" "#define _ISOC99_SOURCE 1" >>confdefs.h @@ -8213,12 +8459,12 @@ if test "${TCL_MAJOR_VERSION}" -ne 8 ; then if test ${tcl_cv_flag__file_offset_bits+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) { @@ -8228,12 +8474,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__file_offset_bits=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include int main (void) @@ -8244,16 +8490,19 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__file_offset_bits=yes -else $as_nop - tcl_cv_flag__file_offset_bits=no +else case e in #( + e) tcl_cv_flag__file_offset_bits=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_flag__file_offset_bits}" = "xyes" ; then printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h @@ -8274,12 +8523,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit integer type" >&5 printf %s "checking for 64-bit integer type... " >&6; } if test ${tcl_cv_type_64bit+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) tcl_cv_type_64bit=none # See if the compiler knows natively about __int64 cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8292,12 +8541,13 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_type_64bit=__int64 -else $as_nop - tcl_type_64bit="long long" +else case e in #( + e) tcl_type_64bit="long long" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # See if we could use long anyway Note that we substitute in the # type that is our current guess for a 64-bit type inside this check # program, so it should be modified only carefully... @@ -8316,11 +8566,12 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_type_64bit=${tcl_type_64bit} fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "${tcl_cv_type_64bit}" = none ; then printf "%s\n" "#define TCL_WIDE_INT_IS_LONG 1" >>confdefs.h @@ -8345,12 +8596,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t" >&5 printf %s "checking for 64-bit time_t... " >&6; } if test ${tcl_cv_time_t_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8361,14 +8612,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_time_t_64=yes -else $as_nop - tcl_cv_time_t_64=no +else case e in #( + e) tcl_cv_time_t_64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_time_t_64" >&5 printf "%s\n" "$tcl_cv_time_t_64" >&6; } if test "x${tcl_cv_time_t_64}" = "xno" ; then # Note that _TIME_BITS=64 requires _FILE_OFFSET_BITS=64 @@ -8376,12 +8629,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if _TIME_BITS=64 enables 64-bit time_t" >&5 printf %s "checking if _TIME_BITS=64 enables 64-bit time_t... " >&6; } if test ${tcl_cv__time_bits+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _TIME_BITS 64 #include int @@ -8393,14 +8646,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv__time_bits=yes -else $as_nop - tcl_cv__time_bits=no +else case e in #( + e) tcl_cv__time_bits=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv__time_bits" >&5 printf "%s\n" "$tcl_cv__time_bits" >&6; } if test "x${tcl_cv__time_bits}" = "xyes" ; then @@ -8413,12 +8668,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct dirent64" >&5 printf %s "checking for struct dirent64... " >&6; } if test ${tcl_cv_struct_dirent64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int @@ -8430,14 +8685,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_struct_dirent64=yes -else $as_nop - tcl_cv_struct_dirent64=no +else case e in #( + e) tcl_cv_struct_dirent64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_struct_dirent64" >&5 printf "%s\n" "$tcl_cv_struct_dirent64" >&6; } if test "x${tcl_cv_struct_dirent64}" = "xyes" ; then @@ -8448,12 +8705,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DIR64" >&5 printf %s "checking for DIR64... " >&6; } if test ${tcl_cv_DIR64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int @@ -8466,14 +8723,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_DIR64=yes -else $as_nop - tcl_cv_DIR64=no +else case e in #( + e) tcl_cv_DIR64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_DIR64" >&5 printf "%s\n" "$tcl_cv_DIR64" >&6; } if test "x${tcl_cv_DIR64}" = "xyes" ; then @@ -8484,12 +8743,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct stat64" >&5 printf %s "checking for struct stat64... " >&6; } if test ${tcl_cv_struct_stat64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8501,14 +8760,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_struct_stat64=yes -else $as_nop - tcl_cv_struct_stat64=no +else case e in #( + e) tcl_cv_struct_stat64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_struct_stat64" >&5 printf "%s\n" "$tcl_cv_struct_stat64" >&6; } if test "x${tcl_cv_struct_stat64}" = "xyes" ; then @@ -8532,12 +8793,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for off64_t" >&5 printf %s "checking for off64_t... " >&6; } if test ${tcl_cv_type_off64_t+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8549,14 +8810,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_type_off64_t=yes -else $as_nop - tcl_cv_type_off64_t=no +else case e in #( + e) tcl_cv_type_off64_t=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_type_off64_t}" = "xyes" && \ test "x${ac_cv_func_lseek64}" = "xyes" && \ test "x${ac_cv_func_open64}" = "xyes" ; then @@ -8583,12 +8846,13 @@ printf %s "checking for build with symbols... " >&6; } # Check whether --enable-symbols was given. if test ${enable_symbols+y} then : enableval=$enable_symbols; tcl_ok=$enableval -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then CFLAGS_DEFAULT="${CFLAGS_OPTIMIZE} -DNDEBUG" LDFLAGS_DEFAULT="${LDFLAGS_OPTIMIZE}" @@ -8641,18 +8905,18 @@ # depends on values set by the TEA_ENABLE_SHARED, TEA_ENABLE_SYMBOLS, # and TEA_LOAD_TCLCONFIG macros above. #-------------------------------------------------------------------- -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -printf %s "checking for grep that handles long lines and -e... " >&6; } -if test ${ac_cv_path_GREP+y} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5 +printf %s "checking for egrep -e... " >&6; } +if test ${ac_cv_path_EGREP_TRADITIONAL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then - ac_path_GREP_found=false +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS @@ -8662,69 +8926,59 @@ *) as_dir=$as_dir/ ;; esac for ac_prog in grep ggrep do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( *GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - printf "%s\n" 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - $ac_path_GREP_found && break 3 + $ac_path_EGREP_TRADITIONAL_found && break 3 done done done IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -printf "%s\n" "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -printf %s "checking for egrep... " >&6; } -if test ${ac_cv_path_EGREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then + : + fi +else + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + + if test "$ac_cv_path_EGREP_TRADITIONAL" +then : + ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E" +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS @@ -8734,58 +8988,60 @@ *) as_dir=$as_dir/ ;; esac for ac_prog in egrep do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( *GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - $ac_path_EGREP_found && break 3 + $ac_path_EGREP_TRADITIONAL_found && break 3 done done done IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -printf "%s\n" "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + ;; +esac +fi ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5 +printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; } + EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL if test "${TEA_PLATFORM}" = "windows" -a "$GCC" != "yes"; then MAKE_STATIC_LIB="\${STLIB_LD} -out:\$@ \$(PKG_OBJECTS)" MAKE_SHARED_LIB="\${SHLIB_LD} \${LDFLAGS} \${LDFLAGS_DEFAULT} -out:\$@ \$(PKG_OBJECTS) \${SHLIB_LD_LIBS}" @@ -8796,11 +9052,11 @@ print("manifest needed") #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "manifest needed" >/dev/null 2>&1 + $EGREP_TRADITIONAL "manifest needed" >/dev/null 2>&1 then : # Could do a CHECK_PROG for mt, but should always be with MSVC8+ VC_MANIFEST_EMBED_DLL="if test -f \$@.manifest ; then mt.exe -nologo -manifest \$@.manifest -outputresource:\$@\;2 ; fi" VC_MANIFEST_EMBED_EXE="if test -f \$@.manifest ; then mt.exe -nologo -manifest \$@.manifest -outputresource:\$@\;1 ; fi" @@ -8921,20 +9177,20 @@ # This marco includes the TCL TLS specific functions to set the # OpenSSL or LibreSSL config. #-------------------------------------------------------------------- - if test -n "$ac_tool_prefix"; then + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PKG_CONFIG"; then +else case e in #( + e) if test -n "$PKG_CONFIG"; then ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -8952,11 +9208,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi PKG_CONFIG=$ac_cv_prog_PKG_CONFIG if test -n "$PKG_CONFIG"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 printf "%s\n" "$PKG_CONFIG" >&6; } @@ -8974,12 +9231,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_PKG_CONFIG"; then +else case e in #( + e) if test -n "$ac_ct_PKG_CONFIG"; then ac_cv_prog_ac_ct_PKG_CONFIG="$ac_ct_PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -8997,11 +9254,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_PKG_CONFIG=$ac_cv_prog_ac_ct_PKG_CONFIG if test -n "$ac_ct_PKG_CONFIG"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_PKG_CONFIG" >&5 printf "%s\n" "$ac_ct_PKG_CONFIG" >&6; } @@ -9023,16 +9281,38 @@ fi else PKG_CONFIG="$ac_cv_prog_PKG_CONFIG" fi + + # Check whether --enable-ssl3 was given. +if test ${enable_ssl3+y} +then : + enableval=$enable_ssl3; + if test "${enableval}" == "no"; then + +printf "%s\n" "#define NO_SSL3 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable SSL3 protocol" >&5 +printf %s "checking for disable SSL3 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + fi + +else case e in #( + e) +printf "%s\n" "#define NO_SSL3 1" >>confdefs.h + ;; +esac +fi + # Check whether --enable-tls1 was given. if test ${enable_tls1+y} then : enableval=$enable_tls1; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1 protocol" >&5 printf %s "checking for disable TLS1 protocol... " >&6; } @@ -9045,11 +9325,11 @@ # Check whether --enable-tls1_1 was given. if test ${enable_tls1_1+y} then : enableval=$enable_tls1_1; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.1 protocol" >&5 printf %s "checking for disable TLS1.1 protocol... " >&6; } @@ -9062,11 +9342,11 @@ # Check whether --enable-tls1_2 was given. if test ${enable_tls1_2+y} then : enableval=$enable_tls1_2; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.2 protocol" >&5 printf %s "checking for disable TLS1.2 protocol... " >&6; } @@ -9079,11 +9359,11 @@ # Check whether --enable-tls1_3 was given. if test ${enable_tls1_3+y} then : enableval=$enable_tls1_3; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.3 protocol" >&5 printf %s "checking for disable TLS1.3 protocol... " >&6; } @@ -9092,24 +9372,49 @@ fi fi + + # Check whether --enable-debug was given. +if test ${enable_debug+y} +then : + enableval=$enable_debug; + tcltls_debug_mode="$enableval" + +else case e in #( + e) + tcltls_debug_mode='no' + ;; +esac +fi + + if test "$tcltls_debug_mode" == 'yes'; then + +printf "%s\n" "#define TCLEXT_TCLTLS_DEBUG 1" >>confdefs.h + + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for debug mode" >&5 +printf %s "checking for debug mode... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_debug_mode" >&5 +printf "%s\n" "$tcltls_debug_mode" >&6; } + # Check whether --enable-ssl-fastpath was given. if test ${enable_ssl_fastpath+y} then : enableval=$enable_ssl_fastpath; tcltls_ssl_fastpath="$enableval" -else $as_nop - +else case e in #( + e) tcltls_ssl_fastpath='no' - + ;; +esac fi - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fast path" >&5 @@ -9122,18 +9427,19 @@ if test ${enable_hardening+y} then : enableval=$enable_hardening; tcltls_enable_hardening="$enableval" -else $as_nop - +else case e in #( + e) tcltls_enable_hardening='yes' - + ;; +esac fi - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then PKG_CFLAGS="$PKG_CFLAGS -fstack-protector-all" @@ -9155,14 +9461,15 @@ if test ${enable_static_ssl+y} then : enableval=$enable_static_ssl; TCLEXT_TLS_STATIC_SSL="$enableval" -else $as_nop - +else case e in #( + e) TCLEXT_TLS_STATIC_SSL='no' - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for static linking of openSSL libraries" >&5 printf %s "checking for static linking of openSSL libraries... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TCLEXT_TLS_STATIC_SSL" >&5 @@ -9174,15 +9481,16 @@ if test ${with_openssl_dir+y} then : withval=$with_openssl_dir; openssldir="$withval" -else $as_nop - +else case e in #( + e) openssldir='' - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL directory" >&5 printf %s "checking for OpenSSL directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssldir" >&5 @@ -9193,37 +9501,36 @@ if test ${with_openssl_includedir+y} then : withval=$with_openssl_includedir; opensslincludedir="$withval" -else $as_nop - - if test ! -z "$openssldir"; then +else case e in #( + e) + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL include directory" >&5 printf %s "checking for OpenSSL include directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslincludedir" >&5 printf "%s\n" "$opensslincludedir" >&6; } - if test ! -z "$opensslincludedir"; then + if test -n "$opensslincludedir"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 +printf %s "checking for ssl.h... " >&6; } if test -f "$opensslincludedir/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 -printf %s "checking for ssl.h... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 -printf %s "checking for ssl.h... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } as_fn_error $? "Unable to locate ssl.h" "$LINENO" 5 fi fi @@ -9233,42 +9540,43 @@ if test ${with_openssl_libdir+y} then : withval=$with_openssl_libdir; openssllibdir="$withval" -else $as_nop - - if test ! -z "$openssldir"; then - if test "$do64bit" == 'yes'; then +else case e in #( + e) + if test -n "$openssldir"; then + if test "$do64bit" == 'yes' -a -d $openssldir/lib64; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi else openssllibdir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL lib directory" >&5 printf %s "checking for OpenSSL lib directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssllibdir" >&5 printf "%s\n" "$openssllibdir" >&6; } - if test ! -z "$openssllibdir"; then - if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + LIBEXT=${SHLIB_SUFFIX} + else + LIBEXT='.a' + fi + + if test -f "$openssllibdir/libssl${LIBEXT}"; then + SSL_LIBS_PATH="-L$openssllibdir" else - as_fn_error $? "Unable to locate libssl${SHLIB_SUFFIX}" "$LINENO" 5 + as_fn_error $? "Unable to locate libssl${LIBEXT}" "$LINENO" 5 fi fi # Check whether --with-openssl-pkgconfig was given. @@ -9275,45 +9583,50 @@ if test ${with_openssl_pkgconfig+y} then : withval=$with_openssl_pkgconfig; opensslpkgconfigdir="$withval" -else $as_nop - +else case e in #( + e) if test -d ${libdir}/../pkgconfig; then opensslpkgconfigdir="$libdir/../pkgconfig" else opensslpkgconfigdir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL pkgconfig" >&5 printf %s "checking for OpenSSL pkgconfig... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslpkgconfigdir" >&5 printf "%s\n" "$opensslpkgconfigdir" >&6; } - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - if test -n "${PKG_CONFIG}"; then + USE_PKG_CONFIG=`"${PKG_CONFIG}" --list-package-names | grep openssl` + + if test -n "${PKG_CONFIG}" -a -n "${USE_PKG_CONFIG}"; then PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then as_fn_error $? "Unable to locate ${opensslpkgconfigdir}/openssl.pc" "$LINENO" 5 fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "${SHARED_BUILD}" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_INCLUDES"; then @@ -9320,21 +9633,26 @@ TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" fi - - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi - if test -z "$TCLTLS_SSL_CFLAGS"; then + if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi + fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + # HPUX: -Wl,-a,archive ... -Wl,-a,shared_archive + fi fi @@ -9477,12 +9795,12 @@ # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the +# 'ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* 'ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, @@ -9508,18 +9826,18 @@ done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote + # 'set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) - # `set' quotes correctly as required by POSIX, so do not add quotes. + # 'set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | @@ -9579,13 +9897,11 @@ t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote -s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g -s/\[/\\&/g -s/\]/\\&/g +s/[][ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\$/$$/g H :any ${ g @@ -9642,25 +9958,25 @@ ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -9728,11 +10044,11 @@ done IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then @@ -9755,11 +10071,10 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error - # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -9797,15 +10112,16 @@ then : eval 'as_fn_append () { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the @@ -9815,15 +10131,16 @@ then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then @@ -9902,13 +10219,13 @@ fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else @@ -9985,14 +10302,16 @@ } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## @@ -10004,11 +10323,11 @@ # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by tls $as_me 1.8.0, which was -generated by GNU Autoconf 2.71. Invocation command line was +generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS @@ -10031,11 +10350,11 @@ _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions +'$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... @@ -10059,14 +10378,14 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ tls config.status 1.8.0 -configured by $0, generated by GNU Autoconf 2.71, +configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' @@ -10119,12 +10438,12 @@ -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; + -*) as_fn_error $? "unrecognized option: '$1' +Try '$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac @@ -10171,11 +10490,11 @@ do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "pkgIndex.tcl") CONFIG_FILES="$CONFIG_FILES pkgIndex.tcl" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, @@ -10189,11 +10508,11 @@ # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. +# after its creation but before its name has been assigned to '$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" @@ -10213,11 +10532,11 @@ } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. +# This happens for instance with './config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. @@ -10379,11 +10698,11 @@ case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: @@ -10401,23 +10720,23 @@ do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. + # because $ac_f cannot contain ':'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done - # Let's still pretend it is `configure' which instantiates (i.e., don't + # Let's still pretend it is 'configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' @@ -10537,11 +10856,11 @@ s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF -# Neutralize VPATH when `$srcdir' = `.'. +# Neutralize VPATH when '$srcdir' = '.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub @@ -10566,13 +10885,13 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -1,19 +1,16 @@ #!/bin/bash -norc dnl This file is an input file used by the GNU "autoconf" program to dnl generate the file "configure", which is run during Tcl installation dnl to configure the system for the local environment. -# #----------------------------------------------------------------------- # This is the configure.ac for the TclTLS extension. The only places you # should need to modify this file are marked by the string __CHANGE__. #----------------------------------------------------------------------- #----------------------------------------------------------------------- -# Set your package name and version numbers here. -# # This initializes the environment with PACKAGE_NAME and PACKAGE_VERSION # set as provided. These will also be added as -D defs in your Makefile # so you can encode the package version directly into the source files. # This will also define a special symbol for Windows (BUILD_ # so that we create the export library with the dll. @@ -60,11 +57,10 @@ #----------------------------------------------------------------------- TEA_SETUP_COMPILER #----------------------------------------------------------------------- -# __CHANGE__ # Specify the C source files to compile in TEA_ADD_SOURCES, # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS @@ -75,30 +71,28 @@ TEA_ADD_HEADERS([generic/tls.h]) TEA_ADD_INCLUDES([]) TEA_ADD_LIBS([]) TEA_ADD_CFLAGS([]) TEA_ADD_STUB_SOURCES([]) -TEA_ADD_TCL_SOURCES([library/tls.tcl]) +TEA_ADD_TCL_SOURCES([library/tls.tcl license.terms README.txt]) #-------------------------------------------------------------------- -# # You can add more files to clean if your extension creates any extra # files by extending CLEANFILES. # Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # # A few miscellaneous platform-specific items: # TEA_ADD_* any platform specific compiler/build info here. #-------------------------------------------------------------------- -CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms" +TEA_ADD_CLEANFILES([pkgIndex.tcl generic/tls.tcl.h tlsUuid.h]) + if test "${TEA_PLATFORM}" = "windows" ; then - AC_DEFINE(BUILD_tls) - AC_DEFINE(WINDOWS) - CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch" + TEA_ADD_CLEANFILES([*.lib *.dll *.exp *.ilk *.pdb vc*.pch]) else - CLEANFILES="pkgIndex.tcl *.so" + TEA_ADD_CLEANFILES([*.so]) fi AC_SUBST(CLEANFILES) #-------------------------------------------------------------------- # Choose which headers you need. Extension authors should try very Index: doc/tls.html ================================================================== --- doc/tls.html +++ doc/tls.html @@ -7,55 +7,61 @@ -

Tcl Tls Extension Documentation

+

TCL Tls Extension Documentation

NAME
tls - binding to OpenSSL library - for socket and I/O channel communications.
+ for encrypted socket and I/O channel communications.
SYNOPSIS
-
package require Tcl ?8.5?
-
package require tls
-
 
-
tls::init ?options?
-
tls::socket ?options? host port
-
tls::socket ?-server command? ?options? port
-
tls::handshake channel
-
tls::status ?-local? channel
-
tls::connection channel
-
tls::import channel ?options?
-
tls::unimport channel
-
 
-
tls::protocols
-
tls::version
-
-
+
package require Tcl ?8.5-?
+
package require tls ?1.8-?
+
 
+
tls::init ?options?
+
tls::socket ?options? host port
+
tls::socket ?-server command? ?options? port
+
tls::handshake channel
+
tls::status ?-local? channel
+
tls::connection channel
+
tls::import channel ?options?
+
tls::unimport channel
+
 
+
tls::ciphers ?protocol? ?verbose? ?supported?
+
tls::protocols
+
tls::version
+
COMMANDS
+
CERTIFICATE VALIDATION
CALLBACK OPTIONS
+
DEBUG
HTTPS EXAMPLE
-
SPECIAL CONSIDERATIONS
+
SPECIAL CONSIDERATIONS
SEE ALSO
+

NAME

tls - binding to OpenSSL library -for socket and I/O channel communications.

+for encrypted socket and I/O channel communications.

+
+ +

SYNOPSIS

-

package require Tcl ?8.5?
-package require tls
+

package require Tcl ?8.5-?
+package require tls ?1.8-?

tls::init ?options?
tls::socket ?options? host port
tls::socket ?-server command? ?options? port
tls::status ?-local? channel
@@ -62,196 +68,207 @@ tls::connection channel
tls::handshake channel
tls::import channel ?options?
tls::unimport channel

+tls::ciphers ?protocol? ?verbose? ?supported?
tls::protocols
tls::version

+
+ +

DESCRIPTION

This extension provides TCL script access to secure socket communications using the Transport Layer Security (TLS) protocol. It provides a generic -binding to OpenSSL, utilizing the -Tcl_StackChannel API in Tcl 8.4 and higher. +binding to OpenSSL, utilizing the +Tcl_StackChannel API in TCL 8.4 and higher. These sockets behave exactly the same as channels created using the built-in socket command, along with additional options for controlling -the SSL session. +the SSL/TLS session.

+
+ +

COMMANDS

Typically one would use the tls::socket command -which provides compatibility with the native Tcl socket +which provides compatibility with the native TCL socket command. In such cases tls::import should not be used directly.

-
tls::init ?options?
Optional function to set the default options used by tls::socket. If you call tls::import - directly this routine has no effect. Any of the options - that tls::socket accepts can be set - using this command, though you should limit your options - to only TLS related ones.
+ directly, this command has no effect. This command supports all of the + same options as the tls::socket command, though you + should limit your options to only TLS related ones.
 
tls::socket ?options? host port
tls::socket ?-server command? ?options? port
-
This is a helper function that utilizes the underlying - commands (tls::import). It behaves - exactly the same as the native Tcl socket - command except the options can also include any of the - applicable tls:import - options with one additional option:
-
-
+
This is a helper function that utilizes the underlying commands + (socket and tls::import) to create + the connection. It behaves the same as the native TCL socket + command, but also supports the tls:import + command options and one additional option:
+
-autoservername bool
Automatically set the -servername argument to the host - argument (default is false).
-
-
+ argument (default is false). +
tls::import channel ?options?
-
Add SSL/TLS encryption to a regular Tcl channel. It need +
Add SSL/TLS encryption to a regular TCL channel. It need not be a socket, but must provide bi-directional flow. Also set session parameters for SSL handshake.
- -
-
+
-alpn list
List of protocols to offer during Application-Layer Protocol Negotiation (ALPN). For example: h2 and http/1.1, but not h3 or quic.
-cadir dir
-
Set the CA certificates path. The default directory is platform - specific and can be set at compile time. This can be overridden - via the SSL_CERT_DIR environment variable.
+
Specifies the directory where the Certificate Authority (CA) + certificates are stored. The default is platform specific and can be + set at compile time. The default location can be overridden via the + SSL_CERT_DIR environment variable. + See CERTIFICATE VALIDATION.
-cafile filename
-
Set the certificate authority (CA) certificates file. The default - is the cert.pem file in the OpsnSSL directory. This can also be - overridden via the SSL_CERT_FILE environment variable.
+
Specifies the file with the Certificate Authority (CA) certificates + to use. The default is cert.pem, in the OpenSSL directory. + The default file can be overridden via the SSL_CERT_FILE + environment variable. + See CERTIFICATE VALIDATION.
+
-castore URI
+
URI for a Certificate Authority (CA) store, which may be a single + container or a catalog of containers. Starting with OpenSSL 3.2 on + Windows, set to "org.openssl.winstore://" to use the built-in + Windows Cert Store. The Windows cert store only supports root + certificate stores. + See CERTIFICATE VALIDATION.
-certfile filename
-
Specify the filename with the certificate to use.
-
-cert filename
-
Specify the contents of a certificate to use, as a DER - encoded binary value (X.509 DER).
+
Specifies the file with the certificate to use in PEM format. + This also contains the public key.
+
-cert binary_string
+
Specifies the certificate to use as a DER encoded string (X.509 DER).
-cipher string
-
List of ciphers to use. String is a colon (":") separated list - of ciphers. Ciphers can be combined - using the + character. Prefixes can be used to permanently - remove ("!"), delete ("-"), or move a cypher to the end of - the list ("+"). Keywords @STRENGTH (sort by algorithm - key length), @SECLEVEL=n (set security level to - n), and DEFAULT (use default cipher list, at start only) - can also be specified. See OpenSSL documentation for the full - list of valid values. (TLS 1.2 and earlier only)
+
Specifies the list of ciphers to use for TLS 1.2 and earlier. String is a + colon (":") separated list of ciphers. Ciphers can be combined using the + + character. Prefixes can be used to permanently remove ("!"), + delete ("-"), or move a cipher to the end of the list ("+"). Keywords + @STRENGTH (sort by algorithm key length), @SECLEVEL=n + (set security level to n), and DEFAULT (use default cipher list, + at start only) can also be specified. See OpenSSL documentation for the + full list of valid values.
-ciphersuites string
-
List of cipher suites to use. String is a colon (":") - separated list of cipher suite names. (TLS 1.3 only)
+
Specifies the list of cipher suites to use for TLS 1.3. String is a colon + (":") separated list of cipher suite names.
-command callback
-
Callback command to invoke at several points during the handshake. - This is used to pass errors and tracing information, and - it can allow Tcl scripts to perform their own certificate - validation in place of the default validation provided by - OpenSSL. See CALLBACK OPTIONS - for further discussion.
+
Specifies the callback command to be invoked at several points during the + handshake to pass errors, tracing information, and protocol messages. + See CALLBACK OPTIONS for more info.
-dhparams filename
-
Specify the Diffie-Hellman parameters file.
+
Specifies the Diffie-Hellman (DH) parameters file.
-keyfile filename
-
Specify the private key file. (default is - value of -certfile)
+
Specifies the private key file. (default is value of -certfile).
-key filename
-
Specify the private key to use as a DER encoded value (PKCS#1 DER)
+
Specifies the private key to use as a DER encoded string (PKCS#1 DER).
-model channel
Force this channel to share the same SSL_CTX structure as the specified channel, and therefore share callbacks etc.
-password callback
-
Callback command to invoke when OpenSSL needs to obtain a password. - Typically used to unlock the private key of a certificate. The - callback should return a string which represents the password - to be used. See CALLBACK OPTIONS - for further discussion.
+
Specifies the callback command to invoke when OpenSSL needs to + obtain a password. This is typically used to unlock the private key of + a certificate. The callback should return a password string. + See CALLBACK OPTIONS for more info.
-post_handshake bool
-
Allow post-handshake ticket updates.
+
Allow post-handshake session ticket updates.
-request bool
-
Request a certificate from peer during SSL handshake. - (default is true)
+
Request a certificate from peer during the SSL handshake. This is + needed to do certificate validation. (default is true). + See CERTIFICATE VALIDATION.
-require bool
-
Require a valid certificate from peer during SSL handshake. - If this is set to true, then -request must - also be set to true and a either a -cadir, -cafile, or platform - default must be provided in order to validate against. - (default is false)
+
Require a valid certificate from peer during SSL handshake. If this + is set to true, then -request must also be set to + true and a either a -cadir, -cafile, -castore, or platform default + must be provided in order to validate against. (default is false). + See CERTIFICATE VALIDATION.
-security_level integer
-
Set security level. Must be 0 to 5. The security level affects - the cipher suite encryption algorithms, supported ECC curves, - supported signature algorithms, DH parameter sizes, certificate - key sizes and signature algorithms. The default is 1. - Level 3 and higher disable support for session tickets and only - accept cipher suites that provide forward secrecy.
+
Specifies the security level (value from 0 to 5). The security level + affects the cipher suite encryption algorithms, supported ECC curves, + supported signature algorithms, DH parameter sizes, certificate key + sizes and signature algorithms. The default is 1 prior to OpenSSL 3.2 + and 2 thereafter. Level 3 and higher disable support for session + tickets and only accept cipher suites that provide forward secrecy.
-server bool
-
Set to act as a server and respond with a server handshake when - a client connects and provides a client handshake. +
Specifies whether to act as a server and respond with a server + handshake when a client connects and provides a client handshake. (default is false)
-servername host
-
Specify server's hostname. Used to set the TLS 'Server Name - Indication' (SNI) extension. Set to the expected servername - in the server's certificate or one of the subjectAltName - alternates.
+
Specify server's hostname. This is used to set the TLS Server Name + Indication (SNI) extension. Set this to the expected servername in the + server's certificate or one of the subjectAltName alternates.
-session_id string
-
Session id to resume session.
+
Specifies the session id to resume session.
-ssl2 bool
-
Enable use of SSL v2. (default is false)
+
Enable use of SSL v2. (default is false). + Note: Recent versions of OpenSSL don't support SSLv2.
-ssl3 bool
-
Enable use of SSL v3. (default is false)
+
Enable use of SSL v3. (default is false). + Note: SSL v3 must also be enabled with a compile time option.
-tls1 bool
-
Enable use of TLS v1. (default is true)
+
Enable use of TLS v1. (default is true). + Note: TLS 1.0 needs SHA1 to operate, which is only available in + security level 0 for Open SSL 3.0+.
-tls1.1 bool
-
Enable use of TLS v1.1 (default is true)
+
Enable use of TLS v1.1 (default is true). + Note: TLS 1.1 needs SHA1 to operate, which is only available in + security level 0 for Open SSL 3.0+.
-tls1.2 bool
Enable use of TLS v1.2 (default is true)
-tls1.3 bool
Enable use of TLS v1.3 (default is true)
-validatecommand callback
-
Callback command to invoke to verify or validate protocol config - parameters during the protocol negotiation phase. See - CALLBACK OPTIONS - for further discussion.
-
-
- +
Specifies the callback command to invoke to validate protocol + config parameters during the protocol negotiation phase. This can be + used by TCL scripts to perform their own certificate validation to + supplement the default validation provided by OpenSSL. The script must + return a boolean true to continue the negotiation. See + CALLBACK OPTIONS for more info.
+
tls::unimport channel
Provided for symmetry to tls::import, this - unstacks the encryption of a regular Tcl channel. An error - is thrown if TLS is not the top stacked channel type.
+ unstacks the encryption of a regular TCL channel. An error + is thrown if TLS is not the top stacked channel type.
 
tls::handshake channel
Forces handshake to take place, and returns 0 if handshake is still in progress (non-blocking), or 1 if the handshake was successful. If the handshake failed this routine will throw an error.
 
tls::status - ?-local? channel
+ ?-local? channel
Returns the current status of an SSL channel. The result is a list of key-value pairs describing the SSL, certificate, and certificate verification status. If the SSL handshake has not yet completed, an empty list is returned. If -local is specified, then the local certificate is used.
-
- SSL Status +
+ SSL Status
alpn protocol
The protocol selected after Application-Layer Protocol Negotiation (ALPN).
cipher cipher
-
The current cipher in use between for the channel.
+
The current cipher in use for the session.
peername name
The peername from the certificate.
protocol version
The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.
@@ -269,38 +286,34 @@
verifyResult result
Certificate verification result.
ca_names list
List of the Certificate Authorities used to create the certificate.
-
-
- Certificate Status + Certificate Status
all string
Dump of all certificate info.
-
version value
The certificate version.
serialNumber n
The serial number of the certificate as a hex string.
signature algorithm
Cipher algorithm used for certificate signature.
issuer dn
The distinguished name (DN) of the certificate issuer.
notBefore date
-
The begin date for the validity of the certificate.
+
The beginning date of the certificate validity.
notAfter date
-
The expiration date for the certificate.
+
The expiration date of the certificate validity.
subject dn
The distinguished name (DN) of the certificate subject. Fields include: Common Name (CN), Organization (O), Locality or City (L), State or Province (S), and Country Name (C).
issuerUniqueID string
The issuer unique id.
subjectUniqueID string
The subject unique id.
-
num_extensions n
Number of certificate extensions.
extensions list
List of certificate extension names.
authorityKeyIdentifier string
@@ -307,21 +320,19 @@
(AKI) Key identifier of the Issuing CA certificate that signed the SSL certificate as a hex string. This value matches the SKI value of the Intermediate CA certificate.
subjectKeyIdentifier string
(SKI) Hash of the public key inside the certificate as a hex - string. Used to identify certificates that contain a particular - public key.
+ string. Used to identify certificates that contain a particular + public key.
subjectAltName list
List of all of the alternative domain names, sub domains, and IP addresses that are secured by the certificate.
ocsp list
List of all Online Certificate Status Protocol (OCSP) URLs.
-
certificate cert
The PEM encoded certificate.
-
signatureAlgorithm algorithm
Cipher algorithm used for the certificate signature.
signatureValue string
Certificate signature as a hex string.
signatureDigest version
@@ -332,24 +343,23 @@
Certificate signature public key as a hex string.
bits n
Number of bits used for certificate signature key.
self_signed boolean
Whether the certificate signature is self signed.
-
sha1_hash hash
The SHA1 hash of the certificate as a hex string.
sha256_hash hash
The SHA256 hash of the certificate as a hex string.
-
+
tls::connection channel
Returns the current connection status of an SSL channel. The result is a list of key-value pairs describing the connection.
-
- SSL Status +
+ SSL Status
state state
State of the connection.
servername name
The name of the connected to server.
@@ -369,13 +379,11 @@
expansion mode
Expansion method.
caList list
List of Certificate Authorities (CA) for X.509 certificate.
-
-
- Cipher Info + Cipher Info
cipher cipher
The current cipher in use for the connection.
standard_name name
The standard RFC name of cipher.
@@ -385,21 +393,19 @@
The number of secret bits used for cipher.
min_version version
The minimum protocol version for cipher.
cipher_is_aead boolean
Whether the cipher is Authenticated Encryption with - Associated Data (AEAD).
+ Associated Data (AEAD).
cipher_id id
The OpenSSL cipher id.
description string
A text description of the cipher.
handshake_digest boolean
Digest used during handshake.
-
-
- Session Info + Session Info
alpn protocol
The protocol selected after Application-Layer Protocol Negotiation (ALPN).
resumable boolean
@@ -419,291 +425,342 @@
master_key binary_string
Unique session master key.
session_cache_mode mode
Server cache mode (client, server, or both).
-
+
+
tls::ciphers + ?protocol? ?verbose? ?supported?
+
Without any args, returns a list of all symmetric ciphers for use + with the -cipher option. With protocol, + only the ciphers supported for that protocol are returned. See + tls::protocols command + for the supported protocols. If verbose is specified as true + then a verbose, human readable list is returned with additional + information on the cipher. If supported is specified as true, + then only the ciphers supported for protocol will be listed.
+
 
tls::protocols
-
Returns a list of the supported protocols. Valid values are: +
Returns a list of the supported SSL/TLS protocols. Valid values are: ssl2, ssl3, tls1, tls1.1, tls1.2, and tls1.3. Exact list depends on OpenSSL version and compile time flags.
- +
 
tls::version
Returns the OpenSSL version string.
+
+ +
+ +

CERTIFICATE VALIDATION

+ +

Summary of command line options:

+

The following options are used for certificate validation:

+
    +
  • The -cadir option specifies the directory where the Certificate +Authority (CA) certificates are stored. The default is platform specific, but +is usually "/etc/ssl/certs" on Linux/Unix systems. The default location can be +overridden via the SSL_CERT_DIR environment variable.
  • +
  • The -cafile option specifies the file that contains all of the +Certificate Authority (CA) certificates in the PEM file format. The default is +cert.pem, in the OpenSSL directory. On Linux/Unix systems, this is +usually "/etc/ssl/ca-bundle.pem". The default file can be overridden via the +SSL_CERT_FILE environment variable.
  • +
  • The -castore option contains the URI to the Certificate Authority +(CA) store, which may be a single container or a catalog of containers. +Starting with OpenSSL 3.2 on Windows, set this to "org.openssl.winstore://" to +use the built-in Windows Certificate Store. The Windows cert store only +supports root certificate stores.
  • +
  • The -request option is used to request the server send its +certificate chain as part of the connection negotiation process. This is +needed to do certificate validation. The default is true. In addition, the +client can manually inspect and accept or reject each certificate using the +-validatecommand option.
  • +
  • The -require option is used to require certificate validation be +performed as part of the connection negotiation process. A valid CA directory, +file, or store must be present for this to work.
  • +
+ +
+

When are command line options needed:

+

+By default, a client TLS connection does NOT validate the server certificate +chain. This limitation is due to the lack of a common cross platform +database of Certificate Authority (CA) provided certificates to validate +against. Many Linux systems natively support OpenSSL and thus have these +certificates installed as part of the OS, but MacOS and Windows do not. In +order to use the -require option, one of the following must be true:

+
    +
  • On Linux and Unix systems with OpenSSL already installed, if the CA +certificates are stored in the standard locations, or the SSL_CERT_DIR +or SSL_CERT_FILE env vars are set, then no other options are needed.
  • + +
  • If OpenSSL is not installed in the default location, or when using Mac OS +or Windows and OpenSSL is installed, the SSL_CERT_DIR and/or +SSL_CERT_FILE env vars or the -cadir and/or -cafile + options must be defined.
  • + +
  • On Windows, starting in OpenSSL 3.2, it is now possible to access the +built-in Windows Certificate Store from OpenSSL. This can be achieved by +setting the -castore option to "org.openssl.winstore://".
  • + +
  • If OpenSSL is not installed, the CA certificates must be downloaded and +installed with the user software. The CURL team makes them available at +CA certificates extracted +from Mozilla in the cacert.pem file. You must then either +set the SSL_CERT_DIR and/or SSL_CERT_FILE env vars or the +-cadir or -cafile options must be set to the file's install +location. It is your responsibility to keep this file up to date.
  • +
+
+ +

CALLBACK OPTIONS

As indicated above, individual channels can be given their own callbacks to handle intermediate processing by the OpenSSL library, using the -command, -password, and -validate_command options passed to either of tls::socket or tls::import. -If the callback generates an error, the bgerror command will be -invoked with the error information. +Unlike previous versions of TCL TLS, only if the callback generates an error, +will the bgerror command will be invoked with the error information.

-
-
-command callback
Invokes the specified callback script at several points during the OpenSSL handshake and use. See below for the possible arguments passed to the callback script. Values returned from the callback are ignored. - -
-
- -
- -
- error channelId message -
-
- This form of callback is invoked whenever an error occurs during the - initial connection, handshake, or I/O operations. The message - argument can be from the Tcl_ErrnoMsg, OpenSSL function - ERR_reason_error_string(), or a custom message. -
- -
- -
- info channelId major minor message type -
-
- This form of callback is invoked by the OpenSSL function - SSL_set_info_callback() during the initial connection - and handshake operations. The type argument is new for - TLS 1.8. The arguments are: -
-
    -
  • Possible values for major are: - handshake, alert, connect, accept.
  • -
  • Possible values for minor are: - start, done, read, write, loop, exit.
  • -
  • The message argument is a descriptive string which may - be generated either by SSL_state_string_long() or by - SSL_alert_desc_string_long(), depending on the context.
  • -
  • For alerts, the possible values for type are: - warning, fatal, and unknown. For others, - info is used.
  • -
-
- -
- message channelId direction version content_type message -
-
- This form of callback is invoked by the OpenSSL function - SSL_set_msg_callback() whenever a message is sent or - received during the initial connection, handshake, or I/O operations. - It is only available when OpenSSL is complied with the - enable-ssl-trace option. Arguments are: direction - is Sent or Received, version is the protocol - version, content_type is the message content type, and - message is more info from the SSL_trace API. - This callback is new for TLS 1.8. -
-
- -
- session channelId session_id ticket lifetime -
-
- This form of callback is invoked by the OpenSSL function - SSL_CTX_sess_set_new_cb() whenever a new session id is - sent by the server during the initial connection and handshake, but - can also be received later if the -post_handshake option is - used. Arguments are: session_id is the current - session identifier, ticket is the session ticket info, and - lifetime is the the ticket lifetime in seconds. - This callback is new for TLS 1.8. -
-
-
-
- -
- +
+
+
+ error channelId message +
+
+ This form of callback is invoked whenever an error occurs during the + initial connection, handshake, or I/O operations. The message + argument can be from the Tcl_ErrnoMsg, OpenSSL function + ERR_reason_error_string(), or a custom message. +
+
+
+ info channelId major minor message type +
+
+ This form of callback is invoked by the OpenSSL function + SSL_set_info_callback() during the initial connection + and handshake operations. The type argument is new for + TLS 1.8. The arguments are: +
+
    +
  • Possible values for major are: + handshake, alert, connect, accept.
  • +
  • Possible values for minor are: + start, done, read, write, loop, exit.
  • +
  • The message argument is a descriptive string which may + be generated either by SSL_state_string_long() or by + SSL_alert_desc_string_long(), depending on the context.
  • +
  • For alerts, the possible values for type are: + warning, fatal, and unknown. For others, + info is used.
  • +
+
+
+ message channelId direction version content_type message +
+
+ This form of callback is invoked by the OpenSSL function + SSL_set_msg_callback() whenever a message is sent or + received during the initial connection, handshake, or I/O operations. + It is only available when OpenSSL is complied with the + enable-ssl-trace option. Arguments are: direction + is Sent or Received, version is the protocol + version, content_type is the message content type, and + message is more info from the SSL_trace API. + This callback is new for TLS 1.8. +
+
+
+ session channelId session_id ticket lifetime +
+
+ This form of callback is invoked by the OpenSSL function + SSL_CTX_sess_set_new_cb() whenever a new session id is + sent by the server during the initial connection and handshake, but + can also be received later if the -post_handshake option is + used. Arguments are: session_id is the current + session identifier, ticket is the session ticket info, and + lifetime is the the ticket lifetime in seconds. + This callback is new for TLS 1.8. +
+
+ +
+
+
-password callback
Invokes the specified callback script when OpenSSL needs to obtain a password. See below for the possible arguments passed to the callback script. See below for valid return values. -
-
-
- -
- password rwflag size -
-
- Invoked when loading or storing a PEM certificate with encryption. - Where rwflag is 0 for reading/decryption or 1 for - writing/encryption (can prompt user to confirm) and - size is the max password length in bytes. - The callback should return the password as a string. - Both arguments are new for TLS 1.8. -
-
- -
- - +
+ password rwflag size +
+
+ Invoked when loading or storing a PEM certificate with encryption. + Where rwflag is 0 for reading/decryption or 1 for + writing/encryption (can prompt user to confirm) and size is + the max password length in bytes. The callback should return the + password as a string. Both arguments are new for TLS 1.8. +
+
+ + +
+
-validatecommand callback
Invokes the specified callback script during handshake in order to validate the provided value(s). See below for the possible arguments passed to the callback script. If not specified, OpenSSL will accept valid certificates and extensions. To reject the value and abort the connection, the callback should return 0. To accept the value and continue the connection, it should return 1. To reject the value, but continue the connection, it should return 2. -
-
-
- -
- alpn channelId protocol match -
-
- For servers, this form of callback is invoked when the client ALPN - extension is received. If match is true, protocol - is the first -alpn option specified protocol common to both - the client and server. If not, the first client specified protocol is - used. It is called after the hello and ALPN callbacks. - This callback is new for TLS 1.8. -
- -
- -
- hello channelId servername -
-
- For servers, this form of callback is invoked during client hello - message processing. The purpose is so the server can select the - appropriate certificate to present to the client, and to make other - configuration adjustments relevant to that server name and its - configuration. It is called before the SNI and ALPN callbacks. - This callback is new for TLS 1.8. -
- -
- -
- sni channelId servername -
-
- For servers, this form of callback is invoked when the Server Name - Indication (SNI) extension is received. The servername - argument is the client provided server name in the -servername - option. The purpose is so when a server supports multiple names, the - right certificate can be used. It is called after the hello callback - but before the ALPN callback. - This callback is new for TLS 1.8. -
- -
- -
- verify channelId depth cert status error -
-
- This form of callback is invoked by OpenSSL when a new certificate - is received from the peer. It allows the client to check the - certificate verification results and choose whether to continue - or not. It is called for each certificate in the certificate chain. -
    -
  • The depth argument is the integer depth of the - certificate in the certificate chain, where 0 is the peer certificate - and higher values going up to the Certificate Authority (CA).
  • -
  • The cert argument is a list of key-value pairs similar - to those returned by - tls::status.
  • -
  • The status argument is the boolean validity of the - current certificate where 0 is invalid and 1 is valid.
  • -
  • The error argument is the error message, if any, generated - by X509_STORE_CTX_get_error().
  • -
-
-
+
+ alpn channelId protocol match +
+
+ For servers, this form of callback is invoked when the client ALPN + extension is received. If match is true, protocol + is the first -alpn option specified protocol common to both + the client and server. If not, the first client specified protocol is + used. It is called after the hello and ALPN callbacks. + This callback is new for TLS 1.8. +
+
+
+ hello channelId servername +
+
+ For servers, this form of callback is invoked during client hello + message processing. The purpose is so the server can select the + appropriate certificate to present to the client, and to make other + configuration adjustments relevant to that server name and its + configuration. It is called before the SNI and ALPN callbacks. + This callback is new for TLS 1.8. +
+
+
+ sni channelId servername +
+
+ For servers, this form of callback is invoked when the Server Name + Indication (SNI) extension is received. The servername + argument is the client provided server name in the -servername + option. The purpose is so when a server supports multiple names, the + right certificate can be used. It is called after the hello callback + but before the ALPN callback. + This callback is new for TLS 1.8. +
+
+
+ verify channelId depth cert status error +
+
+ This form of callback is invoked by OpenSSL when a new certificate + is received from the peer. It allows the client to check the + certificate verification results and choose whether to continue + or not. It is called for each certificate in the certificate chain. +
    +
  • The depth argument is the integer depth of the + certificate in the certificate chain, where 0 is the peer certificate + and higher values going up to the Certificate Authority (CA).
  • +
  • The cert argument is a list of key-value pairs similar + to those returned by + tls::status.
  • +
  • The status argument is the boolean validity of the + current certificate where 0 is invalid and 1 is valid.
  • +
  • The error argument is the error message, if any, generated + by X509_STORE_CTX_get_error().
  • +
+
+
-

Reference implementations of these callbacks are provided in the distribution as tls::callback, tls::password, -and tls::validate_command respectively. Note that these are -sample implementations only. In a more realistic deployment +and tls::validate_command respectively. Note that these are +sample implementations only. In a more realistic deployment you would specify your own callback scripts on each TLS channel using the --command, -password, and -validate_command options. +-command, -password, and +-validate_command options.

-

The default behavior when the -command and -validate_command options are not specified is for TLS to process the associated library callbacks internally. The default behavior when the -password option is not specified is for TLS to process the associated library callbacks by attempting to call tls::password. The difference between these two behaviors is a consequence of maintaining compatibility with earlier implementations.

-

The use of the reference callbacks tls::callback, tls::password, and tls::validate_command -is not recommended. They may be removed from future releases. +is not recommended. They may be removed from future releases.

+
+ +

DEBUG

-TLS key logging can be enabled by setting the environment variable +

For most debugging needs, the -callback option can be used to provide +sufficient insight and information on the TLS handshake and progress. If further +troubleshooting insight is needed, the compile time option --enable-debug +can be used to get detailed execution flow status.

+ +

TLS key logging can be enabled by setting the environment variable SSLKEYLOGFILE to the name of the file to log to. Then whenever TLS key material is generated or received it will be logged to the file. This is useful for logging key data for network logging tools to use to -decrypt the data. +decrypt the data.

-

-The tls::debug variable provides some additional -control over these reference callbacks. Its value is zero by default. +

The tls::debug variable provides some additional +control over these reference callbacks. Its value is zero by default. Higher values produce more diagnostic output, and will also force the verify method in tls::callback to accept the certificate, even when it is invalid if the tls::validate_command -callback is used for the -validatecommand option. -

- -

- -The use of the variable tls::debug is not recommended. -It may be removed from future releases. - -

+callback is used for the -validatecommand option.

+ +

The use of the variable tls::debug is not recommended. +It may be removed from future releases.

Debug Examples

These examples use the default Unix platform SSL certificates. For standard installations, -cadir and -cafile should not be needed. If your certificates are in non-standard locations, update -cadir or use -cafile as needed.


-Example #1: Use HTTP package - +

Example #1: Use HTTP package


 package require http
 package require tls
 set url "https://www.tcl.tk/"
 
@@ -722,11 +779,11 @@
 
 # Cleanup
 ::http::cleanup $token
 
-Example #2: Use raw socket +

Example #2: Use raw socket


 package require tls
 
 set url "www.tcl-lang.org"
 set port 443
@@ -748,20 +805,21 @@
 close $ch
 parray status
 parray conn
 parray chan
 
+
+

HTTPS EXAMPLE

These examples use the default Unix platform SSL certificates. For standard installations, -cadir and -cafile should not be needed. If your certificates are in non-standard locations, update -cadir or use -cafile as needed.

-Example #1: Get web page - +

Example #1: Get web page


 package require http
 package require tls
 set url "https://www.tcl.tk/"
 
@@ -779,12 +837,11 @@
 
 # Cleanup
 ::http::cleanup $token
 
-Example #2: Download file - +

Example #2: Download file


 package require http
 package require tls
 
 set url "https://wiki.tcl-lang.org/sitemap.xml"
@@ -798,23 +855,28 @@
 
 # Cleanup
 close $ch
 ::http::cleanup $token
 
+
+ +

SPECIAL CONSIDERATIONS

The capabilities of this package can vary enormously based upon how the linked to OpenSSL library was configured and built. New versions may obsolete older protocol versions, add or remove ciphers, change default values, etc. Use the tls::protocols commands to obtain the supported protocol versions.

+ +

SEE ALSO

socket, fileevent, http, -OpenSSL

+OpenSSL


 Copyright © 1999 Matt Newman.

Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -25,10 +25,13 @@
 #include "tlsInt.h"
 #include "tclOpts.h"
 #include "tlsUuid.h"
 #include 
 #include 
+#include 
+#include 
+#include 
 #include 
 #include 
 
 /* Min OpenSSL version */
 #if OPENSSL_VERSION_NUMBER < 0x10101000L
@@ -44,14 +47,12 @@
 	(((key) == NULL) ? (char *) NULL : \
 		Tcl_TranslateFileName(interp, (key), (dsp)))
 
 static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key,
 		char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1,
-		int key_asn1_len, int cert_asn1_len, char *CApath, char *CAfile,
-		char *ciphers, char *ciphersuites, int level, char *DHparams);
-
-static int	TlsLibInit(int uninitialize);
+		Tcl_Size key_asn1_len, Tcl_Size cert_asn1_len, char *CApath, char *CAstore,
+		char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams);
 
 #define TLS_PROTO_SSL2		0x01
 #define TLS_PROTO_SSL3		0x02
 #define TLS_PROTO_TLS1		0x04
 #define TLS_PROTO_TLS1_1	0x08
@@ -59,33 +60,10 @@
 #define TLS_PROTO_TLS1_3	0x20
 #define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))
 
 #define SSLKEYLOGFILE		"SSLKEYLOGFILE"
 
-/*
- * Thread-Safe TLS Code
- */
-
-#ifdef TCL_THREADS
-#define OPENSSL_THREAD_DEFINES
-#include 
-
-#ifdef OPENSSL_THREADS
-#include 
-#include 
-
-/*
- * Threaded operation requires locking callbacks
- * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
- */
-
-static Tcl_Mutex *locks = NULL;
-static int locksCount = 0;
-static Tcl_Mutex init_mx;
-#endif /* OPENSSL_THREADS */
-#endif /* TCL_THREADS */
-
 
 /********************/
 /* Callbacks        */
 /********************/
 
@@ -158,16 +136,17 @@
 static void
 InfoCallback(const SSL *ssl, int where, int ret) {
     State *statePtr = (State*)SSL_get_app_data((SSL *)ssl);
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
-    char *major; char *minor;
+    const char *major, *minor;
 
     dprintf("Called");
 
-    if (statePtr->callback == (Tcl_Obj*)NULL)
+    if (statePtr->callback == (Tcl_Obj*)NULL) {
 	return;
+    }
 
     if (where & SSL_CB_HANDSHAKE_START) {
 	major = "handshake";
 	minor = "start";
     } else if (where & SSL_CB_HANDSHAKE_DONE) {
@@ -237,12 +216,13 @@
     char buffer[15000];
     buffer[0] = 0;
 
     dprintf("Called");
 
-    if (statePtr->callback == (Tcl_Obj*)NULL)
+    if (statePtr->callback == (Tcl_Obj*)NULL) {
 	return;
+    }
 
     switch(version) {
 #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2)
     case SSL2_VERSION:
 	ver = "SSLv2";
@@ -309,10 +289,12 @@
 	n = (n<0) ? 0 : n;
 	buffer[n] = 0;
 	(void)BIO_flush(bio);
 	BIO_free(bio);
    }
+
+    dprintf("Message direction=%d, ver=%s, type=%s, message=%s", write_p, ver, type, &buffer[0]);
 
     /* Create command to eval with fn, chan, direction, version, type, and message args */
     cmdPtr = Tcl_DuplicateObj(statePtr->callback);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("message", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr,
@@ -386,25 +368,27 @@
 	}
     } else if (cert == NULL || ssl == NULL) {
 	return 0;
     }
 
-    dprintf("VerifyCallback: eval callback");
+    dprintf("VerifyCallback: create callback command");
 
     /* Create command to eval with fn, chan, depth, cert info list, status, and error args */
     cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("verify", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr,
 	Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(depth));
-    Tcl_ListObjAppendElement(interp, cmdPtr, Tls_NewX509Obj(interp, cert));
+    Tcl_ListObjAppendElement(interp, cmdPtr, Tls_NewX509Obj(interp, cert, 0));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(ok));
     Tcl_ListObjAppendElement(interp, cmdPtr,
 	Tcl_NewStringObj((char*)X509_verify_cert_error_string(err), -1));
 
     /* Prevent I/O while callback is in progress */
     /* statePtr->flags |= TLS_TCL_CALLBACK; */
+
+    dprintf("VerifyCallback: eval callback");
 
     /* Eval callback command */
     Tcl_IncrRefCount(cmdPtr);
     ok = EvalCallback(interp, statePtr, cmdPtr);
     Tcl_DecrRefCount(cmdPtr);
@@ -427,20 +411,23 @@
  *	  to a string describing the SSL negotiation failure reason
  *
  *-------------------------------------------------------------------
  */
 void
-Tls_Error(State *statePtr, char *msg) {
+Tls_Error(State *statePtr, const char *msg) {
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr, *listPtr;
     unsigned long err;
     statePtr->err = msg;
 
-    dprintf("Called");
+    dprintf("Called with message %s", msg);
 
-    if (statePtr->callback == (Tcl_Obj*)NULL)
+    if (statePtr->callback == (Tcl_Obj*)NULL) {
 	return;
+    }
+
+    dprintf("Tls_Error: create callback command");
 
     /* Create command to eval with fn, chan, and message args */
     cmdPtr = Tcl_DuplicateObj(statePtr->callback);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("error", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr,
@@ -456,10 +443,12 @@
 	while ((err = ERR_get_error()) != 0) {
 	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(ERR_reason_error_string(err), -1));
 	}
 	Tcl_ListObjAppendElement(interp, cmdPtr, listPtr);
     }
+
+    dprintf("Tls_Error: eval callback");
 
     /* Eval callback command */
     Tcl_IncrRefCount(cmdPtr);
     EvalCallback(interp, statePtr, cmdPtr);
     Tcl_DecrRefCount(cmdPtr);
@@ -532,16 +521,20 @@
 	    return (int) len;
 	} else {
 	    return -1;
 	}
     }
+
+    dprintf("PasswordCallback: create callback command");
 
     /* Create command to eval with fn, rwflag, and size args */
     cmdPtr = Tcl_DuplicateObj(statePtr->password);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("password", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(rwflag));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(size));
+
+    dprintf("PasswordCallback: eval callback");
 
     Tcl_Preserve((ClientData) interp);
     Tcl_Preserve((ClientData) statePtr);
 
     /* Eval callback command */
@@ -1272,10 +1265,11 @@
     Tcl_Size cert_len		= 0;
     char *ciphers		= NULL;
     char *ciphersuites		= NULL;
     char *CAfile		= NULL;
     char *CApath		= NULL;
+    char *CAstore		= NULL;
     char *DHparams		= NULL;
     char *model			= NULL;
     char *servername		= NULL;	/* hostname for Server Name Indication */
     char *session_id		= NULL;
     Tcl_Obj *alpn		= NULL;
@@ -1322,10 +1316,11 @@
 	    break;
 
 	OPTOBJ("-alpn", alpn);
 	OPTSTR("-cadir", CApath);
 	OPTSTR("-cafile", CAfile);
+	OPTSTR("-castore", CAstore);
 	OPTBYTE("-cert", cert, cert_len);
 	OPTSTR("-certfile", certfile);
 	OPTSTR("-cipher", ciphers);
 	OPTSTR("-ciphers", ciphers);
 	OPTSTR("-ciphersuites", ciphersuites);
@@ -1349,11 +1344,11 @@
 	OPTBOOL("-tls1.2", tls1_2);
 	OPTBOOL("-tls1.3", tls1_3);
 	OPTOBJ("-validatecommand", vcmd);
 	OPTOBJ("-vcmd", vcmd);
 
-	OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand");
+	OPTBAD("option", "-alpn, -cadir, -cafile, -castore, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand");
 
 	return TCL_ERROR;
     }
     if (request)		verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
     if (request && require)	verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
@@ -1374,10 +1369,11 @@
     if (keyfile && !*keyfile)		keyfile	        = NULL;
     if (ciphers && !*ciphers)	        ciphers	        = NULL;
     if (ciphersuites && !*ciphersuites) ciphersuites    = NULL;
     if (CAfile && !*CAfile)	        CAfile	        = NULL;
     if (CApath && !*CApath)	        CApath	        = NULL;
+    if (CAstore && !*CAstore)	        CAstore	        = NULL;
     if (DHparams && !*DHparams)	        DHparams        = NULL;
 
     /* new SSL state */
     statePtr		= (State *) ckalloc((unsigned) sizeof(State));
     memset(statePtr, 0, sizeof(State));
@@ -1434,47 +1430,51 @@
 	    Tls_Free((tls_free_type *) statePtr);
 	    return TCL_ERROR;
 	}
 	ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
     } else {
-	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int) key_len,
-	    (int) cert_len, CApath, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
+	if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len,
+	    cert_len, CApath, CAstore, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) {
 	    Tls_Free((tls_free_type *) statePtr);
 	    return TCL_ERROR;
 	}
     }
 
     statePtr->ctx = ctx;
 
-    /*
-     * We need to make sure that the channel works in binary (for the
-     * encryption not to get goofed up).
-     * We only want to adjust the buffering in pre-v2 channels, where
-     * each channel in the stack maintained its own buffers.
-     */
+    /* Preserve channel config */
     Tcl_DStringInit(&upperChannelTranslation);
     Tcl_DStringInit(&upperChannelBlocking);
     Tcl_DStringInit(&upperChannelEOFChar);
     Tcl_DStringInit(&upperChannelEncoding);
     Tcl_GetChannelOption(interp, chan, "-eofchar", &upperChannelEOFChar);
     Tcl_GetChannelOption(interp, chan, "-encoding", &upperChannelEncoding);
     Tcl_GetChannelOption(interp, chan, "-translation", &upperChannelTranslation);
     Tcl_GetChannelOption(interp, chan, "-blocking", &upperChannelBlocking);
+
+    /* Ensure the channel works in binary mode (for the encryption not to get goofed up). */
     Tcl_SetChannelOption(interp, chan, "-translation", "binary");
     Tcl_SetChannelOption(interp, chan, "-blocking", "true");
+    
+    /* Create stacked channel */
     dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan));
     statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr,
 	(TCL_READABLE | TCL_WRITABLE), chan);
     dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self));
     if (statePtr->self == (Tcl_Channel) NULL) {
 	/*
 	 * No use of Tcl_EventuallyFree because no possible Tcl_Preserve.
 	 */
 	Tls_Free((tls_free_type *) statePtr);
+	Tcl_DStringFree(&upperChannelTranslation);
+	Tcl_DStringFree(&upperChannelEncoding);
+	Tcl_DStringFree(&upperChannelEOFChar);
+	Tcl_DStringFree(&upperChannelBlocking);
 	return TCL_ERROR;
     }
 
+    /* Restore channel config */
     Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation));
     Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding));
     Tcl_SetChannelOption(interp, statePtr->self, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar));
     Tcl_SetChannelOption(interp, statePtr->self, "-blocking", Tcl_DStringValue(&upperChannelBlocking));
     Tcl_DStringFree(&upperChannelTranslation);
@@ -1585,10 +1585,11 @@
     /*
      * SSL Callbacks
      */
     SSL_set_app_data(statePtr->ssl, (void *)statePtr);	/* point back to us */
     SSL_set_verify(statePtr->ssl, verify, VerifyCallback);
+    /*SSL_set_verify_depth(SSL_set_verify_depth, 0);*/
     SSL_set_info_callback(statePtr->ssl, InfoCallback);
 
     /* Callback for observing protocol messages */
 #ifndef OPENSSL_NO_SSL_TRACE
     /* void SSL_CTX_set_msg_callback_arg(statePtr->ctx, (void *)statePtr);
@@ -1646,10 +1647,12 @@
 	}
 
 	/* Set client mode */
 	SSL_set_connect_state(statePtr->ssl);
     }
+
+    /* Set BIO for read and write operations on SSL object */
     SSL_set_bio(statePtr->ssl, statePtr->p_bio, statePtr->p_bio);
     BIO_set_ssl(statePtr->bio, statePtr->ssl, BIO_NOCLOSE);
 
     /*
      * End of SSL Init
@@ -1675,40 +1678,74 @@
  *
  *-------------------------------------------------------------------
  */
 static int
 UnimportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) {
-    Tcl_Channel chan;		/* The channel to set a mode on. */
+    Tcl_Channel chan, parent;	/* The stacked and underlying channels */
+    Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar;
+    int res = TCL_OK;
     (void) clientData;
 
     dprintf("Called");
 
     if (objc != 2) {
 	Tcl_WrongNumArgs(interp, 1, objv, "channel");
 	return TCL_ERROR;
     }
 
+    /* Validate channel name */
     chan = Tcl_GetChannel(interp, Tcl_GetString(objv[1]), NULL);
     if (chan == (Tcl_Channel) NULL) {
 	return TCL_ERROR;
     }
 
     /* Make sure to operate on the topmost channel */
     chan = Tcl_GetTopChannel(chan);
+    parent = Tcl_GetStackedChannel(chan);
 
-    if (Tcl_GetChannelType(chan) != Tls_ChannelType()) {
+    /* Verify is a stacked channel */
+    if (parent == NULL) {
 	Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan),
-		"\": not a TLS channel", (char *) NULL);
+		"\": not a stacked channel", (char *) NULL);
 	    Tcl_SetErrorCode(interp, "TLS", "UNIMPORT", "CHANNEL", "INVALID", (char *) NULL);
 	return TCL_ERROR;
     }
 
-    if (Tcl_UnstackChannel(interp, chan) == TCL_ERROR) {
+    /* Flush any pending data */
+    if (Tcl_Flush(chan) != TCL_OK) {
 	return TCL_ERROR;
     }
 
-    return TCL_OK;
+    /* Init storage */
+    Tcl_DStringInit(&upperChannelTranslation);
+    Tcl_DStringInit(&upperChannelBlocking);
+    Tcl_DStringInit(&upperChannelEOFChar);
+    Tcl_DStringInit(&upperChannelEncoding);
+
+    /* Preserve current channel config */
+    Tcl_GetChannelOption(interp, chan, "-blocking", &upperChannelBlocking);
+    Tcl_GetChannelOption(interp, chan, "-encoding", &upperChannelEncoding);
+    Tcl_GetChannelOption(interp, chan, "-eofchar", &upperChannelEOFChar);
+    Tcl_GetChannelOption(interp, chan, "-translation", &upperChannelTranslation);
+
+    /* Unstack the channel */
+    if (Tcl_UnstackChannel(interp, chan) != TCL_OK) {
+	res = TCL_ERROR;
+    }
+
+    /* Restore channel config */
+    Tcl_SetChannelOption(interp, parent, "-encoding", Tcl_DStringValue(&upperChannelEncoding));
+    Tcl_SetChannelOption(interp, parent, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar));
+    Tcl_SetChannelOption(interp, parent, "-translation", Tcl_DStringValue(&upperChannelTranslation));
+    Tcl_SetChannelOption(interp, parent, "-blocking", Tcl_DStringValue(&upperChannelBlocking));
+
+    /* Clean-up */
+    Tcl_DStringFree(&upperChannelTranslation);
+    Tcl_DStringFree(&upperChannelEncoding);
+    Tcl_DStringFree(&upperChannelEOFChar);
+    Tcl_DStringFree(&upperChannelBlocking);
+    return res;
 }
 
 /*
  *-------------------------------------------------------------------
  *
@@ -1722,12 +1759,12 @@
  *
  *-------------------------------------------------------------------
  */
 static SSL_CTX *
 CTX_Init(State *statePtr, int isServer, int proto, char *keyfile, char *certfile,
-    unsigned char *key, unsigned char *cert, int key_len, int cert_len, char *CApath,
-    char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams) {
+    unsigned char *key, unsigned char *cert, Tcl_Size key_len, Tcl_Size cert_len, char *CApath,
+    char *CAstore, char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams) {
     Tcl_Interp *interp = statePtr->interp;
     SSL_CTX *ctx = NULL;
     Tcl_DString ds;
     int off = 0, abort = 0;
     int load_private_key;
@@ -1865,16 +1902,22 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
     OpenSSL_add_all_algorithms(); /* Load ciphers and digests */
 #endif
 
     SSL_CTX_set_app_data(ctx, (void*)interp);	/* remember the interpreter */
-    SSL_CTX_set_options(ctx, SSL_OP_ALL);	/* all SSL bug workarounds */
-    SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);	/* disable compression even if supported */
-    SSL_CTX_set_options(ctx, off);		/* disable protocol versions */
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
-    SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);	/* handle new handshakes in background. On by default in OpenSSL 1.1.1. */
-#endif
+    SSL_CTX_set_options(ctx, SSL_OP_ALL);	/* Enable all SSL bug workarounds */
+    SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);	/* Disable compression even if supported */
+    SSL_CTX_set_options(ctx, off);		/* Disable specified protocol versions */
+
+    /* Allow writes to report success when less than all records have been written */
+    SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+
+    /* Disable attempts to try to process the next record instead of returning after a
+       non-app record. Avoids hangs in blocking mode, when using SSL_read() and a
+       non-application record was sent and no application data was sent. */
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
     SSL_CTX_sess_set_cache_size(ctx, 128);
 
     /* Set user defined ciphers, cipher suites, and security level */
     if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) {
 	Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL);
@@ -1955,11 +1998,11 @@
 	}
 	Tcl_DStringFree(&ds);
 
     } else if (cert != NULL) {
 	load_private_key = 1;
-	if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) {
+	if (SSL_CTX_use_certificate_ASN1(ctx, (int) cert_len, cert) <= 0) {
 	    Tcl_AppendResult(interp, "unable to set certificate: ",
 		GET_ERR_REASON(), (char *) NULL);
 	    SSL_CTX_free(ctx);
 	    return NULL;
 	}
@@ -1998,11 +2041,11 @@
 		return NULL;
 	    }
 	    Tcl_DStringFree(&ds);
 
 	} else if (key != NULL) {
-	    if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key,key_len) <= 0) {
+	    if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key, (int) key_len) <= 0) {
 		/* flush the passphrase which might be left in the result */
 		Tcl_SetResult(interp, NULL, TCL_STATIC);
 		Tcl_AppendResult(interp, "unable to set public key: ", GET_ERR_REASON(), (char *) NULL);
 		SSL_CTX_free(ctx);
 		return NULL;
@@ -2016,13 +2059,16 @@
 	    SSL_CTX_free(ctx);
 	    return NULL;
 	}
     }
 
-    /* Set to use default location and file for Certificate Authority (CA) certificates. The
-     * verify path and store can be overridden by the SSL_CERT_DIR env var. The verify file can
-     * be overridden by the SSL_CERT_FILE env var. */
+    /* Set to use the default location and file for Certificate Authority (CA) certificates.
+     * The default CA certificates directory is called certs in the default OpenSSL
+     * directory. It contains the CA certificates in PEM format, with one certificate per
+     * file. The verify path and store can be overridden by the SSL_CERT_DIR env var. The
+     * default CA certificates file is called cert.pem in the default OpenSSL directory.
+     * The verify file can be overridden by the SSL_CERT_FILE env var. */
     if (!SSL_CTX_set_default_verify_paths(ctx)) {
 	abort++;
     }
 
     /* Overrides for the CA verify path and file */
@@ -2032,10 +2078,11 @@
 	    Tcl_DString ds1;
 	    Tcl_DStringInit(&ds1);
 
 	    if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
 		abort++;
+		return NULL;
 	    }
 	    Tcl_DStringFree(&ds);
 	    Tcl_DStringFree(&ds1);
 
 	    /* Set list of CAs to send to client when requesting a client certificate */
@@ -2047,16 +2094,27 @@
 	    }
 	    Tcl_DStringFree(&ds);
 	}
 
 #else
+	/* Set directory containing CA certificates in PEM format. */
 	if (CApath != NULL) {
 	    if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {
 		abort++;
 	    }
 	    Tcl_DStringFree(&ds);
 	}
+	
+	/* Set URI for to a store, which may be a single container or a catalog of containers. */
+	if (CAstore != NULL) {
+	    if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {
+		abort++;
+	    }
+	    Tcl_DStringFree(&ds);
+	}
+	
+	/* Set file of CA certificates in PEM format.  */
 	if (CAfile != NULL) {
 	    if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {
 		abort++;
 	    }
 	    Tcl_DStringFree(&ds);
@@ -2075,11 +2133,11 @@
 }
 
 /*
  *-------------------------------------------------------------------
  *
- * StatusObjCmd -- return certificate for connected peer.
+ * StatusObjCmd -- return certificate for connected peer info.
  *
  * Results:
  *	A standard Tcl result.
  *
  * Side effects:
@@ -2130,11 +2188,11 @@
     } else {
 	peer = SSL_get_certificate(statePtr->ssl);
     }
     /* Get X509 certificate info */
     if (peer) {
-	objPtr = Tls_NewX509Obj(interp, peer);
+	objPtr = Tls_NewX509Obj(interp, peer, 1);
 	if (objc == 2) {
 	    X509_free(peer);
 	    peer = NULL;
 	}
     } else {
@@ -2188,17 +2246,20 @@
 	res = SSL_get_signature_nid(statePtr->ssl, &nid);
     }
     if (!res) {nid = 0;}
     LAPPEND_STR(interp, objPtr, "signatureHashAlgorithm", OBJ_nid2ln(nid), -1);
 
+    /* Added in OpenSSL 1.1.1a */
+#if OPENSSL_VERSION_NUMBER > 0x10101000L
     if (objc == 2) {
 	res = SSL_get_peer_signature_type_nid(statePtr->ssl, &nid);
     } else {
 	res = SSL_get_signature_type_nid(statePtr->ssl, &nid);
     }
     if (!res) {nid = 0;}
     LAPPEND_STR(interp, objPtr, "signatureType", OBJ_nid2ln(nid), -1);
+#endif
 
     Tcl_SetObjResult(interp, objPtr);
     return TCL_OK;
 }
 
@@ -2220,10 +2281,12 @@
     const SSL *ssl;
     const SSL_CIPHER *cipher;
     const SSL_SESSION *session;
     const EVP_MD *md;
     (void) clientData;
+
+    dprintf("Called");
 
     if (objc != 2) {
 	Tcl_WrongNumArgs(interp, 1, objv, "channel");
 	return TCL_ERROR;
     }
@@ -2246,16 +2309,26 @@
 
     /* Connection info */
     statePtr = (State *)Tcl_GetChannelInstanceData(chan);
     ssl = statePtr->ssl;
     if (ssl != NULL) {
+	const unsigned char *proto;
+	unsigned int ulen;
+
+	/* Initialization finished */
+	LAPPEND_BOOL(interp, objPtr, "init_finished", SSL_is_init_finished(ssl));
+	
 	/* connection state */
 	LAPPEND_STR(interp, objPtr, "state", SSL_state_string_long(ssl), -1);
 
 	/* Get SNI requested server name */
 	LAPPEND_STR(interp, objPtr, "servername", SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name), -1);
 
+	/* Report the selected protocol as a result of the negotiation */
+	SSL_get0_alpn_selected(statePtr->ssl, &proto, &ulen);
+	LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (Tcl_Size) ulen);
+
 	/* Get protocol */
 	LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1);
 
 	/* Renegotiation allowed */
 	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl));
@@ -2269,10 +2342,30 @@
 	/* Is server info */
 	LAPPEND_BOOL(interp, objPtr, "is_server", SSL_is_server(ssl));
 
 	/* Is DTLS */
 	LAPPEND_BOOL(interp, objPtr, "is_dtls", SSL_is_dtls(ssl));
+
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
+	/* Is QUIC */
+	LAPPEND_BOOL(interp, objPtr, "is_quic", SSL_is_quic(ssl));
+
+	/* Is TLS */
+	LAPPEND_BOOL(interp, objPtr, "is_tls", SSL_is_tls(ssl));
+#endif
+
+	/* DANE TLS authentication */
+	LAPPEND_BOOL(interp, objPtr, "dane_auth", SSL_get0_dane((SSL *)ssl) != NULL);
+
+	/* Waiting for async */
+	LAPPEND_BOOL(interp, objPtr, "waiting_for_async", SSL_waiting_for_async((SSL *)ssl));
+
+	/* Time-out */
+	LAPPEND_LONG(interp, objPtr, "time-out", SSL_get_default_timeout(ssl));
+
+	/* Is Certificate Transparency validation enabled */
+	LAPPEND_BOOL(interp, objPtr, "ct_enabled", SSL_ct_is_enabled(ssl));
     }
 
     /* Cipher info */
     cipher = SSL_get_current_cipher(ssl);
     if (cipher != NULL) {
@@ -2737,29 +2830,11 @@
     if (statePtr->timer != (Tcl_TimerToken) NULL) {
 	Tcl_DeleteTimerHandler(statePtr->timer);
 	statePtr->timer = NULL;
     }
 
-    if (statePtr->protos) {
-	ckfree(statePtr->protos);
-	statePtr->protos = NULL;
-    }
-    if (statePtr->bio) {
-	/* This will call SSL_shutdown. Bug 1414045 */
-	dprintf("BIO_free_all(%p)", statePtr->bio);
-	BIO_free_all(statePtr->bio);
-	statePtr->bio = NULL;
-    }
-    if (statePtr->ssl) {
-	dprintf("SSL_free(%p)", statePtr->ssl);
-	SSL_free(statePtr->ssl);
-	statePtr->ssl = NULL;
-    }
-    if (statePtr->ctx) {
-	SSL_CTX_free(statePtr->ctx);
-	statePtr->ctx = NULL;
-    }
+    /* Remove callbacks */
     if (statePtr->callback) {
 	Tcl_DecrRefCount(statePtr->callback);
 	statePtr->callback = NULL;
     }
     if (statePtr->password) {
@@ -2768,10 +2843,33 @@
     }
     if (statePtr->vcmd) {
 	Tcl_DecrRefCount(statePtr->vcmd);
 	statePtr->vcmd = NULL;
     }
+
+    if (statePtr->protos) {
+	ckfree(statePtr->protos);
+	statePtr->protos = NULL;
+    }
+
+    if (statePtr->bio) {
+	/* This will call SSL_shutdown. Bug 1414045 */
+	dprintf("BIO_free_all(%p)", statePtr->bio);
+	BIO_free_all(statePtr->bio);
+	statePtr->bio = NULL;
+    }
+
+    if (statePtr->ssl) {
+	dprintf("SSL_free(%p)", statePtr->ssl);
+	SSL_free(statePtr->ssl);
+	statePtr->ssl = NULL;
+    }
+
+    if (statePtr->ctx) {
+	SSL_CTX_free(statePtr->ctx);
+	statePtr->ctx = NULL;
+    }
 
     dprintf("Returning");
 }
 
 /*
@@ -2855,22 +2953,87 @@
 		), NULL);
     }
     return TCL_OK;
 }
 
+/*
+ *------------------------------------------------------*
+ *
+ * TlsLibShutdown --
+ *
+ *	Shutdown SSL library once per application
+ *
+ * Results:
+ *	A standard TCL result
+ *
+ * Side effects:
+ *	Shutdown SSL library
+ *
+ *------------------------------------------------------*
+ */
+void TlsLibShutdown(ClientData clientData) {
+    dprintf("Called");
+
+    BIO_cleanup();
+}
+
+/*
+ *------------------------------------------------------*
+ *
+ *	TlsLibInit --
+ *
+ *	Initializes SSL library once per application
+ *
+ * Results:
+ *	A standard Tcl result
+ *
+ * Side effects:
+ *	Initializes SSL library
+ *
+ *------------------------------------------------------*
+ */
+static int TlsLibInit() {
+    static int initialized = 0;
+
+    dprintf("Called");
+
+    if (!initialized) {
+	/* Initialize BOTH libcrypto and libssl. */
+	if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
+	    | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS
+	    | OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_ASYNC, NULL)) {
+	    return TCL_ERROR;
+	}
+
+	/* Create BIO handlers */
+	BIO_new_tcl(NULL, 0);
+	
+	/* Create exit handler */
+	Tcl_CreateExitHandler(TlsLibShutdown, NULL);
+	initialized = 1;
+    }
+    return TCL_OK;
+}
+
+/* Init script */
+static const char tlsTclInitScript[] = {
+#include "tls.tcl.h"
+};
+
 /*
  *-------------------------------------------------------------------
  *
  * Tls_Init --
  *
  *	This is a package initialization procedure, which is called
- *	by Tcl when this package is to be added to an interpreter.
+ *	by TCL when this package is to be added to an interpreter.
  *
- * Results:  Ssl configured and loaded
+ * Results:
+ *	Initializes structures and creates commands.
  *
  * Side effects:
- *	 create the ssl command, initialize ssl context
+ *	 Create the commands
  *
  *-------------------------------------------------------------------
  */
 
 #if TCL_MAJOR_VERSION > 8
@@ -2877,15 +3040,10 @@
 #define MIN_VERSION "9.0"
 #else
 #define MIN_VERSION "8.5"
 #endif
 
-static const char tlsTclInitScript[] = {
-#include "tls.tcl.h"
-	0x00
-    };
-
 DLLEXPORT int Tls_Init(Tcl_Interp *interp) {
 
     dprintf("Called");
 
 #ifdef USE_TCL_STUBS
@@ -2895,20 +3053,21 @@
 #endif
     if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) {
 	return TCL_ERROR;
     }
 
-    if (TlsLibInit(0) != TCL_OK) {
+    if (TlsLibInit() != TCL_OK) {
 	Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL);
 	return TCL_ERROR;
     }
 
     Tcl_CreateObjCommand(interp, "::tls::ciphers", CiphersObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::connection", ConnectionInfoObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::handshake", HandshakeObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::import", ImportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::unimport", UnimportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
+    Tcl_CreateObjCommand(interp, "::tls::unstack", UnimportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::status", StatusObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::version", VersionObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::misc", MiscObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
     Tcl_CreateObjCommand(interp, "::tls::protocols", ProtocolsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL);
 
@@ -2920,134 +3079,23 @@
 
     return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION);
 }
 
 /*
- *------------------------------------------------------*
+ *-------------------------------------------------------------------
  *
  *	Tls_SafeInit --
  *
- *	------------------------------------------------*
- *	Standard procedure required by 'load'.
- *	Initializes this extension for a safe interpreter.
- *	------------------------------------------------*
- *
- *	Side effects:
- *		As of 'Tls_Init'
- *
- *	Result:
- *		A standard Tcl error code.
- *
- *------------------------------------------------------*
+ *	This is a package initialization procedure for safe interps.
+ *
+ * Results:
+ *	Same as of 'Tls_Init'
+ *
+ * Side effects:
+ *	Same as of 'Tls_Init'
+ *
+ *-------------------------------------------------------------------
  */
 DLLEXPORT int Tls_SafeInit(Tcl_Interp *interp) {
     dprintf("Called");
     return Tls_Init(interp);
 }
-
-/*
- *------------------------------------------------------*
- *
- *	TlsLibInit --
- *
- *	------------------------------------------------*
- *	Initializes SSL library once per application
- *	------------------------------------------------*
- *
- *	Side effects:
- *		initializes SSL library
- *
- *	Result:
- *		none
- *
- *------------------------------------------------------*
- */
-static int TlsLibInit(int uninitialize) {
-    static int initialized = 0;
-    int status = TCL_OK;
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-    size_t num_locks;
-#endif
-
-    if (uninitialize) {
-	if (!initialized) {
-	    dprintf("Asked to uninitialize, but we are not initialized");
-
-	    return TCL_OK;
-	}
-
-	dprintf("Asked to uninitialize");
-
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-	Tcl_MutexLock(&init_mx);
-
-	if (locks) {
-	    free(locks);
-	    locks = NULL;
-	    locksCount = 0;
-	}
-#endif
-	initialized = 0;
-
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-	Tcl_MutexUnlock(&init_mx);
-#endif
-
-	return TCL_OK;
-    }
-
-    if (initialized) {
-	dprintf("Called, but using cached value");
-	return status;
-    }
-
-    dprintf("Called");
-
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-    Tcl_MutexLock(&init_mx);
-#endif
-    initialized = 1;
-
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-    num_locks = 1;
-    locksCount = (int) num_locks;
-    locks = malloc(sizeof(*locks) * num_locks);
-    memset(locks, 0, sizeof(*locks) * num_locks);
-#endif
-
-    /* Initialize BOTH libcrypto and libssl. */
-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
-	| OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
-
-    BIO_new_tcl(NULL, 0);
-
-#if 0
-    /*
-     * XXX:TODO: Remove this code and replace it with a check
-     * for enough entropy and do not try to create our own
-     * terrible entropy
-     */
-    /*
-     * Seed the random number generator in the SSL library,
-     * using the do/while construct because of the bug note in the
-     * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
-     *
-     * The crux of the problem is that Solaris 7 does not have a
-     * /dev/random or /dev/urandom device so it cannot gather enough
-     * entropy from the RAND_seed() when TLS initializes and refuses
-     * to go further. Earlier versions of OpenSSL carried on regardless.
-     */
-    srand((unsigned int) time((time_t *) NULL));
-    do {
-	for (i = 0; i < 16; i++) {
-	    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
-	}
-	RAND_seed(rnd_seed, sizeof(rnd_seed));
-    } while (RAND_status() != 1);
-#endif
-
-#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
-	Tcl_MutexUnlock(&init_mx);
-#endif
-
-    return status;
-}

Index: generic/tls.h
==================================================================
--- generic/tls.h
+++ generic/tls.h
@@ -13,11 +13,11 @@
  * Also work done by the follow people provided the impetus to do this "right":-
  *	tclSSL (Colin McCormack, Shared Technology)
  *	SSLtcl (Peter Antman)
  *
  */
- 
+
 #ifndef _TLS_H
 #define _TLS_H
 
 #include 
 

Index: generic/tlsBIO.c
==================================================================
--- generic/tlsBIO.c
+++ generic/tlsBIO.c
@@ -1,14 +1,40 @@
 /*
+ * Provides Custom BIO layer to interface OpenSSL with TCL. These
+ * functions directly interface between the IO channel and BIO buffers.
+ *
  * Copyright (C) 1997-2000 Matt Newman 
+ * Copyright (C) 2024 Brian O'Hagan
  *
- * Provides BIO layer to interface OpenSSL to TCL.
  */
 
 #include "tlsInt.h"
+#include 
+
+/* Define BIO methods structure */
+static BIO_METHOD *BioMethods = NULL;
+
 
-/* Called by SSL_write() */
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioWrite --
+ *
+ *	This function is used to read encrypted data from the BIO and write it
+ *	into the socket. This function will be called in response to the
+ *	application calling BIO_write_ex() or BIO_write().
+ *
+ * Results:
+ *	Returns the number of bytes written to channel, 0 for EOF, or
+ *	-1 for error.
+ *
+ * Side effects:
+ *	Writes BIO data to channel.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static int BioWrite(BIO *bio, const char *buf, int bufLen) {
     Tcl_Channel chan;
     Tcl_Size ret;
     int tclEofChan, tclErrno;
 
@@ -57,11 +83,29 @@
 	}
     }
     return (int) ret;
 }
 
-/* Called by SSL_read()*/
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioRead --
+ *
+ *	This function is used to read encrypted data from the socket
+ *	and write it into the BIO. This function will be called in response to
+ *	the application calling BIO_read_ex() or BIO_read().
+ *
+ * Results:
+ *	Returns the number of bytes read from channel, 0 for EOF, or -1 for
+ *	error.
+ *
+ * Side effects:
+ *	Reads channel data into BIO.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static int BioRead(BIO *bio, char *buf, int bufLen) {
     Tcl_Channel chan;
     Tcl_Size ret = 0;
     int tclEofChan, tclErrno;
 
@@ -118,16 +162,51 @@
 	bufLen, (void *) chan, ret);
 
     return (int) ret;
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioPuts --
+ *
+ *	This function is used to read a NULL terminated string from the BIO and
+ *	write it to the channel. This function will be called in response to
+ *	the application calling BIO_puts().
+ *
+ * Results:
+ *	Returns the number of bytes written to channel or 0 for error.
+ *
+ * Side effects:
+ *	Writes data to channel.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static int BioPuts(BIO *bio, const char *str) {
     dprintf("BioPuts(%p, ) called", bio, str);
 
     return BioWrite(bio, str, (int) strlen(str));
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioCtrl --
+ *
+ *	This function is used to process control messages in the BIO. This
+ *	function will be called in response to the application calling BIO_ctrl().
+ *
+ * Results:
+ *	Function dependent
+ *
+ * Side effects:
+ *	Function dependent
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static long BioCtrl(BIO *bio, int cmd, long num, void *ptr) {
     Tcl_Channel chan;
     long ret = 1;
 
     chan = Tls_GetParent((State *) BIO_get_data(bio), 0);
@@ -222,19 +301,53 @@
 		break;
     }
     return ret;
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioNew --
+ *
+ *	This function is used to create a new instance of the BIO. This
+ *	function will be called in response to the application calling BIO_new().
+ *
+ * Results:
+ *	Returns boolean success result (1=success, 0=failure)
+ *
+ * Side effects:
+ *	Initializes BIO structure.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static int BioNew(BIO *bio) {
     dprintf("BioNew(%p) called", bio);
 
     BIO_set_init(bio, 0);
     BIO_set_data(bio, NULL);
     BIO_clear_flags(bio, -1);
     return 1;
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BioFree --
+ *
+ *	This function is used to destroy an instance of a BIO. This function
+ *	will be called in response to the application calling BIO_free().
+ *
+ * Results:
+ *	Returns boolean success result
+ *
+ * Side effects:
+ *	Initializes BIO structure.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 static int BioFree(BIO *bio) {
     if (bio == NULL) {
 	return 0;
     }
 
@@ -250,13 +363,28 @@
 	BIO_clear_flags(bio, -1);
     }
     return 1;
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BIO_new_tcl --
+ *
+ *	This function is used to initialize the BIO method handlers.
+ *
+ * Results:
+ *	Returns pointer to BIO or NULL for failure
+ *
+ * Side effects:
+ *	Initializes BIO Methods.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
 BIO *BIO_new_tcl(State *statePtr, int flags) {
     BIO *bio;
-    static BIO_METHOD *BioMethods = NULL;
 #ifdef TCLTLS_SSL_USE_FASTPATH
     Tcl_Channel parentChannel;
     const Tcl_ChannelType *parentChannelType;
     void *parentChannelFdIn_p, *parentChannelFdOut_p;
     int parentChannelFdIn, parentChannelFdOut, parentChannelFd;
@@ -320,5 +448,32 @@
     BIO_set_data(bio, statePtr);
     BIO_set_shutdown(bio, flags);
     BIO_set_init(bio, 1);
     return bio;
 }
+
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BIO_cleanup --
+ *
+ *	This function is used to destroy a BIO_METHOD structure and free up any
+ *	memory associated with it.
+ *
+ * Results:
+ *	Standard TCL result
+ *
+ * Side effects:
+ *	Destroys BIO Methods.
+ *
+ *-----------------------------------------------------------------------------
+ */
+
+int BIO_cleanup () {
+    dprintf("BIO_cleanup() called");
+
+    if (BioMethods != NULL) {
+	BIO_meth_free(BioMethods);
+	BioMethods = NULL;
+    }
+    return TCL_OK;
+}

Index: generic/tlsIO.c
==================================================================
--- generic/tlsIO.c
+++ generic/tlsIO.c
@@ -1,8 +1,12 @@
 /*
+ * Provides IO functions to interface between the BIO buffers and TCL
+ * applications when using stacked channels.
+ *
  * Copyright (C) 1997-2000 Matt Newman 
  * Copyright (C) 2000 Ajuba Solutions
+ * Copyright (C) 2024 Brian O'Hagan
  *
  * TLS (aka SSL) Channel - can be layered on any bi-directional
  * Tcl_Channel (Note: Requires Trf Core Patch)
  *
  * This was built from scratch based upon observation of OpenSSL 0.9.2B
@@ -19,29 +23,25 @@
 
 #include "tlsInt.h"
 #include 
 
 /*
- * Forward declarations
- */
-static void TlsChannelHandlerTimer(ClientData clientData);
-
-/*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsBlockModeProc --
  *
- *    This procedure is invoked by the generic IO level
- *       to set blocking and nonblocking modes
+ *	This procedure is invoked by the generic IO level to set channel to
+ *	blocking or nonblocking mode. Called by the generic I/O layer whenever
+ *	the Tcl_SetChannelOption() function is used with option -blocking.
  *
  * Results:
  *    0 if successful or POSIX error code if failed.
  *
  * Side effects:
  *    Sets the device into blocking or nonblocking mode.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsBlockModeProc(ClientData instanceData, int mode) {
     State *statePtr = (State *) instanceData;
 
     if (mode == TCL_MODE_NONBLOCKING) {
@@ -51,38 +51,54 @@
     }
     return 0;
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsCloseProc --
  *
- *    This procedure is invoked by the generic IO level to perform
- *    channel-type-specific cleanup when a SSL socket based channel
- *    is closed.
- *
- *    Note: we leave the underlying socket alone, is this right?
+ *	This procedure is invoked by the generic IO level to perform channel
+ *	type specific cleanup when a SSL socket based channel is closed.
  *
  * Results:
  *    0 if successful or POSIX error code if failed.
  *
  * Side effects:
  *    Closes the socket of the channel.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsCloseProc(ClientData instanceData, Tcl_Interp *interp) {
     State *statePtr = (State *) instanceData;
 
     dprintf("TlsCloseProc(%p)", (void *) statePtr);
 
-    Tls_Clean(statePtr);
+    /* Flush any pending data */
+    
+    /* Send shutdown notification. Will return 0 while in process, then 1 when complete. */
+    /* Closes the write direction of the connection; the read direction is closed by the peer. */
+    /* Does not affect socket state. */
+    if (statePtr->ssl != NULL) {
+	SSL_shutdown(statePtr->ssl);
+    }
+
+    /* Tls_Free calls Tls_Clean */
     Tcl_EventuallyFree((ClientData)statePtr, Tls_Free);
     return 0;
 }
 
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * TlsClose2Proc --
+ *
+ *	Similar to TlsCloseProc, but allows for separate close read and write
+ *	side of channel.
+ *
+ *-----------------------------------------------------------------------------
+ */
 static int TlsClose2Proc(ClientData instanceData,    /* The socket state. */
     Tcl_Interp *interp,		/* For errors - can be NULL. */
     int flags)			/* Flags to close read and/or write side of channel */
 {
     State *statePtr = (State *) instanceData;
@@ -94,31 +110,35 @@
     }
     return EINVAL;
 }
 
 /*
- *------------------------------------------------------*
+ *-----------------------------------------------------------------------------
  *
  * Tls_WaitForConnect --
+ *
+ *	Perform connect (client) or accept (server) function. Also performs
+ *	equivalent of handshake function.
  *
  * Result:
  *    0 if successful, -1 if failed.
  *
  * Side effects:
  *    Issues SSL_accept or SSL_connect
  *
- *------------------------------------------------------*
+ *-----------------------------------------------------------------------------
  */
 int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent) {
     unsigned long backingError;
-    int err, rc;
+    int err, rc = 0;
     int bioShouldRetry;
     *errorCodePtr = 0;
 
     dprintf("WaitForConnect(%p)", (void *) statePtr);
     dprintFlags(statePtr);
 
+    /* Can also check SSL_is_init_finished(ssl) */
     if (!(statePtr->flags & TLS_TCL_INIT)) {
 	dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success");
 	return 0;
     }
 
@@ -139,11 +159,11 @@
     }
 
     for (;;) {
 	ERR_clear_error();
 
-	/* Not initialized yet! Also calls SSL_do_handshake. */
+	/* Not initialized yet! Also calls SSL_do_handshake(). */
 	if (statePtr->flags & TLS_TCL_SERVER) {
 	    dprintf("Calling SSL_accept()");
 	    err = SSL_accept(statePtr->ssl);
 
 	} else {
@@ -169,12 +189,18 @@
 	    dprintf("Got error: %s", ERR_reason_error_string(backingError));
 	}
 
 	bioShouldRetry = 0;
 	if (err <= 0) {
-	    if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT || rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) {
+	    if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT) {
+		bioShouldRetry = 1;
+	    } else if (rc == SSL_ERROR_WANT_READ) {
+		bioShouldRetry = 1;
+		statePtr->want = TCL_READABLE;
+	    } else if (rc == SSL_ERROR_WANT_WRITE) {
 		bioShouldRetry = 1;
+		statePtr->want = TCL_WRITABLE;
 	    } else if (BIO_should_retry(statePtr->bio)) {
 		bioShouldRetry = 1;
 	    } else if (rc == SSL_ERROR_SYSCALL && Tcl_GetErrno() == EAGAIN) {
 		bioShouldRetry = 1;
 	    }
@@ -207,15 +233,21 @@
 	    /* The TLS/SSL I/O operation completed */
 	    dprintf("The connection is good");
 	    *errorCodePtr = 0;
 	    break;
 
-	case SSL_ERROR_ZERO_RETURN:
-	    /* The TLS/SSL peer has closed the connection for writing by sending the close_notify alert */
-	    dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...");
-	    *errorCodePtr = EINVAL;
-	    Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert");
+	case SSL_ERROR_SSL:
+	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
+	    dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately");
+	    if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
+		Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
+	    }
+	    if (backingError != 0) {
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+	    }
+	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
+	    *errorCodePtr = ECONNABORTED;
 	    return -1;
 
 	case SSL_ERROR_SYSCALL:
 	    /* Some non-recoverable, fatal I/O error occurred */
 	    dprintf("SSL_ERROR_SYSCALL");
@@ -229,35 +261,29 @@
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		if (*errorCodePtr == ECONNRESET) {
 		    *errorCodePtr = ECONNABORTED;
 		}
-		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr));
+		Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = Tcl_GetErrno();
 		if (*errorCodePtr == ECONNRESET) {
 		    *errorCodePtr = ECONNABORTED;
 		}
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
 	    }
 
 	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
 	    return -1;
 
-	case SSL_ERROR_SSL:
-	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
-	    dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately");
-	    if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
-		Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
-	    }
-	    if (backingError != 0) {
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
-	    }
-	    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
-	    *errorCodePtr = ECONNABORTED;
+	case SSL_ERROR_ZERO_RETURN:
+	    /* The TLS/SSL peer has closed the connection for writing by sending the close_notify alert */
+	    dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...");
+	    *errorCodePtr = EINVAL;
+	    Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert");
 	    return -1;
 
 	case SSL_ERROR_WANT_READ:
 	case SSL_ERROR_WANT_WRITE:
 	case SSL_ERROR_WANT_X509_LOOKUP:
@@ -264,10 +290,13 @@
 	case SSL_ERROR_WANT_CONNECT:
 	case SSL_ERROR_WANT_ACCEPT:
 	case SSL_ERROR_WANT_ASYNC:
 	case SSL_ERROR_WANT_ASYNC_JOB:
 	case SSL_ERROR_WANT_CLIENT_HELLO_CB:
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	case SSL_ERROR_WANT_RETRY_VERIFY:
+#endif
 	default:
 	    /* The operation did not complete and should be retried later. */
 	    dprintf("Operation did not complete, call function again later: %i", rc);
 	    *errorCodePtr = EAGAIN;
 	    dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
@@ -282,57 +311,62 @@
     *errorCodePtr = 0;
     return 0;
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsInputProc --
  *
- *    This procedure is invoked by the generic IO level
- *       to read input from a SSL socket based channel.
+ *	This procedure is invoked by the generic IO level to read data from the
+ *	BIo. Equivalent to SSL_read.
+ *	Called by the generic I/O layer whenever the Tcl_Read(), Tcl_ReadChars,
+ *	Tcl_Gets, and Tcl_GetsObj functions are used.
  *
  * Results:
- *    Returns the number of bytes read or -1 on error. Sets errorCodePtr
- *    to a POSIX error code if an error occurred, or 0 if none.
+ *	Returns the number of bytes read or -1 on error. Sets errorCodePtr to
+ *	a POSIX error code if an error occurred, or 0 if none.
  *
  * Side effects:
  *    Reads input from the input device of the channel.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsInputProc(ClientData instanceData, char *buf, int bufSize, int *errorCodePtr) {
     unsigned long backingError;
     State *statePtr = (State *) instanceData;
-    int bytesRead;
-    int tlsConnect;
-    int err;
-
+    int bytesRead, err;
     *errorCodePtr = 0;
 
-    dprintf("BIO_read(%d)", bufSize);
+    dprintf("Read(%d)", bufSize);
 
+    /* Skip if user verify callback is still running */
     if (statePtr->flags & TLS_TCL_CALLBACK) {
-	/* don't process any bytes while verify callback is running */
 	dprintf("Callback is running, reading 0 bytes");
 	return 0;
     }
 
-    dprintf("Calling Tls_WaitForConnect");
-    tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 0);
-    if (tlsConnect < 0) {
-	dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);
-	Tls_Error(statePtr, strerror(*errorCodePtr));
-
-	bytesRead = -1;
-	if (*errorCodePtr == ECONNRESET) {
-	    dprintf("Got connection reset");
-	    /* Soft EOF */
-	    *errorCodePtr = 0;
-	    bytesRead = 0;
-	}
-	return bytesRead;
+    /* If not initialized, do connect */
+    if (statePtr->flags & TLS_TCL_INIT) {
+	int tlsConnect;
+
+	dprintf("Calling Tls_WaitForConnect");
+
+	tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 0);
+	if (tlsConnect < 0) {
+	    dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);
+	    Tls_Error(statePtr, strerror(*errorCodePtr));
+
+	    bytesRead = -1;
+	    if (*errorCodePtr == ECONNRESET) {
+		dprintf("Got connection reset");
+		/* Soft EOF */
+		*errorCodePtr = 0;
+		bytesRead = 0;
+	    }
+	    return bytesRead;
+	}
     }
 
     /*
      * We need to clear the SSL error stack now because we sometimes reach
      * this function with leftover errors in the stack.  If BIO_read
@@ -343,37 +377,54 @@
      * BIO_read specially (as advised in the RSA docs).  TLS's lower level BIO
      * functions play with the retry flags though, and this seems to work
      * correctly.  Similar fix in TlsOutputProc. - hobbs
      */
     ERR_clear_error();
+    /* BIO_read, where 0 means EOF and -1 means error */
     bytesRead = BIO_read(statePtr->bio, buf, bufSize);
     dprintf("BIO_read -> %d", bytesRead);
 
+    /* Get error is more comprehensive than SSL_want */
     err = SSL_get_error(statePtr->ssl, bytesRead);
     backingError = ERR_get_error();
 
-#if 0
     if (bytesRead <= 0) {
 	if (BIO_should_retry(statePtr->bio)) {
-	    dprintf("I/O failed, will retry based on EAGAIN");
-	    *errorCodePtr = EAGAIN;
+	    dprintf("Read failed with code=%d, bytes read=%d: should retry", err, bytesRead);
+	    /* Some docs imply we should redo the BIO_read now */
+	} else {
+	    dprintf("Read failed with code=%d, bytes read=%d: error condition", err, bytesRead);
+	}
+	
+	/* These are the same as BIO_retry_type */
+	if (BIO_should_read(statePtr->bio)) {
+	    dprintf("BIO has insufficient data to read and return");
+	}
+	if (BIO_should_write(statePtr->bio)) {
+	    dprintf("BIO has pending data to write");
+	}
+	if (BIO_should_io_special(statePtr->bio)) {
+	    int reason = BIO_get_retry_reason(statePtr->bio);
+	    dprintf("BIO has some special condition other than read or write: code=%d", reason);
 	}
+	dprintf("BIO has pending data to write");
     }
-#endif
 
     switch (err) {
 	case SSL_ERROR_NONE:
+	    /* I/O operation completed */
+	    dprintf("SSL_ERROR_NONE");
 	    dprintBuffer(buf, bytesRead);
 	    break;
 
 	case SSL_ERROR_SSL:
 	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
 	    dprintf("SSL error, indicating that the connection has been aborted");
 	    if (backingError != 0) {
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
 	    } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
-		Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
+		Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
 	    } else {
 		Tls_Error(statePtr, "Unknown SSL error");
 	    }
 	    *errorCodePtr = ECONNABORTED;
 	    bytesRead = -1;
@@ -383,16 +434,43 @@
 	    if (ERR_GET_REASON(backingError) == SSL_R_UNEXPECTED_EOF_WHILE_READING) {
 		dprintf("(Unexpected) EOF reached")
 		*errorCodePtr = 0;
 		bytesRead = 0;
 		Tls_Error(statePtr, "EOF reached");
-	    }    
+	    }
 #endif
 	    break;
+
+	case SSL_ERROR_WANT_READ:
+	    /* Op did not complete due to not enough data was available. Retry later. */
+	    dprintf("Got SSL_ERROR_WANT_READ, mapping this to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    bytesRead = -1;
+	    statePtr->want = TCL_READABLE;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_READ");
+	    break;
+
+	case SSL_ERROR_WANT_WRITE:
+	    /* Op did not complete due to unable to sent all data to the BIO. Retry later. */
+	    dprintf("Got SSL_ERROR_WANT_WRITE, mapping this to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    bytesRead = -1;
+	    statePtr->want = TCL_WRITABLE;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE");
+	    break;
+
+	case SSL_ERROR_WANT_X509_LOOKUP:
+	    /* Op didn't complete since callback set by SSL_CTX_set_client_cert_cb() asked to be called again */
+	    dprintf("Got SSL_ERROR_WANT_X509_LOOKUP, mapping it to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    bytesRead = -1;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_X509_LOOKUP");
+	    break;
 
 	case SSL_ERROR_SYSCALL:
 	    /* Some non-recoverable, fatal I/O error occurred */
+	    dprintf("SSL_ERROR_SYSCALL");
 
 	    if (backingError == 0 && bytesRead == 0) {
 		/* Unexpected EOF from the peer for OpenSSL 1.1 */
 		dprintf("(Unexpected) EOF reached")
 		*errorCodePtr = 0;
@@ -401,32 +479,34 @@
 
 	    } else if (backingError == 0 && bytesRead == -1) {
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		bytesRead = -1;
-		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr));
+		Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = Tcl_GetErrno();
 		bytesRead = -1;
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
 	    }
 	    break;
 
 	case SSL_ERROR_ZERO_RETURN:
+	    /* Peer has closed the connection by sending the close_notify alert. Can't read, but can write. */
 	    dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached");
 	    bytesRead = 0;
 	    *errorCodePtr = 0;
 	    Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert");
 	    break;
 
-	case SSL_ERROR_WANT_READ:
-	    dprintf("Got SSL_ERROR_WANT_READ, mapping this to EAGAIN");
+	case SSL_ERROR_WANT_ASYNC:
+	    /* Used with flag SSL_MODE_ASYNC, op didn't complete because an async engine is still processing data */
+	    dprintf("Got SSL_ERROR_WANT_ASYNC, mapping this to EAGAIN");
 	    bytesRead = -1;
 	    *errorCodePtr = EAGAIN;
-	    Tls_Error(statePtr, "SSL_ERROR_WANT_READ");
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_ASYNC");
 	    break;
 
 	default:
 	    dprintf("Unknown error (err = %i), mapping to EOF", err);
 	    *errorCodePtr = 0;
@@ -438,58 +518,65 @@
     dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
     return bytesRead;
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsOutputProc --
  *
- *    This procedure is invoked by the generic IO level
- *       to write output to a SSL socket based channel.
+ *	This procedure is invoked by the generic IO level to write data to
+ *	the BIO. Equivalent to SSL_write. Called by the
+ *	generic I/O layer whenever the Tcl_Write(), Tcl_WriteChars,
+ *	TTcl_WriteObj functions are used.
  *
  * Results:
  *    Returns the number of bytes written or -1 on error. Sets errorCodePtr
  *    to a POSIX error code if an error occurred, or 0 if none.
  *
  * Side effects:
  *    Writes output on the output device of the channel.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsOutputProc(ClientData instanceData, const char *buf, int toWrite, int *errorCodePtr) {
     unsigned long backingError;
     State *statePtr = (State *) instanceData;
     int written, err;
-    int tlsConnect;
-
     *errorCodePtr = 0;
 
-    dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite);
+    dprintf("Write(%p, %d)", (void *) statePtr, toWrite);
     dprintBuffer(buf, toWrite);
 
+    /* Skip if user verify callback is still running */
     if (statePtr->flags & TLS_TCL_CALLBACK) {
 	dprintf("Don't process output while callbacks are running");
 	written = -1;
 	*errorCodePtr = EAGAIN;
 	return -1;
     }
 
-    dprintf("Calling Tls_WaitForConnect");
-    tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 1);
-    if (tlsConnect < 0) {
-	dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);
-	Tls_Error(statePtr, strerror(*errorCodePtr));
-
-	written = -1;
-	if (*errorCodePtr == ECONNRESET) {
-	    dprintf("Got connection reset");
-	    /* Soft EOF */
-	    *errorCodePtr = 0;
-	    written = 0;
-	}
-	return written;
+    /* If not initialized, do connect */
+    if (statePtr->flags & TLS_TCL_INIT) {
+	int tlsConnect;
+
+	dprintf("Calling Tls_WaitForConnect");
+
+	tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 1);
+	if (tlsConnect < 0) {
+	    dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr);
+	    Tls_Error(statePtr, strerror(*errorCodePtr));
+
+	    written = -1;
+	    if (*errorCodePtr == ECONNRESET) {
+		dprintf("Got connection reset");
+		/* Soft EOF */
+		*errorCodePtr = 0;
+		written = 0;
+	    }
+	    return written;
+	}
     }
 
     if (toWrite == 0) {
 	dprintf("zero-write");
 	err = BIO_flush(statePtr->bio);
@@ -518,49 +605,94 @@
      * BIO_write specially (as advised in the RSA docs).  TLS's lower level
      * BIO functions play with the retry flags though, and this seems to
      * work correctly.  Similar fix in TlsInputProc. - hobbs
      */
     ERR_clear_error();
+    /* SSL_write will return 1 for success or 0 for failure */
     written = BIO_write(statePtr->bio, buf, toWrite);
     dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written);
 
+    /* Get error is more comprehensive than SSL_want */
     err = SSL_get_error(statePtr->ssl, written);
     backingError = ERR_get_error();
+
+    if (written <= 0) {
+	if (BIO_should_retry(statePtr->bio)) {
+	    dprintf("Write failed with code %d, bytes written=%d: should retry", err, written);
+	} else {
+	    dprintf("Write failed with code %d, bytes written=%d: error condition", err, written);
+	}
+	
+	/* These are the same as BIO_retry_type */
+	if (BIO_should_read(statePtr->bio)) {
+	    dprintf("BIO has insufficient data to read and return");
+	}
+	if (BIO_should_write(statePtr->bio)) {
+	    dprintf("BIO has pending data to write");
+	}
+	if (BIO_should_io_special(statePtr->bio)) {
+	    int reason = BIO_get_retry_reason(statePtr->bio);
+	    dprintf("BIO has some special condition other than read or write: code=%d", reason);
+	}
+	dprintf("BIO has pending data to write");
+
+    } else {
+	BIO_flush(statePtr->bio);
+    }
 
     switch (err) {
 	case SSL_ERROR_NONE:
+	    /* I/O operation completed */
+	    dprintf("SSL_ERROR_NONE");
 	    if (written < 0) {
 		written = 0;
 	    }
 	    break;
 
-	case SSL_ERROR_WANT_WRITE:
-	    dprintf("Got SSL_ERROR_WANT_WRITE, mapping it to EAGAIN");
-	    *errorCodePtr = EAGAIN;
+	case SSL_ERROR_SSL:
+	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
+	    dprintf("SSL error, indicating that the connection has been aborted");
+	    if (backingError != 0) {
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
+	    } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
+		Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
+	    } else {
+		Tls_Error(statePtr, "Unknown SSL error");
+	    }
+	    *errorCodePtr = ECONNABORTED;
 	    written = -1;
-	    Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE");
 	    break;
 
 	case SSL_ERROR_WANT_READ:
-	    dprintf(" write R BLOCK");
+	    /* Op did not complete due to not enough data was available. Retry later. */
+	    dprintf("Got SSL_ERROR_WANT_READ, mapping it to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    written = -1;
+	    statePtr->want = TCL_READABLE;
 	    Tls_Error(statePtr, "SSL_ERROR_WANT_READ");
 	    break;
 
-	case SSL_ERROR_WANT_X509_LOOKUP:
-	    dprintf(" write X BLOCK");
-	    Tls_Error(statePtr, "SSL_ERROR_WANT_X509_LOOKUP");
+	case SSL_ERROR_WANT_WRITE:
+	    /* Op did not complete due to unable to sent all data to the BIO. Retry later. */
+	    dprintf("Got SSL_ERROR_WANT_WRITE, mapping it to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    written = -1;
+	    statePtr->want = TCL_WRITABLE;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE");
 	    break;
 
-	case SSL_ERROR_ZERO_RETURN:
-	    dprintf(" closed");
-	    written = 0;
-	    *errorCodePtr = 0;
-	    Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert");
+	case SSL_ERROR_WANT_X509_LOOKUP:
+	    /* Op didn't complete since callback set by SSL_CTX_set_client_cert_cb() asked to be called again */
+	    dprintf("Got SSL_ERROR_WANT_X509_LOOKUP, mapping it to EAGAIN");
+	    *errorCodePtr = EAGAIN;
+	    written = -1;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_X509_LOOKUP");
 	    break;
 
 	case SSL_ERROR_SYSCALL:
 	    /* Some non-recoverable, fatal I/O error occurred */
+	    dprintf("SSL_ERROR_SYSCALL");
 
 	    if (backingError == 0 && written == 0) {
 		dprintf("EOF reached")
 		*errorCodePtr = 0;
 		written = 0;
@@ -568,32 +700,34 @@
 
 	    } else if (backingError == 0 && written == -1) {
 		dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno());
 		*errorCodePtr = Tcl_GetErrno();
 		written = -1;
-		Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr));
+		Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr));
 
 	    } else {
 		dprintf("I/O error occurred (backingError = %lu)", backingError);
 		*errorCodePtr = Tcl_GetErrno();
 		written = -1;
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
+		Tls_Error(statePtr, ERR_reason_error_string(backingError));
 	    }
 	    break;
 
-	case SSL_ERROR_SSL:
-	    /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */
-	    dprintf("SSL error, indicating that the connection has been aborted");
-	    if (backingError != 0) {
-		Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError));
-	    } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) {
-		Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)));
-	    } else {
-		Tls_Error(statePtr, "Unknown SSL error");
-	    }
-	    *errorCodePtr = ECONNABORTED;
+	case SSL_ERROR_ZERO_RETURN:
+	    /* Peer has closed the connection by sending the close_notify alert. Can't read, but can write. */
+	    dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached");
+	    written = 0;
+	    *errorCodePtr = 0;
+	    Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert");
+	    break;
+
+	case SSL_ERROR_WANT_ASYNC:
+	    /* Used with flag SSL_MODE_ASYNC, op didn't complete because an async engine is still processing data */
+	    dprintf("Got SSL_ERROR_WANT_ASYNC, mapping this to EAGAIN");
+	    *errorCodePtr = EAGAIN;
 	    written = -1;
+	    Tls_Error(statePtr, "SSL_ERROR_WANT_ASYNC");
 	    break;
 
 	default:
 	    dprintf("unknown error: %d", err);
 	    Tls_Error(statePtr, "Unknown error");
@@ -603,45 +737,63 @@
     dprintf("Output(%d) -> %d", toWrite, written);
     return written;
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_GetParent --
+ *
+ *    Get parent channel for a stacked channel.
+ *
+ * Results:
+ *    Tcl_Channel or NULL if none.
+ *
+ *-----------------------------------------------------------------------------
+ */
+Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) {
+    dprintf("Requested to get parent of channel %p", statePtr->self);
+
+    if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) {
+	dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL");
+	return NULL;
+    }
+    return Tcl_GetStackedChannel(statePtr->self);
+}
+
+/*
+ *-----------------------------------------------------------------------------
  *
  * TlsSetOptionProc --
  *
- *    Sets an option value for a SSL socket based channel, or a
- *    list of all options and their values.
+ *	Sets an option to value for a SSL socket based channel. Called by the
+ *	generic I/O layer whenever the Tcl_SetChannelOption() function is used.
  *
  * Results:
  *    TCL_OK if successful or TCL_ERROR if failed.
  *
  * Side effects:
  *    Updates channel option to new value.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int
 TlsSetOptionProc(ClientData instanceData,    /* Socket state. */
     Tcl_Interp *interp,		/* For errors - can be NULL. */
     const char *optionName,	/* Name of the option to set the value for, or
 				 * NULL to get all options and their values. */
     const char *optionValue)	/* Value for option. */
 {
     State *statePtr = (State *) instanceData;
-
-    Tcl_Channel downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
+    Tcl_Channel parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
     Tcl_DriverSetOptionProc *setOptionProc;
 
-    setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(downChan));
+    dprintf("Called");
+
+    setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(parent));
     if (setOptionProc != NULL) {
-	return (*setOptionProc)(Tcl_GetChannelInstanceData(downChan), interp, optionName, optionValue);
-    } else if (optionName == (char*) NULL) {
-	/*
-	 * Request is query for all options, this is ok.
-	 */
-	return TCL_OK;
+	return (*setOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
     }
     /*
      * Request for a specific option has to fail, we don't have any.
      */
     return Tcl_BadChannelOption(interp, optionName, "");
@@ -650,17 +802,18 @@
 /*
  *-------------------------------------------------------------------
  *
  * TlsGetOptionProc --
  *
- *    Gets an option value for a SSL socket based channel, or a
- *    list of all options and their values.
+ *	Get a option's value for a SSL socket based channel, or a list of all
+ *	options and their values. Called by the generic I/O layer whenever the
+ *	Tcl_GetChannelOption() function is used.
+ *
  *
  * Results:
- *    A standard Tcl result. The value of the specified option or a
- *    list of all options and their values is returned in the
- *    supplied DString.
+ *	A standard Tcl result. The value of the specified option or a list of
+ *	all options and their values is returned in the supplied DString.
  *
  * Side effects:
  *    None.
  *
  *-------------------------------------------------------------------
@@ -671,17 +824,18 @@
     const char *optionName,	/* Name of the option to retrieve the value for, or
 				 * NULL to get all options and their values. */
     Tcl_DString *optionValue)	/* Where to store the computed value initialized by caller. */
 {
     State *statePtr = (State *) instanceData;
-
-    Tcl_Channel downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
+    Tcl_Channel parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
     Tcl_DriverGetOptionProc *getOptionProc;
 
-    getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(downChan));
+    dprintf("Called");
+
+    getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(parent));
     if (getOptionProc != NULL) {
-	return (*getOptionProc)(Tcl_GetChannelInstanceData(downChan), interp, optionName, optionValue);
+	return (*getOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue);
     } else if (optionName == (char*) NULL) {
 	/*
 	 * Request is query for all options, this is ok.
 	 */
 	return TCL_OK;
@@ -691,53 +845,104 @@
      */
     return Tcl_BadChannelOption(interp, optionName, "");
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
+ *
+ *    TlsChannelHandlerTimer --
+ *
+ *	Called by the notifier via a timer, to flush out data waiting in
+ *	channel buffers. called by the generic I/O layer whenever the
+ *	Tcl_GetChannelHandle() function is used.
+ *
+ * Results:
+ *        None.
+ *
+ * Side effects:
+ *	Creates notification event.
+ *
+ *-----------------------------------------------------------------------------
+ */
+static void TlsChannelHandlerTimer(ClientData clientData) {
+    State *statePtr = (State *) clientData;
+    int mask = statePtr->want; /* Init to SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE */
+
+    dprintf("Called");
+
+    statePtr->timer = (Tcl_TimerToken) NULL;
+
+    /* Check for amount of data pending in BIO write buffer */
+    if (BIO_wpending(statePtr->bio)) {
+	dprintf("[chan=%p] BIO writable", statePtr->self);
+
+	mask |= TCL_WRITABLE;
+    }
+
+    /* Check for amount of data pending in BIO read buffer */
+    if (BIO_pending(statePtr->bio)) {
+	dprintf("[chan=%p] BIO readable", statePtr->self);
+
+	mask |= TCL_READABLE;
+    }
+
+    /* Notify event subsystem that the channel is readable or writeable */
+    dprintf("Notifying ourselves");
+    Tcl_NotifyChannel(statePtr->self, mask);
+    statePtr->want = 0;
+
+    dprintf("Returning");
+
+    return;
+}
+
+/*
+ *-----------------------------------------------------------------------------
  *
  * TlsWatchProc --
  *
- *    Initialize the notifier to watch Tcl_Files from this channel.
+ *	Set up the event notifier to watch for events of interest from this
+ *	channel. Called by the generic I/O layer whenever the user (or the
+ *	system) announces its (dis)interest in events on the channel. This is
+ *	called repeatedly.
  *
  * Results:
  *    None.
  *
  * Side effects:
- *    Sets up the notifier so that a future event on the channel
- *    will be seen by Tcl.
+ *	Sets up the time-based notifier so that future events on the channel
+ *	will be seen by TCL.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static void
 TlsWatchProc(ClientData instanceData,    /* The socket state. */
     int mask)			/* Events of interest; an OR-ed combination of
 				 * TCL_READABLE, TCL_WRITABLE and TCL_EXCEPTION. */
 {
-    Tcl_Channel     downChan;
+    Tcl_Channel     parent;
     State *statePtr = (State *) instanceData;
     Tcl_DriverWatchProc *watchProc;
 
     dprintf("TlsWatchProc(0x%x)", mask);
+    dprintFlags(statePtr);
 
     /* Pretend to be dead as long as the verify callback is running.
      * Otherwise that callback could be invoked recursively. */
     if (statePtr->flags & TLS_TCL_CALLBACK) {
 	dprintf("Callback is on-going, doing nothing");
 	return;
     }
 
-    dprintFlags(statePtr);
-
-    downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
+    parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH);
 
     if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
 	dprintf("Asked to watch a socket with a failed handshake -- nothing can happen here");
 	dprintf("Unregistering interest in the lower channel");
 
-	watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(downChan));
-	watchProc(Tcl_GetChannelInstanceData(downChan), 0);
+	watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent));
+	watchProc(Tcl_GetChannelInstanceData(parent), 0);
 	statePtr->watchMask = 0;
 	return;
     }
 
     statePtr->watchMask = mask;
@@ -747,13 +952,13 @@
      * 'TransformNotifyProc'. But we have to pass the interest down now.
      * We are allowed to add additional 'interest' to the mask if we want
      * to. But this transformation has no such interest. It just passes
      * the request down, unchanged.
      */
-    dprintf("Registering our interest in the lower channel (chan=%p)", (void *) downChan);
-    watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(downChan));
-    watchProc(Tcl_GetChannelInstanceData(downChan), mask);
+    dprintf("Registering our interest in the lower channel (chan=%p)", (void *) parent);
+    watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent));
+    watchProc(Tcl_GetChannelInstanceData(parent), mask);
 
 
     /*
      * Management of the internal timer.
      */
@@ -761,12 +966,12 @@
 	dprintf("A timer was found, deleting it");
 	Tcl_DeleteTimerHandler(statePtr->timer);
 	statePtr->timer = (Tcl_TimerToken) NULL;
     }
 
-    if ((mask & TCL_READABLE) &&
-	((Tcl_InputBuffered(statePtr->self) > 0) || (BIO_ctrl_pending(statePtr->bio) > 0))) {
+    if (statePtr->want || ((mask & TCL_READABLE) &&
+	((Tcl_InputBuffered(statePtr->self) > 0) || (BIO_ctrl_pending(statePtr->bio) > 0)))) {
 	/*
 	 * There is interest in readable events and we actually have
 	 * data waiting, so generate a timer to flush that.
 	 */
 	dprintf("Creating a new timer since data appears to be waiting");
@@ -773,24 +978,24 @@
 	statePtr->timer = Tcl_CreateTimerHandler(TLS_TCL_DELAY, TlsChannelHandlerTimer, (ClientData) statePtr);
     }
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsGetHandleProc --
  *
- *    Called from Tcl_GetChannelFile to retrieve o/s file handler
- *    from the SSL socket based channel.
+ *	This procedure is invoked by the generic IO level to retrieve an OS
+ *	specific handle associated with the channel. Not used for transforms.
  *
  * Results:
  *    The appropriate Tcl_File handle or NULL if none.
  *
  * Side effects:
  *    None.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsGetHandleProc(ClientData instanceData,    /* Socket state. */
     int direction,		/* TCL_READABLE or TCL_WRITABLE */
     ClientData *handlePtr)	/* Handle associated with the channel */
 {
@@ -798,142 +1003,93 @@
 
     return Tcl_GetChannelHandle(Tls_GetParent(statePtr, TLS_TCL_FASTPATH), direction, handlePtr);
 }
 
 /*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * TlsNotifyProc --
  *
- *    Handler called by Tcl to inform us of activity
- *    on the underlying channel.
+ *	This procedure is invoked by the generic IO level to notify the channel
+ *	that an event has occurred on the underlying channel. It is used by stacked channel drivers that
+ *	wish to be notified of events that occur on the underlying (stacked)
+ *	channel.
  *
  * Results:
  *    Type of event or 0 if failed
  *
  * Side effects:
  *    May process the incoming event by itself.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static int TlsNotifyProc(ClientData instanceData,    /* Socket state. */
     int mask)			/* type of event that occurred:
 				 * OR-ed combination of TCL_READABLE or TCL_WRITABLE */
 {
     State *statePtr = (State *) instanceData;
-    int errorCode;
+    int errorCode = 0;
+
+    dprintf("Called");
+
+    /*
+     * Delete an existing timer. It was not fired, yet we are
+     * here, so the channel below generated such an event and we
+     * don't have to. The renewal of the interest after the
+     * execution of channel handlers will eventually cause us to
+     * recreate the timer (in WatchProc).
+     */
+    if (statePtr->timer != (Tcl_TimerToken) NULL) {
+	Tcl_DeleteTimerHandler(statePtr->timer);
+	statePtr->timer = (Tcl_TimerToken) NULL;
+    }
+
+    /* Skip if user verify callback is still running */
+    if (statePtr->flags & TLS_TCL_CALLBACK) {
+	dprintf("Callback is on-going, returning failed");
+	return 0;
+    }
+
+    /* If not initialized, do connect */
+    if (statePtr->flags & TLS_TCL_INIT) {
+	dprintf("Calling Tls_WaitForConnect");
+	if (Tls_WaitForConnect(statePtr, &errorCode, 1) < 0) {
+	    Tls_Error(statePtr, strerror(errorCode));
+	    if (errorCode == EAGAIN) {
+		dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN:  Returning failed");
+
+		return 0;
+	    }
+
+	    dprintf("Tls_WaitForConnect returned an error");
+	}
+    }
+
+    dprintf("Returning %i", mask);
 
     /*
      * An event occurred in the underlying channel.  This
      * transformation doesn't process such events thus returns the
      * incoming mask unchanged.
      */
-    if (statePtr->timer != (Tcl_TimerToken) NULL) {
-	/*
-	 * Delete an existing timer. It was not fired, yet we are
-	 * here, so the channel below generated such an event and we
-	 * don't have to. The renewal of the interest after the
-	 * execution of channel handlers will eventually cause us to
-	 * recreate the timer (in WatchProc).
-	 */
-	Tcl_DeleteTimerHandler(statePtr->timer);
-	statePtr->timer = (Tcl_TimerToken) NULL;
-    }
-
-    if (statePtr->flags & TLS_TCL_CALLBACK) {
-	dprintf("Returning 0 due to callback");
-	return 0;
-    }
-
-    dprintf("Calling Tls_WaitForConnect");
-    errorCode = 0;
-    if (Tls_WaitForConnect(statePtr, &errorCode, 1) < 0) {
-	Tls_Error(statePtr, strerror(errorCode));
-	if (errorCode == EAGAIN) {
-	    dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN:  Returning 0");
-
-	    return 0;
-	}
-
-	dprintf("Tls_WaitForConnect returned an error");
-    }
-
-    dprintf("Returning %i", mask);
-
     return mask;
 }
 
 /*
- *------------------------------------------------------*
- *
- *    TlsChannelHandlerTimer --
- *
- *    ------------------------------------------------*
- *    Called by the notifier (-> timer) to flush out
- *    information waiting in channel buffers.
- *    ------------------------------------------------*
- *
- *    Side effects:
- *        As of 'TlsChannelHandler'.
- *
- *    Result:
- *        None.
- *
- *------------------------------------------------------*
- */
-static void TlsChannelHandlerTimer(ClientData clientData) {
-    State *statePtr = (State *) clientData;
-    int mask = 0;
-
-    dprintf("Called");
-
-    statePtr->timer = (Tcl_TimerToken) NULL;
-
-    if (BIO_wpending(statePtr->bio)) {
-	dprintf("[chan=%p] BIO writable", statePtr->self);
-
-	mask |= TCL_WRITABLE;
-    }
-
-    if (BIO_pending(statePtr->bio)) {
-	dprintf("[chan=%p] BIO readable", statePtr->self);
-
-	mask |= TCL_READABLE;
-    }
-
-    dprintf("Notifying ourselves");
-    Tcl_NotifyChannel(statePtr->self, mask);
-
-    dprintf("Returning");
-
-    return;
-}
-
-Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) {
-    dprintf("Requested to get parent of channel %p", statePtr->self);
-
-    if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) {
-	dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL");
-	return NULL;
-    }
-    return Tcl_GetStackedChannel(statePtr->self);
-}
-
-/*
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  *
  * Tls_ChannelType --
  *
- *    Return the correct TLS channel driver info
+ *	Defines the correct TLS channel driver handlers for this channel type.
  *
  * Results:
- *    The correct channel driver for the current version of Tcl.
+ *	Tcl_ChannelType structure.
  *
  * Side effects:
  *    None.
  *
- *-------------------------------------------------------------------
+ *-----------------------------------------------------------------------------
  */
 static const Tcl_ChannelType tlsChannelType = {
     "tls",			/* Type name */
     TCL_CHANNEL_VERSION_5,	/* v5 channel */
     TlsCloseProc,		/* Close proc */

Index: generic/tlsInt.h
==================================================================
--- generic/tlsInt.h
+++ generic/tlsInt.h
@@ -1,35 +1,44 @@
 /*
+ *----------------------------------------------------------------------
  * Copyright (C) 1997-2000 Matt Newman 
  *
- * TLS (aka SSL) Channel - can be layered on any bi-directional
- * Tcl_Channel (Note: Requires Trf Core Patch)
- *
- * This was built from scratch based upon observation of OpenSSL 0.9.2B
+ *	Macro and structure definitions
  *
  * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
  * providing the Tcl_ReplaceChannel mechanism and working closely with me
  * to enhance it to support full fileevent semantics.
  *
  * Also work done by the follow people provided the impetus to do this "right":-
  *	tclSSL (Colin McCormack, Shared Technology)
  *	SSLtcl (Peter Antman)
- *
+ *----------------------------------------------------------------------
  */
 #ifndef _TLSINT_H
 #define _TLSINT_H
+
+/* Platform unique definitions */
+#ifdef _WIN32
+#define WIN32_LEAN_AND_MEAN
+#include 
+#include  /* OpenSSL needs this on Windows */
+#endif
 
 #include "tls.h"
 #include 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
 
-#ifdef _WIN32
-#define WIN32_LEAN_AND_MEAN
-#include 
-#include  /* OpenSSL needs this on Windows */
-#endif
+/* Windows needs to know which symbols to export. */
+#ifdef BUILD_tls
+#undef TCL_STORAGE_CLASS
+#define TCL_STORAGE_CLASS DLLEXPORT
+#endif /* BUILD_udp */
 
 /* Handle TCL 8.6 CONST changes */
 #ifndef CONST86
 #   if TCL_MAJOR_VERSION > 8
 #	define CONST86 const
@@ -40,29 +49,34 @@
 
 /*
  * Backwards compatibility for size type change
  */
 #if TCL_MAJOR_VERSION < 9 && TCL_MINOR_VERSION < 7
-    #ifndef Tcl_Size
-        typedef int Tcl_Size;
-    #endif
+#include 
+#ifndef TCL_SIZE_MAX
+#define TCL_SIZE_MAX INT_MAX
+#endif
+
+#ifndef Tcl_Size
+    typedef int Tcl_Size;
+#endif
 
-    #define TCL_SIZE_MODIFIER ""
+#define TCL_SIZE_MODIFIER ""
+#define Tcl_GetSizeIntFromObj Tcl_GetIntFromObj
+#define Tcl_NewSizeIntObj     Tcl_NewIntObj
+#define Tcl_NewSizeIntFromObj Tcl_NewWideIntObj
 #endif
 
-#include 
-#include 
-#include 
-#include 
-
+/* Define missing POSIX error codes */
 #ifndef ECONNABORTED
 #define ECONNABORTED	130	/* Software caused connection abort */
 #endif
 #ifndef ECONNRESET
 #define ECONNRESET	131	/* Connection reset by peer */
 #endif
 
+/* Debug and error macros */
 #ifdef TCLEXT_TCLTLS_DEBUG
 #include 
 #define dprintf(...) { \
 	char dprintfBuffer[8192], *dprintfBuffer_p; \
 	dprintfBuffer_p = &dprintfBuffer[0]; \
@@ -124,13 +138,13 @@
 }
 #define LAPPEND_BOOL(interp, obj, text, value) {\
     if (text != NULL) Tcl_ListObjAppendElement(interp, obj, Tcl_NewStringObj(text, -1)); \
     Tcl_ListObjAppendElement(interp, obj, Tcl_NewBooleanObj(value)); \
 }
-#define LAPPEND_OBJ(interp, obj, text, listObj) {\
+#define LAPPEND_OBJ(interp, obj, text, tclObj) {\
     if (text != NULL) Tcl_ListObjAppendElement(interp, obj, Tcl_NewStringObj(text, -1)); \
-    Tcl_ListObjAppendElement(interp, obj, listObj); \
+    Tcl_ListObjAppendElement(interp, obj, (tclObj != NULL) ? tclObj : Tcl_NewStringObj("", 0)); \
 }
 
 /*
  * OpenSSL BIO Routines
  */
@@ -159,10 +173,11 @@
 	Tcl_Channel self;	/* this socket channel */
 	Tcl_TimerToken timer;
 
 	int flags;		/* see State.flags above  */
 	int watchMask;		/* current WatchProc mask */
+	int want;		/* pending wants from OpenSSL */
 	int mode;		/* current mode of parent channel */
 
 	Tcl_Interp *interp;	/* interpreter in which this resides */
 	Tcl_Obj *callback;	/* script called for tracing, info, and errors */
 	Tcl_Obj *password;	/* script called for certificate password */
@@ -172,14 +187,14 @@
 	SSL *ssl;		/* Struct for SSL processing */
 	SSL_CTX *ctx;		/* SSL Context */
 	BIO *bio;		/* Struct for SSL processing */
 	BIO *p_bio;		/* Parent BIO (that is layered on Tcl_Channel) */
 
-	unsigned char *protos;	/* List of supported protocols in protocol format */
 	unsigned int protos_len; /* Length of protos */
+	unsigned char *protos;	/* List of supported protocols in protocol format */
 
-	char *err;
+	const char *err;
 } State;
 
 #ifdef USE_TCL_STUBS
 #ifndef Tcl_StackChannel
 #error "Unable to compile on this version of Tcl"
@@ -196,17 +211,18 @@
  * Forward declarations
  */
 const Tcl_ChannelType *Tls_ChannelType(void);
 Tcl_Channel     Tls_GetParent(State *statePtr, int maskFlags);
 
-Tcl_Obj         *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert);
+Tcl_Obj         *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert, int all);
 Tcl_Obj		*Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer);
-void            Tls_Error(State *statePtr, char *msg);
+void            Tls_Error(State *statePtr, const char *msg);
 void            Tls_Free(tls_free_type *blockPtr);
 void            Tls_Clean(State *statePtr);
 int             Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent);
 
 BIO             *BIO_new_tcl(State* statePtr, int flags);
+int		BIO_cleanup();
 
 #define PTR2INT(x) ((int) ((intptr_t) (x)))
 
 #endif /* _TLSINT_H */

Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -1,6 +1,8 @@
 /*
+ * Parse X.509 certificate and return contents as a TCL key-value list.
+ *
  * Copyright (C) 1997-2000 Sensus Consulting Ltd.
  * Matt Newman 
  * Copyright (C) 2023 Brian O'Hagan
  */
 #include 
@@ -12,133 +14,206 @@
 #include 
 #include 
 #include "tlsInt.h"
 
 /* Define maximum certificate size. Max PEM size 100kB and DER size is 24kB. */
-#define CERT_STR_SIZE 32768
-
-
-/*
- * Binary string to hex string
- */
-int String_to_Hex(unsigned char* input, int ilen, unsigned char *output, int olen) {
-    int count = 0;
-    unsigned char *iptr = input;
-    unsigned char *optr = &output[0];
-    const char *hex = "0123456789abcdef";
-
-    for (int i = 0; i < ilen && count < olen - 1; i++, count += 2) {
-        *optr++ = hex[(*iptr>>4)&0xF];
-        *optr++ = hex[(*iptr++)&0xF];
-    }
-    *optr = 0;
-    return count;
-}
-
-/*
- * BIO to Buffer
- */
-int BIO_to_Buffer(int result, BIO *bio, void *buffer, int size) {
-    int len = 0;
-    int pending = BIO_pending(bio);
-
-    if (result) {
-	len = BIO_read(bio, buffer, (pending < size) ? pending : size);
+#define CERT_STR_SIZE 24576
+
+
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * String_to_Hex --
+ *
+ *	Format contents of a binary string as a hex string
+ *
+ * Results:
+ *	TCL byte array object with x509 identifier as a hex string
+ *
+ * Side Effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
+ */
+Tcl_Obj *String_to_Hex(unsigned char* input, int ilen) {
+    unsigned char *iptr = input;
+    Tcl_Obj *resultObj = Tcl_NewByteArrayObj(NULL, 0);
+    unsigned char *data = Tcl_SetByteArrayLength(resultObj, ilen*2);
+    unsigned char *dptr = &data[0];
+    const char *hex = "0123456789abcdef";
+
+    if (resultObj == NULL) {
+	return NULL;
+    }
+
+    for (int i = 0; i < ilen; i++) {
+        *dptr++ = hex[(*iptr>>4)&0xF];
+        *dptr++ = hex[(*iptr++)&0xF];
+    }
+    return resultObj;
+}
+
+/*
+ *-----------------------------------------------------------------------------
+ *
+ * BIO_to_Buffer --
+ *
+ *	Output contents of a BIO to a buffer
+ *
+ * Results:
+ *	Returns length of string in buffer
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
+ */
+Tcl_Size BIO_to_Buffer(int result, BIO *bio, void *output, int olen) {
+    Tcl_Size len = 0;
+    int pending = BIO_pending(bio);
+
+    if (result) {
+	len = (Tcl_Size) BIO_read(bio, output, (pending < olen) ? pending : olen);
 	(void)BIO_flush(bio);
 	if (len < 0) {
 	    len = 0;
 	}
     }
     return len;
 }
 
 /*
- * Get X509 Certificate Extensions
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Extensions --
+ *
+ *	Get list of X.509 Certificate Extensions
+ *
+ * Results:
+ *	TCL list of extensions and boolean critical status
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509Extensions(Tcl_Interp *interp, X509 *cert) {
     const STACK_OF(X509_EXTENSION) *exts;
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((exts = X509_get0_extensions(cert)) != NULL) {
 	for (int i=0; i < X509_get_ext_count(cert); i++) {
 	    X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
 	    ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
 	    /* ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ex); */
 	    int critical = X509_EXTENSION_get_critical(ex);
-	    LAPPEND_BOOL(interp, listPtr, OBJ_nid2ln(OBJ_obj2nid(obj)), critical);
+	    LAPPEND_BOOL(interp, resultObj, OBJ_nid2ln(OBJ_obj2nid(obj)), critical);
 	}
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get Authority and Subject Key Identifiers
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Identifier --
+ *
+ *	Get X.509 certificate Authority or Subject Key Identifiers
+ *
+ * Results:
+ *	TCL byte array object with x509 identifier as a hex string
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) {
-    Tcl_Obj *resultPtr = NULL;
-    int len = 0;
-    unsigned char buffer[1024];
+    Tcl_Obj *resultObj = NULL;
 
     if (astring != NULL) {
-	len = String_to_Hex((unsigned char *)ASN1_STRING_get0_data(astring),
-	    ASN1_STRING_length(astring), buffer, 1024);
+	resultObj = String_to_Hex((unsigned char *)ASN1_STRING_get0_data(astring),
+	    ASN1_STRING_length(astring));
     }
-    resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len);
-    return resultPtr;
+    return resultObj;
 }
 
 /*
- * Get Key Usage
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509KeyUsage --
+ *
+ *	Get X.509 certificate key usage types
+ *
+ * Results:
+ *	Tcl list of types
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509KeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) {
     uint32_t usage = X509_get_key_usage(cert);
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((xflags & EXFLAG_KUSAGE) && usage < UINT32_MAX) {
 	if (usage & KU_DIGITAL_SIGNATURE) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Digital Signature", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Digital Signature", -1));
 	}
 	if (usage & KU_NON_REPUDIATION) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Non-Repudiation", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Non-Repudiation", -1));
 	}
 	if (usage & KU_KEY_ENCIPHERMENT) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Key Encipherment", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Key Encipherment", -1));
 	}
 	if (usage & KU_DATA_ENCIPHERMENT) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Data Encipherment", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Data Encipherment", -1));
 	}
 	if (usage & KU_KEY_AGREEMENT) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Key Agreement", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Key Agreement", -1));
 	}
 	if (usage & KU_KEY_CERT_SIGN) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Certificate Signing", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Certificate Signing", -1));
 	}
 	if (usage & KU_CRL_SIGN) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("CRL Signing", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("CRL Signing", -1));
 	}
 	if (usage & KU_ENCIPHER_ONLY) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Encipher Only", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Encipher Only", -1));
 	}
 	if (usage & KU_DECIPHER_ONLY) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Decipher Only", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Decipher Only", -1));
 	}
     } else {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("unrestricted", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("unrestricted", -1));
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get Certificate Purpose
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Purpose --
+ *
+ *	Get X.509 certificate purpose
+ *
+ * Results:
+ *	Purpose string
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 char *Tls_x509Purpose(X509 *cert) {
     char *purpose = NULL;
 
     if (X509_check_purpose(cert, X509_PURPOSE_SSL_CLIENT, 0) > 0) {
@@ -164,17 +239,29 @@
     }
     return purpose;
 }
 
 /*
- * For each purpose, get certificate applicability
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Purposes --
+ *
+ *	Get X.509 certificate purpose types
+ *
+ * Results:
+ *	Tcl list of each purpose and whether it is CA or non-CA
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509Purposes(Tcl_Interp *interp, X509 *cert) {
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
     X509_PURPOSE *ptmp;
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     for (int i = 0; i < X509_PURPOSE_get_count(); i++) {
 	ptmp = X509_PURPOSE_get0(i);
@@ -183,95 +270,131 @@
 	for (int j = 0; j < 2; j++) {
 	    int idret = X509_check_purpose(cert, X509_PURPOSE_get_id(ptmp), j);
 	    Tcl_ListObjAppendElement(interp, tmpPtr, Tcl_NewStringObj(j ? "CA" : "nonCA", -1));
 	    Tcl_ListObjAppendElement(interp, tmpPtr, Tcl_NewStringObj(idret == 1 ? "Yes" : "No", -1));
 	}
-	LAPPEND_OBJ(interp, listPtr, X509_PURPOSE_get0_name(ptmp), tmpPtr);
+	LAPPEND_OBJ(interp, resultObj, X509_PURPOSE_get0_name(ptmp), tmpPtr);
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get Subject Alternate Names (SAN) and Issuer Alternate Names
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Names --
+ *
+ *	Get a list of Subject Alternate Names (SAN) or Issuer Alternate Names
+ *
+ * Results:
+ *	Tcl list of alternate names
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509Names(Tcl_Interp *interp, X509 *cert, int nid, BIO *bio) {
     STACK_OF(GENERAL_NAME) *names;
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
-    int len;
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
+    Tcl_Size len;
     char buffer[1024];
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((names = X509_get_ext_d2i(cert, nid, NULL, NULL)) != NULL) {
 	for (int i=0; i < sk_GENERAL_NAME_num(names); i++) {
 	    const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
 
 	    len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, (GENERAL_NAME *) name), bio, buffer, 1024);
-	    LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len);
+	    LAPPEND_STR(interp, resultObj, NULL, buffer, len);
 	}
 	sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get EXtended Key Usage
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509ExtKeyUsage --
+ *
+ *	Get a list of Extended Key Usages
+ *
+ * Returns:
+ *	Tcl list of usages
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509ExtKeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) {
     uint32_t usage = X509_get_key_usage(cert);
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((xflags & EXFLAG_XKUSAGE) && usage < UINT32_MAX) {
 	usage = X509_get_extended_key_usage(cert);
 
 	if (usage & XKU_SSL_SERVER) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("TLS Web Server Authentication", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("TLS Web Server Authentication", -1));
 	}
 	if (usage & XKU_SSL_CLIENT) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("TLS Web Client Authentication", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("TLS Web Client Authentication", -1));
 	}
 	if (usage & XKU_SMIME) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("E-mail Protection", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("E-mail Protection", -1));
 	}
 	if (usage & XKU_CODE_SIGN) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Code Signing", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Code Signing", -1));
 	}
 	if (usage & XKU_SGC) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("SGC", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("SGC", -1));
 	}
 	if (usage & XKU_OCSP_SIGN) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("OCSP Signing", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("OCSP Signing", -1));
 	}
 	if (usage & XKU_TIMESTAMP) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Time Stamping", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Time Stamping", -1));
 	}
 	if (usage & XKU_DVCS ) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("DVCS", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("DVCS", -1));
 	}
 	if (usage & XKU_ANYEKU) {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Any Extended Key Usage", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Any Extended Key Usage", -1));
 	}
     } else {
-	    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("unrestricted", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("unrestricted", -1));
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get CRL Distribution Points
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509CrlDp --
+ *
+ *	Get list of CRL Distribution Points
+ *
+ * Returns:
+ *	Tcl list of URIs and relative-names
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509CrlDp(Tcl_Interp *interp, X509 *cert) {
     STACK_OF(DIST_POINT) *crl;
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) != NULL) {
 	for (int i=0; i < sk_DIST_POINT_num(crl); i++) {
@@ -283,108 +406,136 @@
 		for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
 		    GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
 		    int type;
 		    ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
 		    if (type == GEN_URI) {
-			LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
+			LAPPEND_STR(interp, resultObj, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri));
 		    }
 		}
 	    } else if (distpoint->type == 1) {
 		/* relative-name X509NAME */
 		STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
 		for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
 		    X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
 		    ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
-		    LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
+		    LAPPEND_STR(interp, resultObj, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d));
 		}
 	    }
 	}
 	CRL_DIST_POINTS_free(crl);
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get On-line Certificate Status Protocol (OSCP) URL
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509Oscp
+ *
+ *	Get list of On-line Certificate Status Protocol (OSCP) URIs
+ *
+ * Results:
+ *	Tcl list of URIs
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509Oscp(Tcl_Interp *interp, X509 *cert) {
     STACK_OF(OPENSSL_STRING) *ocsp;
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
 
-    if (listPtr == NULL) {
+    if (resultObj == NULL) {
 	return NULL;
     }
 
     if ((ocsp = X509_get1_ocsp(cert)) != NULL) {
 	for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) {
-	    LAPPEND_STR(interp, listPtr, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1);
+	    LAPPEND_STR(interp, resultObj, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1);
 	}
 	X509_email_free(ocsp);
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- * Get Certificate Authority (CA) Issuers URL
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_x509CaIssuers --
+ *
+ *	Get list of Certificate Authority (CA) Issuer URIs
+ *
+ * Results:
+ *	Tcl list of CA issuer URIs
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
  */
 Tcl_Obj *Tls_x509CaIssuers(Tcl_Interp *interp, X509 *cert) {
     STACK_OF(ACCESS_DESCRIPTION) *ads;
     ACCESS_DESCRIPTION *ad;
-    Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL);
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
     unsigned char *buf;
-    int len;
+
+    if (resultObj == NULL) {
+	return NULL;
+    }
 
     if ((ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) != NULL) {
 	for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
 	    ad = sk_ACCESS_DESCRIPTION_value(ads, i);
 	    if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
 		if (ad->location->type == GEN_URI) {
-		    len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
-		    Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj((char *) buf, (Tcl_Size) len));
+		    Tcl_Size len = (Tcl_Size) ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
+		    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj((char *) buf, len));
 		    OPENSSL_free(buf);
 		    break;
 		}
 	    }
 	}
 	/* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */
 	AUTHORITY_INFO_ACCESS_free(ads);
     }
-    return listPtr;
+    return resultObj;
 }
 
 /*
- *------------------------------------------------------*
- *
- *	Tls_NewX509Obj --
- *
- *	------------------------------------------------*
- *	Converts a X509 certificate into a Tcl_Obj
- *	------------------------------------------------*
- *
- *	Side effects:
- *		None
- *
- *	Result:
- *		A Tcl List Object representing the provided
- *		X509 certificate.
- *
- *------------------------------------------------------*
- */
-
-Tcl_Obj*
-Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) {
-    Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
-    BIO *bio = BIO_new(BIO_s_mem());
-    int mdnid, pknid, bits, len;
+ *-----------------------------------------------------------------------------
+ *
+ * Tls_NewX509Obj --
+ *
+ *	Parses a X509 certificate and returns contents as a key-value Tcl list.
+ *
+ * Result:
+ *	A Tcl List with the X509 certificate info as a key-value list
+ *
+ * Side effects:
+ *	None
+ *
+ *-----------------------------------------------------------------------------
+ */
+Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert, int all) {
+    Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL);
+    BIO *bio = BIO_new(BIO_s_mem());
+    int mdnid, pknid, bits;
+    Tcl_Size len;
     unsigned int ulen;
     uint32_t xflags;
-    char buffer[BUFSIZ];
-    unsigned char md[EVP_MAX_MD_SIZE];
     unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
     flags &= ~ASN1_STRFLGS_ESC_MSB;
 
-    if (interp == NULL || cert == NULL || bio == NULL || certPtr == NULL) {
+    char *buffer = ckalloc(BUFSIZ > EVP_MAX_MD_SIZE ? BUFSIZ : EVP_MAX_MD_SIZE);
+
+    printf("Called\n");
+
+    if (interp == NULL || cert == NULL || bio == NULL || resultObj == NULL || buffer == NULL) {
+	Tcl_DecrRefCount(resultObj);
+	BIO_free(bio);
+	if (buffer != NULL) ckfree(buffer);
 	return NULL;
     }
 
     /* Signature algorithm and value - RFC 5280 section 4.1.1.2 and 4.1.1.3 */
     /* signatureAlgorithm is the id of the cryptographic algorithm used by the
@@ -396,138 +547,138 @@
 	int sig_nid;
 
 	X509_get0_signature(&sig, &sig_alg, cert);
 	/* sig_nid = X509_get_signature_nid(cert) */
 	sig_nid = OBJ_obj2nid(sig_alg->algorithm);
-	LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
-	len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, (unsigned char *) buffer, BUFSIZ) : 0;
-	LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len);
+	LAPPEND_STR(interp, resultObj, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1);
+	if (sig_nid != NID_undef) {
+	    LAPPEND_OBJ(interp, resultObj, "signatureValue", String_to_Hex(sig->data, sig->length));
+	} else {
+	    LAPPEND_STR(interp, resultObj, "signatureValue", "", 0);
+	}
     }
 
     /* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */
-    LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1);
+    LAPPEND_LONG(interp, resultObj, "version", X509_get_version(cert)+1);
 
     /* Unique number assigned by CA to certificate - RFC 5280 section 4.1.2.2 */
     len = BIO_to_Buffer(i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)), bio, buffer, BUFSIZ);
-    LAPPEND_STR(interp, certPtr, "serialNumber", buffer, (Tcl_Size) len);
+    LAPPEND_STR(interp, resultObj, "serialNumber", buffer, len);
 
     /* Signature algorithm used by the CA to sign the certificate. Must match
 	signatureAlgorithm. RFC 5280 section 4.1.2.3 */
-    LAPPEND_STR(interp, certPtr, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1);
+    LAPPEND_STR(interp, resultObj, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1);
 
     /* Issuer identifies the entity that signed and issued the cert. RFC 5280 section 4.1.2.4 */
     len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags), bio, buffer, BUFSIZ);
-    LAPPEND_STR(interp, certPtr, "issuer", buffer, (Tcl_Size) len);
+    LAPPEND_STR(interp, resultObj, "issuer", buffer, len);
 
     /* Certificate validity period is the interval the CA warrants that it will
 	maintain info on the status of the certificate. RFC 5280 section 4.1.2.5 */
     /* Get Validity - Not Before */
     len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notBefore(cert)), bio, buffer, BUFSIZ);
-    LAPPEND_STR(interp, certPtr, "notBefore", buffer, (Tcl_Size) len);
+    LAPPEND_STR(interp, resultObj, "notBefore", buffer, len);
 
     /* Get Validity - Not After */
     len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notAfter(cert)), bio, buffer, BUFSIZ);
-    LAPPEND_STR(interp, certPtr, "notAfter", buffer, (Tcl_Size) len);
+    LAPPEND_STR(interp, resultObj, "notAfter", buffer, len);
 
     /* Subject identifies the entity associated with the public key stored in
 	the subject public key field. RFC 5280 section 4.1.2.6 */
     len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ);
-    LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len);
+    LAPPEND_STR(interp, resultObj, "subject", buffer, len);
 
     /* SHA1 Digest (Fingerprint) of cert - DER representation */
-    if (X509_digest(cert, EVP_sha1(), md, &ulen)) {
-    len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
-	LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen);
+    if (X509_digest(cert, EVP_sha1(), (unsigned char *)buffer, &ulen)) {
+	LAPPEND_OBJ(interp, resultObj, "sha1_hash", String_to_Hex((unsigned char *)buffer, (int) ulen));
     }
 
     /* SHA256 Digest (Fingerprint) of cert - DER representation */
-    if (X509_digest(cert, EVP_sha256(), md, &ulen)) {
-    len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ);
-	LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen);
+    if (X509_digest(cert, EVP_sha256(), (unsigned char *)buffer, &ulen)) {
+	LAPPEND_OBJ(interp, resultObj, "sha256_hash", String_to_Hex((unsigned char *)buffer, (int) ulen));
     }
 
     /* Subject Public Key Info specifies the public key and identifies the
 	algorithm with which the key is used. RFC 5280 section 4.1.2.7 */
     if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) {
 	ASN1_BIT_STRING *key;
 	unsigned int n;
 
-	LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1);
-	LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
-	LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */
+	LAPPEND_STR(interp, resultObj, "signingDigest", OBJ_nid2ln(mdnid), -1);
+	LAPPEND_STR(interp, resultObj, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1);
+	LAPPEND_INT(interp, resultObj, "bits", bits); /* Effective security bits */
 
 	key = X509_get0_pubkey_bitstr(cert);
-	len = String_to_Hex(key->data, key->length, (unsigned char *) buffer, BUFSIZ);
-	LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len);
-
-	len = 0;
-	if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) {
-	    len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
-	}
-	LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len);
+	LAPPEND_OBJ(interp, resultObj, "publicKey", String_to_Hex(key->data, key->length));
+
+	if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), (unsigned char *)buffer, &n)) {
+	    LAPPEND_OBJ(interp, resultObj, "publicKeyHash", String_to_Hex((unsigned char *)buffer, (int) n));
+	} else {
+	    LAPPEND_STR(interp, resultObj, "publicKeyHash", "", 0);
+	}
 
 	/* digest of the DER representation of the certificate */
-	len = 0;
-	if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) {
-	    len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ);
+	if (X509_digest(cert, EVP_get_digestbynid(mdnid), (unsigned char *)buffer, &n)) {
+	    LAPPEND_OBJ(interp, resultObj, "signatureHash", String_to_Hex((unsigned char *)buffer, (int) n));
+	} else {
+	    LAPPEND_STR(interp, resultObj, "signatureHash", "", 0);
 	}
-	LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len);
     }
 
     /* Certificate Purpose. Call before checking for extensions. */
-    LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1);
-    LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert));
+    LAPPEND_STR(interp, resultObj, "purpose", Tls_x509Purpose(cert), -1);
+    LAPPEND_OBJ(interp, resultObj, "certificatePurpose", Tls_x509Purposes(interp, cert));
 
     /* Get extensions flags */
     xflags = X509_get_extension_flags(cert);
-    LAPPEND_INT(interp, certPtr, "extFlags", xflags);
+    LAPPEND_INT(interp, resultObj, "extFlags", xflags);
 
 	/* Check if cert was issued by CA cert issuer or self signed */
-    LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI);
-    LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS);
-    LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY);
-    LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID);
-    LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert));
+    LAPPEND_BOOL(interp, resultObj, "selfIssued", xflags & EXFLAG_SI);
+    LAPPEND_BOOL(interp, resultObj, "selfSigned", xflags & EXFLAG_SS);
+    LAPPEND_BOOL(interp, resultObj, "isProxyCert", xflags & EXFLAG_PROXY);
+    LAPPEND_BOOL(interp, resultObj, "extInvalid", xflags & EXFLAG_INVALID);
+    LAPPEND_BOOL(interp, resultObj, "isCACert", X509_check_ca(cert));
 
     /* The Unique Ids are used to handle the possibility of reuse of subject
 	and/or issuer names over time. RFC 5280 section 4.1.2.8 */
     {
 	const ASN1_BIT_STRING *iuid, *suid;
         X509_get0_uids(cert, &iuid, &suid);
 
-	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
+	Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("issuerUniqueId", -1));
 	if (iuid != NULL) {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length));
 	} else {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("", -1));
 	}
 
-	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
+	Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("subjectUniqueId", -1));
 	if (suid != NULL) {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length));
 	} else {
-	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
+	    Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("", -1));
 	}
     }
 
     /* X509 v3 Extensions - RFC 5280 section 4.1.2.9 */
-    LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert));
-    LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert));
+    LAPPEND_INT(interp, resultObj, "extCount", X509_get_ext_count(cert));
+    LAPPEND_OBJ(interp, resultObj, "extensions", Tls_x509Extensions(interp, cert));
 
     /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of
 	its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */
-    LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier",
+    LAPPEND_OBJ(interp, resultObj, "authorityKeyIdentifier",
 	Tls_x509Identifier(X509_get0_authority_key_id(cert)));
 
     /* Subject Key Identifier (SKI) is used to identify certificates that contain
 	a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */
-    LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier",
+    LAPPEND_OBJ(interp, resultObj, "subjectKeyIdentifier",
 	Tls_x509Identifier(X509_get0_subject_key_id(cert)));
 
     /* Key usage extension defines the purpose (e.g., encipherment, signature, certificate
 	signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */
-    LAPPEND_OBJ(interp, certPtr, "keyUsage", Tls_x509KeyUsage(interp, cert, xflags));
+    LAPPEND_OBJ(interp, resultObj, "keyUsage", Tls_x509KeyUsage(interp, cert, xflags));
 
     /* Certificate Policies - indicates the issuing CA considers its issuerDomainPolicy
 	equivalent to the subject CA's subjectDomainPolicy. RFC 5280 section 4.2.1.4, NID_certificate_policies */
     if (xflags & EXFLAG_INVALID_POLICY) {
 	/* Reject cert */
@@ -535,27 +686,27 @@
 
     /* Policy Mappings - RFC 5280 section 4.2.1.5, NID_policy_mappings */
 
     /* Subject Alternative Name (SAN) contains additional URLs, DNS names, or IP
 	addresses bound to certificate. RFC 5280 section 4.2.1.6, NID_subject_alt_name */
-    LAPPEND_OBJ(interp, certPtr, "subjectAltName", Tls_x509Names(interp, cert, NID_subject_alt_name, bio));
+    LAPPEND_OBJ(interp, resultObj, "subjectAltName", Tls_x509Names(interp, cert, NID_subject_alt_name, bio));
 
     /* Issuer Alternative Name is used to associate Internet style identities
 	with the certificate issuer. RFC 5280 section 4.2.1.7, NID_issuer_alt_name */
-    LAPPEND_OBJ(interp, certPtr, "issuerAltName", Tls_x509Names(interp, cert, NID_issuer_alt_name, bio));
+    LAPPEND_OBJ(interp, resultObj, "issuerAltName", Tls_x509Names(interp, cert, NID_issuer_alt_name, bio));
 
     /* Subject Directory Attributes provides identification attributes (e.g., nationality)
 	of the subject. RFC 5280 section 4.2.1.8 (subjectDirectoryAttributes) */
 
     /* Basic Constraints identifies whether the subject of the cert is a CA and
 	the max depth of valid cert paths for this cert. RFC 5280 section 4.2.1.9, NID_basic_constraints */
     if (!(xflags & EXFLAG_PROXY)) {
-	LAPPEND_LONG(interp, certPtr, "pathLen", X509_get_pathlen(cert));
+	LAPPEND_LONG(interp, resultObj, "pathLen", X509_get_pathlen(cert));
     } else {
-	LAPPEND_LONG(interp, certPtr, "pathLen", X509_get_proxy_pathlen(cert));
+	LAPPEND_LONG(interp, resultObj, "pathLen", X509_get_proxy_pathlen(cert));
     }
-    LAPPEND_BOOL(interp, certPtr, "basicConstraintsCA", xflags & EXFLAG_CA);
+    LAPPEND_BOOL(interp, resultObj, "basicConstraintsCA", xflags & EXFLAG_CA);
 
     /* Name Constraints is only used in CA certs to indicate the name space for
 	all subject names in subsequent certificates in a certification path
 	MUST be located. RFC 5280 section 4.2.1.10, NID_name_constraints */
 
@@ -562,52 +713,66 @@
     /* Policy Constraints is only used in CA certs to limit the length of a
 	cert chain for that CA. RFC 5280 section 4.2.1.11, NID_policy_constraints */
 
     /* Extended Key Usage indicates the purposes the certified public key may be
 	used, beyond the basic purposes. RFC 5280 section 4.2.1.12, NID_ext_key_usage */
-    LAPPEND_OBJ(interp, certPtr, "extendedKeyUsage", Tls_x509ExtKeyUsage(interp, cert, xflags));
+    LAPPEND_OBJ(interp, resultObj, "extendedKeyUsage", Tls_x509ExtKeyUsage(interp, cert, xflags));
 
     /* CRL Distribution Points identifies where CRL information can be obtained.
 	RFC 5280 section 4.2.1.13*/
-    LAPPEND_OBJ(interp, certPtr, "crlDistributionPoints", Tls_x509CrlDp(interp, cert));
+    LAPPEND_OBJ(interp, resultObj, "crlDistributionPoints", Tls_x509CrlDp(interp, cert));
 
     /* Freshest CRL extension */
     if (xflags & EXFLAG_FRESHEST) {
     }
 
     /* Authority Information Access indicates how to access info and services
 	for the certificate issuer. RFC 5280 section 4.2.2.1, NID_info_access */
 
-    /* Get On-line Certificate Status Protocol (OSCP) Responders URL */
-    LAPPEND_OBJ(interp, certPtr, "ocspResponders", Tls_x509Oscp(interp, cert));
+    /* On-line Certificate Status Protocol (OSCP) Responders URL */
+    LAPPEND_OBJ(interp, resultObj, "ocspResponders", Tls_x509Oscp(interp, cert));
 
-    /* Get Certificate Authority (CA) Issuers URL */
-    LAPPEND_OBJ(interp, certPtr, "caIssuers", Tls_x509CaIssuers(interp, cert));
+    /* Certificate Authority (CA) Issuers URL */
+    LAPPEND_OBJ(interp, resultObj, "caIssuers", Tls_x509CaIssuers(interp, cert));
 
     /* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */
 
     /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
 	friendlyName attribute (RFC 2985). */
     {
-	len = 0;
-        unsigned char *string = X509_alias_get0(cert, &len);
-	LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len);
-        string = X509_keyid_get0(cert, &len);
-	LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len);
+	int ilen = 0;
+        unsigned char *string = X509_alias_get0(cert, &ilen);
+	LAPPEND_STR(interp, resultObj, "alias", (char *) string, (Tcl_Size) ilen);
+        string = X509_keyid_get0(cert, &ilen);
+	LAPPEND_STR(interp, resultObj, "keyId", (char *) string, (Tcl_Size) ilen);
     }
 
     /* Certificate and dump all data */
-    {
-	char certStr[CERT_STR_SIZE];
+    if (all) {
+	Tcl_Obj *allObj = Tcl_NewByteArrayObj(NULL, 0);
+	Tcl_Obj *certObj = Tcl_NewByteArrayObj(NULL, 0);
+	unsigned char *allStr, *certStr;
+
+	if (allObj == NULL || certObj == NULL) {
+	    Tcl_DecrRefCount(allObj);
+	    BIO_free(bio);
+	    ckfree(buffer);
+	    return resultObj;
+	}
 
 	/* Get certificate */
+	certStr = Tcl_SetByteArrayLength(certObj, CERT_STR_SIZE);
 	len = BIO_to_Buffer(PEM_write_bio_X509(bio, cert), bio, certStr, CERT_STR_SIZE);
-	LAPPEND_STR(interp, certPtr, "certificate", certStr, (Tcl_Size) len);
+	Tcl_SetByteArrayLength(certObj, len);
+	LAPPEND_OBJ(interp, resultObj, "certificate", certObj)
 
-	/* Get all cert info */
-	len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, certStr, CERT_STR_SIZE);
-	LAPPEND_STR(interp, certPtr, "all", certStr, (Tcl_Size) len);
+	/* Get all info on certificate */
+	allStr = Tcl_SetByteArrayLength(allObj, CERT_STR_SIZE * 2);
+	len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, allStr, CERT_STR_SIZE * 2);
+	Tcl_SetByteArrayLength(allObj, len);
+	LAPPEND_OBJ(interp, resultObj, "all", allObj)
     }
 
     BIO_free(bio);
-    return certPtr;
+    ckfree(buffer);
+    return resultObj;
 }

Index: library/tls.tcl
==================================================================
--- library/tls.tcl
+++ library/tls.tcl
@@ -33,10 +33,11 @@
         {0 -myport sopts 1}
         {* -type sopts 1}
         {* -alpn iopts 1}
         {* -cadir iopts 1}
         {* -cafile iopts 1}
+        {* -castore iopts 1}
         {* -cert iopts 1}
         {* -certfile iopts 1}
         {* -cipher iopts 1}
         {* -ciphersuites iopts 1}
         {* -command iopts 1}

Index: license.terms
==================================================================
--- license.terms
+++ license.terms
@@ -25,14 +25,14 @@
 NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR
 MODIFICATIONS.
 
 GOVERNMENT USE: If you are acquiring this software on behalf of the
 U.S. government, the Government shall have only "Restricted Rights"
-in the software and related documentation as defined in the Federal 
+in the software and related documentation as defined in the Federal
 Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2).  If you
 are acquiring the software on behalf of the Department of Defense, the
 software shall be classified as "Commercial Computer Software" and the
 Government shall have only "Restricted Rights" as defined in Clause
 252.227-7013 (c) (1) of DFARs.  Notwithstanding the foregoing, the
 authors grant the U.S. Government and others acting in its behalf
 permission to use and distribute the software in accordance with the
-terms specified in this license. 
+terms specified in this license.

ADDED   manifest.uuid
Index: manifest.uuid
==================================================================
--- /dev/null
+++ manifest.uuid
@@ -0,0 +1,1 @@
+git-

Index: pkgIndex.tcl.in
==================================================================
--- pkgIndex.tcl.in
+++ pkgIndex.tcl.in
@@ -1,25 +1,32 @@
 # -*- tcl -*-
 # Tcl package index file, version 1.1
 #
 if {[package vsatisfies [package provide Tcl] 9.0-]} {
-    package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ \
-	    [list load [file join $dir @PKG_LIB_FILE9@] [string totitle @PACKAGE_NAME@]]
-    set initScript [file join $dir @PACKAGE_NAME@.tcl]
-    if {[file exists $initScript]} {
-	source -encoding utf-8 $initScript
-    }
+    package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} {
+	# Load library
+	load [file join $dir @PKG_LIB_FILE9@] [string totitle @PACKAGE_NAME@]
+
+	# Source init file
+	set initScript [file join $dir @PACKAGE_NAME@.tcl]
+	if {[file exists $initScript]} {
+	    source -encoding utf-8 $initScript
+	}
+    }} $dir]
 } else {
     if {![package vsatisfies [package provide Tcl] 8.5]} {return}
     package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} {
+	# Load library
 	if {[string tolower [file extension @PKG_LIB_FILE8@]] in [list .dll .dylib .so]} {
 	    # Load dynamic library
 	    load [file join $dir @PKG_LIB_FILE8@] [string totitle @PACKAGE_NAME@]
 	} else {
 	    # Static library
 	    load {} [string totitle @PACKAGE_NAME@]
 	}
+
+	# Source init file
 	set initScript [file join $dir @PACKAGE_NAME@.tcl]
 	if {[file exists $initScript]} {
 	    source -encoding utf-8 $initScript
 	}
     }} $dir]

Index: tests/ciphers.csv
==================================================================
--- tests/ciphers.csv
+++ tests/ciphers.csv
@@ -1,10 +1,10 @@
 # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
 command,package require tls,,,,,,,,,
 command,,,,,,,,,,
 command,# Make sure path includes location of OpenSSL executable,,,,,,,,,
-command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)}",,,,,,,,,
+command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin "";""] $::env(path)]}",,,,,,,,,
 command,,,,,,,,,,
 command,# Constraints,,,,,,,,,
 command,set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3],,,,,,,,,
 command,foreach protocol $protocols {::tcltest::testConstraint $protocol 0},,,,,,,,,
 command,foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1},,,,,,,,,

Index: tests/ciphers.test
==================================================================
--- tests/ciphers.test
+++ tests/ciphers.test
@@ -9,20 +9,35 @@
 set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]
 
 package require tls
 
 # Make sure path includes location of OpenSSL executable
-if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)}
+if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin ";"] $::env(path)]}
 
 # Constraints
 set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3]
 foreach protocol $protocols {::tcltest::testConstraint $protocol 0}
 foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1}
 ::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]]
 
 # Helper functions
-proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]}
+proc lcompare {list1 list2} {
+    set m ""
+    set u ""
+    foreach i $list1 {
+        if {$i ni $list2} {
+            lappend m $i
+        }
+    }
+    foreach i $list2 {
+        if {$i ni $list1} {
+            lappend u $i
+        }
+    }
+    return [list "missing" $m "unexpected" $u]
+}
+
 proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]}
 
 # Test protocols
 
 
@@ -31,85 +46,85 @@
     } -result {missing {ssl2 ssl3} unexpected {}}
 
 # Test ciphers
 
 
-test CiphersAll-2.1 {SSL2} -constraints {ssl2} -body {
+test Ciphers_By_Protocol-2.1 {SSL2} -constraints {ssl2} -body {
 	lcompare [exec_get ":" ciphers -ssl2] [::tls::ciphers ssl2]
     } -result {missing {} unexpected {}}
 
-test CiphersAll-2.2 {SSL3} -constraints {ssl3} -body {
+test Ciphers_By_Protocol-2.2 {SSL3} -constraints {ssl3} -body {
 	lcompare [exec_get ":" ciphers -ssl3] [::tls::ciphers ssl3]
     } -result {missing {} unexpected {}}
 
-test CiphersAll-2.3 {TLS1} -constraints {tls1} -body {
+test Ciphers_By_Protocol-2.3 {TLS1.0} -constraints {tls1} -body {
 	lcompare [exec_get ":" ciphers -tls1] [::tls::ciphers tls1]
     } -result {missing {} unexpected {}}
 
-test CiphersAll-2.4 {TLS1.1} -constraints {tls1.1} -body {
+test Ciphers_By_Protocol-2.4 {TLS1.1} -constraints {tls1.1} -body {
 	lcompare [exec_get ":" ciphers -tls1_1] [::tls::ciphers tls1.1]
     } -result {missing {} unexpected {}}
 
-test CiphersAll-2.5 {TLS1.2} -constraints {tls1.2} -body {
+test Ciphers_By_Protocol-2.5 {TLS1.2} -constraints {tls1.2} -body {
 	lcompare [exec_get ":" ciphers -tls1_2] [::tls::ciphers tls1.2]
     } -result {missing {} unexpected {}}
 
-test CiphersAll-2.6 {TLS1.3} -constraints {tls1.3} -body {
+test Ciphers_By_Protocol-2.6 {TLS1.3} -constraints {tls1.3} -body {
 	lcompare [exec_get ":" ciphers -tls1_3] [::tls::ciphers tls1.3]
     } -result {missing {} unexpected {}}
 
 # Test cipher descriptions
 
 
-test CiphersDesc-3.1 {SSL2} -constraints {ssl2} -body {
+test Ciphers_With_Descriptions-3.1 {SSL2} -constraints {ssl2} -body {
 	lcompare [exec_get "\r\n" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n]
     } -result {missing {} unexpected {}}
 
-test CiphersDesc-3.2 {SSL3} -constraints {ssl3} -body {
+test Ciphers_With_Descriptions-3.2 {SSL3} -constraints {ssl3} -body {
 	lcompare [exec_get "\r\n" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n]
     } -result {missing {} unexpected {}}
 
-test CiphersDesc-3.3 {TLS1} -constraints {tls1} -body {
+test Ciphers_With_Descriptions-3.3 {TLS1.0} -constraints {tls1} -body {
 	lcompare [exec_get "\r\n" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n]
     } -result {missing {} unexpected {}}
 
-test CiphersDesc-3.4 {TLS1.1} -constraints {tls1.1} -body {
+test Ciphers_With_Descriptions-3.4 {TLS1.1} -constraints {tls1.1} -body {
 	lcompare [exec_get "\r\n" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n]
     } -result {missing {} unexpected {}}
 
-test CiphersDesc-3.5 {TLS1.2} -constraints {tls1.2} -body {
+test Ciphers_With_Descriptions-3.5 {TLS1.2} -constraints {tls1.2} -body {
 	lcompare [exec_get "\r\n" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n]
     } -result {missing {} unexpected {}}
 
-test CiphersDesc-3.6 {TLS1.3} -constraints {tls1.3} -body {
+test Ciphers_With_Descriptions-3.6 {TLS1.3} -constraints {tls1.3} -body {
 	lcompare [exec_get "\r\n" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n]
     } -result {missing {} unexpected {}}
 
 # Test protocol specific ciphers
 
 
-test CiphersSpecific-4.1 {SSL2} -constraints {ssl2} -body {
+test Ciphers_Protocol_Specific-4.1 {SSL2} -constraints {ssl2} -body {
 	lcompare [exec_get ":" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1]
     } -result {missing {} unexpected {}}
 
-test CiphersSpecific-4.2 {SSL3} -constraints {ssl3} -body {
+test Ciphers_Protocol_Specific-4.2 {SSL3} -constraints {ssl3} -body {
 	lcompare [exec_get ":" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1]
     } -result {missing {} unexpected {}}
 
-test CiphersSpecific-4.3 {TLS1} -constraints {tls1} -body {
+test Ciphers_Protocol_Specific-4.3 {TLS1.0} -constraints {tls1} -body {
 	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
     } -result {missing {} unexpected {}}
 
-test CiphersSpecific-4.4 {TLS1.1} -constraints {tls1.1} -body {
+test Ciphers_Protocol_Specific-4.4 {TLS1.1} -constraints {tls1.1} -body {
 	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
     } -result {missing {} unexpected {}}
 
-test CiphersSpecific-4.5 {TLS1.2} -constraints {tls1.2} -body {
+test Ciphers_Protocol_Specific-4.5 {TLS1.2} -constraints {tls1.2} -body {
 	lcompare [exec_get ":" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1]
     } -result {missing {} unexpected {}}
 
-test CiphersSpecific-4.6 {TLS1.3} -constraints {tls1.3} -body {
+test Ciphers_Protocol_Specific-4.6 {TLS1.3} -constraints {tls1.3} -body {
 	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
     } -result {missing {} unexpected {}}
 
 # Test version
 

Index: tests/make_test_files.tcl
==================================================================
--- tests/make_test_files.tcl
+++ tests/make_test_files.tcl
@@ -72,10 +72,11 @@
     set in [open $filename r]
     array set cases [list]
 
     # Open output test file
     set out [open [format %s.test [file rootname $filename]] w]
+    fconfigure $out -encoding utf-8 -translation {auto lf}
     array set cases [list]
 
     # Add setup commands to test file
     puts $out [format "# Auto generated test cases for %s" [file tail $filename]]
     #puts $out [format "# Auto generated test cases for %s created on %s" [file tail $filename] [clock format [clock seconds]]]

Index: tests/oldTests/server.pem
==================================================================
--- tests/oldTests/server.pem
+++ tests/oldTests/server.pem
@@ -269,11 +269,11 @@
 cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
 dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
 AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
 OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
 AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
+TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
 -----END CERTIFICATE-----
 
 -----BEGIN CERTIFICATE-----
 MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
 VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5

Index: tests/oldTests/tlsHttp.tcl
==================================================================
--- tests/oldTests/tlsHttp.tcl
+++ tests/oldTests/tlsHttp.tcl
@@ -10,11 +10,11 @@
 
 #
 # Initialize context
 #
 #tls::init -certfile client.pem -cafile server.pem -ssl2 1 -ssl3 1 -tls1 0 ;#-cipher RC4-MD5
-tls::init -cafile server.pem 
+tls::init -cafile server.pem
 #
 # Register with http module
 #
 http::register https 443 [list ::tls::socket -require 1]
 

Index: tests/oldTests/tlsSrv.tcl
==================================================================
--- tests/oldTests/tlsSrv.tcl
+++ tests/oldTests/tlsSrv.tcl
@@ -17,11 +17,11 @@
     if {[catch {read $chan 1024} data]} {
 	puts stderr "EOF ($data)"
 	catch {close $chan}
 	return
     }
-	
+
     if {$verbose && $data != ""} {
 	puts -nonewline stderr $data
     }
     if {[eof $chan]} {    ;# client gone or finished
 	puts stderr "EOF"
@@ -42,13 +42,13 @@
     puts [tls::status $chan]
 
     fconfigure $chan -buffering none -blocking 0
     fileevent $chan readable [list reflectCB $chan 1]
 }
-#tls::init -cafile server.pem -certfile server.pem 
+#tls::init -cafile server.pem -certfile server.pem
 tls::init -cafile server.pem
-#tls::init 
+#tls::init
 
 set chan [tls::socket -server acceptCB \
 		-request 1 -require 0 1234]
 #		-require 1 -command tls::callback 1234]
 

Index: tests/oldTests/tlsSrv2.tcl
==================================================================
--- tests/oldTests/tlsSrv2.tcl
+++ tests/oldTests/tlsSrv2.tcl
@@ -16,11 +16,11 @@
     if {[catch {read $chan 1024} data]} {
 	puts stderr "EOF ($data)"
 	catch {close $chan}
 	return
     }
-	
+
     if {$verbose && $data != ""} {
 	puts -nonewline stderr $data
     }
     if {[eof $chan]} {    ;# client gone or finished
 	puts stderr "EOF"

Index: tests/tlsIO.test
==================================================================
--- tests/tlsIO.test
+++ tests/tlsIO.test
@@ -3,59 +3,59 @@
 # This file contains a collection of tests for one or more of the Tcl
 # built-in commands.  Sourcing this file into Tcl runs the tests and
 # generates output for errors.  No output means no errors were found.
 #
 # Copyright (c) 1994-1996 Sun Microsystems, Inc.
-# Copyright (c) 1998-2000 Ajuba Solutions. 
+# Copyright (c) 1998-2000 Ajuba Solutions.
 #
 # See the file "license.terms" for information on usage and redistribution
 # of this file, and for a DISCLAIMER OF ALL WARRANTIES.
 #
 # RCS: @(#) $Id: tlsIO.test,v 1.24 2015/06/06 09:07:08 apnadkarni Exp $
 
 # Running socket tests with a remote server:
 # ------------------------------------------
-# 
+#
 # Some tests in socket.test depend on the existence of a remote server to
 # which they connect. The remote server must be an instance of tcltest and it
 # must run the script found in the file "remote.tcl" in this directory. You
 # can start the remote server on any machine reachable from the machine on
 # which you want to run the socket tests, by issuing:
-# 
+#
 #     tcltest remote.tcl -port 8048	# Or choose another port number.
-# 
+#
 # If the machine you are running the remote server on has several IP
 # interfaces, you can choose which interface the server listens on for
 # connections by specifying the -address command line flag, so:
-# 
+#
 #     tcltest remote.tcl -address your.machine.com
-# 
+#
 # These options can also be set by environment variables. On Unix, you can
 # type these commands to the shell from which the remote server is started:
-# 
+#
 #     shell% setenv serverPort 8048
 #     shell% setenv serverAddress your.machine.com
-# 
+#
 # and subsequently you can start the remote server with:
-# 
+#
 #     tcltest remote.tcl
-# 
+#
 # to have it listen on port 8048 on the interface your.machine.com.
-#     
+#
 # When the server starts, it prints out a detailed message containing its
 # configuration information, and it will block until killed with a Ctrl-C.
 # Once the remote server exists, you can run the tests in socket.test with
 # the server by setting two Tcl variables:
-# 
+#
 #     % set remoteServerIP 
 #     % set remoteServerPort 8048
-# 
+#
 # These variables are also settable from the environment. On Unix, you can:
-# 
+#
 #     shell% setenv remoteServerIP machine.where.server.runs
 #     shell% setenv remoteServerPort 8048
-# 
+#
 # The preamble of the socket.test file checks to see if the variables are set
 # either in Tcl or in the environment; if they are, it attempts to connect to
 # the server. If the connection is successful, the tests using the remote
 # server will be performed; otherwise, it will attempt to start the remote
 # server (via exec) on platforms that support this, on the local host,
@@ -566,11 +566,11 @@
              set l [gets $s]
              if {[eof $s]} {
                  global x
                  close $s
                  set x done
-             } else { 
+             } else {
 	         incr i
                  puts $s $l
              }
 	}
 	set i 0
@@ -1229,11 +1229,11 @@
     proc timerproc {} {
 	global done count c
 	set done true
 	set count {timer went off, eof is not sticky}
 	close $c
-    }	
+    }
     set count 0
     set done false
     proc write_then_close {s} {
 	puts $s bye
 	close $s
@@ -1464,11 +1464,11 @@
     close $s1
     close $s2
     close $s3
     sendCommand {close $socket10_9_test_server}
     set i
-} 100    
+} 100
 
 test tlsIO-11.8 {client with several servers} {socket doTestsWithRemoteServer} {
     sendCertValues
     sendCommand {
 	tls::init -certfile $serverCert -cafile $caCert -keyfile $serverKey
@@ -1941,11 +1941,11 @@
              set l [gets $s]
              if {[eof $s]} {
                  global x
                  close $s
                  set x done
-             } else { 
+             } else {
 	         incr i
                  puts $s $l
              }
 	}
 	set i 0
@@ -1953,15 +1953,15 @@
 	close $f
 
 	# thread cleans itself up.
 	testthread exit
     } script
-    
+
     # create a thread
     set serverthread [testthread create { source script } ]
     update
-    
+
     after 1000
     set s [tls::socket 127.0.0.1 8828]
     fconfigure $s -buffering line
 
     catch {
@@ -1971,11 +1971,11 @@
     close $s
     update
 
     after 2000
     lappend result [threadReap]
-    
+
     set result
 
 } {hello 1}
 
 test tlsIO-14.1 {test tls::unimport} {socket} {
@@ -1988,11 +1988,11 @@
     list [catch {tls::unimport bogus} msg] $msg
 } {1 {can not find channel named "bogus"}}
 test tlsIO-14.4 {test tls::unimport} {socket} {
     # stdin can take different names as the "top" channel
     list [catch {tls::unimport stdin} msg] \
-	[string match {bad channel "*": not a TLS channel} $msg]
+	[string match {bad channel "*": not a stacked channel} $msg]
 } {1 1}
 test tlsIO-14.5 {test tls::unimport} {socket} {
     set len 0
     set spurious 0
     set done 0
@@ -2029,16 +2029,16 @@
     # Following code is based on what was reported in bug #58. Prior
     # to fix the program would crash with a segfault.
     proc Accept {sock args} {
         fconfigure $sock -blocking 0;
         fileevent $sock readable [list Handshake $sock]
-    } 
+    }
     proc Handshake {sock} {
         set ::done HAND
         catch {tls::handshake $sock} msg
         set ::done $msg
-    } 
+    }
     # NOTE: when doing an in-process client/server test, both sides need
     # to be non-blocking for the TLS handshake
 
     # Server - Only accept TLS 1.2
     set s [tls::socket \

Index: win/README.txt
==================================================================
--- win/README.txt
+++ win/README.txt
@@ -67,18 +67,11 @@
   set INSTALLDIR=%TCLINSTALL%\lib
   set SSLINSTALL=\path\to\openssl\dir
 
 2a) Unzip distribution to %BUILDDIR%
 
-2b) Start BASH shell (MinGW62 Git shell)
-
-  cd %BUILDDIR%
-  od -A n -v -t xC < 'library/tls.tcl' > tls.tcl.h.new.1
-  sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > generic/tls.tcl.h
-  rm -f tls.tcl.h.new.1
-
-2c) Start Visual Studio shell
+2b) Start Visual Studio shell
 
   At Visual Studio x64 native prompt:
 
   cd %BUILDDIR%\win
 

Index: win/makefile.vc
==================================================================
--- win/makefile.vc
+++ win/makefile.vc
@@ -1,22 +1,26 @@
 #------------------------------------------------------------- -*- makefile -*-
 #
-# Makefile for TclTLS extensions.
+# Makefile for TCL TLS extension
 #
 # Basic build, test and install
-#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl
-#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl test
-#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl install
+#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources
+#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources test
+#   nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources install
 #
 # For other build options (debug, static etc.),
 # See TIP 477 (https://core.tcl-lang.org/tips/doc/main/tip/477.md) for
 # detailed documentation.
 #
 # See the file "license.terms" for information on usage and redistribution
 # of this file, and for a DISCLAIMER OF ALL WARRANTIES.
 #
 #------------------------------------------------------------------------------
+
+#-------------------------------------------------------------------------
+# Project specific information
+#-------------------------------------------------------------------------
 
 # The name of the package
 PROJECT=tls
 
 !include "rules-ext.vc"
@@ -30,14 +34,14 @@
 	$(TMP_DIR)\tlsIO.obj \
 	$(TMP_DIR)\tlsX509.obj
 
 # Define any additional project include flags
 # SSL_INSTALL_FOLDER = with the OpenSSL installation folder following.
-PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include"
+PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" -I"$(TMP_DIR)"
 
 # Define any additional compiler flags that might be required for the project
-PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS
+PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /D__STDC_WANT_SECURE_LIB__=1
 
 #
 # SSL Libs:
 #    1. ${LIBCRYPTO}.dll
 #    2. ${LIBSSL}.dll
@@ -47,50 +51,70 @@
 # On *nix libcrypto.so.* and libssl.so.* (where suffix is a version indicator).
 #
 PRJ_LIBS = \
 	"$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \
 	"$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \
-	WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB
+	User32.Lib WS2_32.Lib Gdi32.Lib AdvAPI32.Lib Crypt32.Lib
 
-# Define the standard targets
+# Define the standard targets which calls rules.vc
 !include "targets.vc"
 
+#---------------------------------------------------------------------
 # Project specific targets
+#---------------------------------------------------------------------
 
-all: default-target
+all: setup default-target
 
 clean: default-clean
-	@if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h
 
 realclean: default-hose
-	@if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h
+
+# Explicit dependency rules
+$(PRJ_OBJS): $(TMP_DIR)\tls.tcl.h $(TMP_DIR)\tlsUuid.h
 
 # We must define a pkgindex target that will create a pkgIndex.tcl
 # file in the $(OUT_DIR) directory. We can just redirect to the
 # default-pkgindex target for our sample extension.
 pkgindex: default-pkgindex-tea
 
+$(TMP_DIR)\tls.tcl.h: $(LIBDIR)\tls.tcl
+	"$(TCLSH)" << $(LIBDIR)\tls.tcl >$(TMP_DIR)\tls.tcl.h
+	set in [open [lindex $$argv 0] r]
+	while {[gets $$in line] != -1} {
+	    switch -regexp -- $$line "^$$" - {^\s*#} continue
+	    regsub -all {\\} $$line {\\\\} line
+	    regsub -all {"} $$line {\"} line
+	    puts "\"$$line\\n\""
+	}
+<<
+
+# Manifest which defines fossil/git commit id for build-info command
 $(ROOT)\manifest.uuid:
-   copy $(WIN_DIR)\gitmanifest.in $(ROOT)\manifest.uuid
-   git rev-parse HEAD >>$(ROOT)\manifest.uuid
+    if not exist $(ROOT)\manifest.uuid (
+	copy $(WIN_DIR)\gitmanifest.in $(ROOT)\manifest.uuid
+	where git
+	if ERRORLEVEL 0 (
+	    git rev-parse HEAD >>$(ROOT)\manifest.uuid
+	) else (
+	    echo unknown >>$(ROOT)\manifest.uuid
+	)
+    )
 
-$(WIN_DIR)\tlsUuid.h:	$(ROOT)\manifest.uuid
-	copy $(WIN_DIR)\tlsUuid.h.in+$(ROOT)\manifest.uuid $(WIN_DIR)\tlsUuid.h
+$(TMP_DIR)\tlsUuid.h:	$(ROOT)\manifest.uuid
+	copy $(WIN_DIR)\tlsUuid.h.in+$(ROOT)\manifest.uuid $(TMP_DIR)\tlsUuid.h
+	echo: >>$(TMP_DIR)\tlsUuid.h
 
 
 # The default install target only installs binaries and scripts so add
 # an additional target for our documentation. Note this *adds* a target
 # since no commands are listed after it. The original targets for
 # install (from targets.vc) will remain.
-install: default-pkgindex-tea default-install default-install-docs-html
+install: pkgindex default-install default-install-docs-html
     if exist "$(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll" (
         xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll" "$(PRJ_INSTALL_DIR)"
     )
     if exist "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" (
         xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" "$(PRJ_INSTALL_DIR)"
     )
 
-# Explicit dependency rules
-$(GENERICDIR)\tls.c: $(WIN_DIR)\tlsUuid.h
-
 # Test package
 test: default-test