ADDED .fossil-settings/crlf-glob Index: .fossil-settings/crlf-glob ================================================================== --- /dev/null +++ .fossil-settings/crlf-glob @@ -0,0 +1,1 @@ +win/*.vc Index: .fossil-settings/ignore-glob ================================================================== --- .fossil-settings/ignore-glob +++ .fossil-settings/ignore-glob @@ -15,14 +15,15 @@ config.log config.status configure manifest.uuid pkgIndex.tcl -tls.tcl.h -tls.tcl.h.new.1 -tls.tcl.h.new.2 -tlsUuid.h -win/versions.vc +*Uuid.h +win/Debug* win/Release* -win/Debug* +win/version*.vc +win/nmakehlp.exe +win/nmakehlp.obj +win/nmakehlp.out +win/_junk.pch win/nmhlp-out.txt *~ Index: ChangeLog ================================================================== --- ChangeLog +++ ChangeLog @@ -1,5 +1,12 @@ +TclTLS 1.7.22 +========== + +Release Date: Mon Oct 12 15:40:16 CDT 2020 + +https://tcltls.rkeene.org/ + 2015-05-01 Andreas Kupries * configure.in: Bump to version 1.6.5. * win/makefile.vc: * configure: regen with ac-2.59 @@ -23,21 +30,21 @@ * win/makefile.vc: * configure: regen with ac-2.59 * tls.c (MiscObjCmd): Fixed non-static string array used in call of Tcl_GetIndexFromObj(). Memory smash waiting to happen. Thanks - to Brian Griffin for alerting us all to the problem. + to Brian Griffin for alerting us all to the problem. 2012-06-01 Andreas Kupries * tls.c: Applied Jeff's patch from http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html * configure.in: Bump to version 1.6.2. * win/makefile.vc: * configure: regen with ac-2.59 - + 2010-08-11 Jeff Hobbs *** TLS 1.6.1 TAGGED *** * configure: regen with ac-2.59 @@ -101,11 +108,11 @@ * win/makefile.vc: with MSVC8 * win/rules.vc: 2007-06-22 Jeff Hobbs - * tlsIO.c (TlsInputProc, TlsOutputProc, TlsWatchProc): + * tlsIO.c (TlsInputProc, TlsOutputProc, TlsWatchProc): * tls.c (VerifyCallback): add an state flag in the verify callback that prevents possibly recursion (on 'update'). [Bug 1652380] * tests/ciphers.test: reworked to make test output cleaner to understand missing ciphers (if any) @@ -113,11 +120,11 @@ * Makefile.in, tclconfig/tcl.m4: update to TEA 3.6 * configure, configure.in: using autoconf-2.59 2007-02-28 Pat Thoyts - * win/makefile.vc: Rebase the DLL sensibly. Additional libs for + * win/makefile.vc: Rebase the DLL sensibly. Additional libs for static link of openssl. * tls.tcl: bug #1579837 - TIP 278 bug (possibly) - fixed. 2006-03-30 Pat Thoyts @@ -135,19 +142,19 @@ build directory. 2004-12-22 Pat Thoyts * configure.in: Incremented minor version to 1.5.1 - * configure: + * configure: 2004-12-17 Pat Thoyts * win/makefile.vc: Added the MSVC build system (from the Tcl * win/rules.vc: sampleextension). * win/nmakehlp.c: * win/tls.rc Added Windows resource file. - + * tls.tcl: From patch #948155, added support for alternate socket commands. * tls.c: Quieten some MSVC warnings. Prefer ckalloc over Tcl_Alloc. (David Graveraux). @@ -180,11 +187,11 @@ * tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4: 2004-03-17 Dan Razzell * tlsX509.c: Add support for long serial numbers per RFC 3280. - Format is now hexadecimal. + Format is now hexadecimal. [Request #915313] Correctly convert certificate Distinguished Names to Tcl string representation. Eliminates use of deprecated OpenSSL function. Format is now compliant with RFC 2253. [Request #915315] @@ -231,11 +238,11 @@ * tls.c (Tls_Init): added tls::misc command provided by * tlsX509.c: Wojciech Kocjan (wojciech kocjan.org) * tests/keytest1.tcl: to expose more low-level SSL commands * tests/keytest2.tcl: -2003-05-15 Dan Razzell +2003-05-15 Dan Razzell * tls.tcl: * tlsInt.h: * tls.c: add support for binding a password callback to the socket. Now each socket can have its own command and password callbacks instead @@ -370,11 +377,11 @@ loaded into. TLS will fail the test suite with Tcl 8.2-8.3.1. * tests/all.tcl: added catch around ::tcltest::normalizePath because it doesn't exist in pre-8.3 tcltest. - * tests/simpleClient.tcl: + * tests/simpleClient.tcl: * tests/simpleServer.tcl: added simple client/server test scripts that use test certs and can do simple stress tests. 2000-08-14 Jeff Hobbs @@ -473,11 +480,11 @@ 2000-06-05 Scott Stanton * Makefile.in: Fixed broken test target. - * tlsInt.h: + * tlsInt.h: * tls.c: Cleaned up declarations of Tls_Clean to avoid errors on Windows (lint). 2000-06-05 Brent Welch Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -158,11 +158,11 @@ # compiled with. #DEFS = $(TCL_DEFS) @DEFS@ $(PKG_CFLAGS) DEFS = @DEFS@ $(PKG_CFLAGS) # Move pkgIndex.tcl to 'BINARIES' var if it is generated in the Makefile -CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl generic/tls.tcl.h tlsUuid.h +CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl tlsUuid.h CLEANFILES = @CLEANFILES@ CPPFLAGS = @CPPFLAGS@ LIBS = @PKG_LIBS@ @LIBS@ AR = @AR@ @@ -214,11 +214,11 @@ @echo "If you have documentation to create, place the commands to" @echo "build the docs in the 'doc:' target. For example:" @echo " xml2nroff sample.xml > sample.n" @echo " xml2html sample.xml > sample.html" -install: all install-binaries install-libraries install-doc +install: all install-binaries install-libraries install-doc-n install-doc-html install-binaries: binaries install-lib-binaries install-bin-binaries #======================================================================== # This rule installs platform-independent files, such as header files. @@ -229,24 +229,48 @@ @$(INSTALL_DATA_DIR) "$(DESTDIR)$(includedir)" @echo "Installing header files in $(DESTDIR)$(includedir)" @list='$(PKG_HEADERS)'; for i in $$list; do \ echo "Installing $(srcdir)/$$i" ; \ $(INSTALL_DATA) $(srcdir)/$$i "$(DESTDIR)$(includedir)" ; \ - done; + done #======================================================================== # Install documentation. Unix manpages should go in the $(mandir) # directory. #======================================================================== -install-doc: doc +install-doc-html: doc + @$(INSTALL_DATA_DIR) "$(DESTDIR)$(pkglibdir)/html" + @echo "Installing HTML documentation in $(DESTDIR)$(pkglibdir)/html" + @list='doc/*.html'; for i in $$list; do \ + if test -f $$i ; then \ + echo "Installing $$i"; \ + $(INSTALL_DATA) $$i "$(DESTDIR)$(pkglibdir)/html"; \ + fi; \ + done + +install-doc-n: doc @$(INSTALL_DATA_DIR) "$(DESTDIR)$(mandir)/mann" - @echo "Installing documentation in $(DESTDIR)$(mandir)" - @list='$(srcdir)/doc/*.n'; for i in $$list; do \ - echo "Installing $$i"; \ - $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \ + @echo "Installing nroff documentation in $(DESTDIR)$(mandir)/mann" + @list='doc/*.n'; for i in $$list; do \ + if test -f $$i ; then \ + if test -f "$(DESTDIR)$(mandir)/mann/Tcl.n.gz" -o \ + "$(DESTDIR)$(mandir)/mann/Tcl*.n.gz" ; then \ + gzip -k $$i ; \ + echo "Installing $$i.gz"; \ + $(INSTALL_DATA) $$i.gz "$(DESTDIR)$(mandir)/mann" ; \ + rm -f $$i.gz;\ + else \ + echo "Installing $$i"; \ + $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \ + fi; \ + fi; \ done + +#======================================================================== +# Test and debug +#======================================================================== test: binaries libraries $(TCLSH) `@CYGPATH@ $(srcdir)/tests/all.tcl` $(TESTFLAGS) \ -load "package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \ [list load `@CYGPATH@ $(PKG_LIB_FILE)` [string totitle $(PACKAGE_NAME)]]" @@ -290,10 +314,35 @@ $(PKG_STUB_LIB_FILE): $(PKG_STUB_OBJECTS) -rm -f $(PKG_STUB_LIB_FILE) ${MAKE_STUB_LIB} $(RANLIB_STUB) $(PKG_STUB_LIB_FILE) + +#======================================================================== +# Support files needed to compile C code +#======================================================================== + +# Create a C-source-ified version of the script resources for this +# package so that we only need a single file to enable this extension. +# I would prefer to use $< over $?, but FreeBSD's can't handle it, and +# with only one prereq, $? is sufficient. +tls.tcl.h: library/tls.tcl + sed -e '/^\\s*\#/d' -e '/^\\s*$$/d' -e 's/\\/\\\\/g' -e 's/\"/\\"/g' -e 's/^/"/' \ + -e 's/$$/\\n\"/' '$?' > '$@' || { rm -f $@; exit 1; } + +# Create header file with fossil, git, or svn UUID for build-info command +$(srcdir)/manifest.uuid: + printf "git-" >$(srcdir)/manifest.uuid + (cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid || \ + (printf "svn-r" >$(srcdir)/manifest.uuid ; \ + svn info --show-item last-changed-revision >>$(srcdir)/manifest.uuid) || \ + printf "unknown" >$(srcdir)/manifest.uuid) + +tlsUuid.h: $(srcdir)/manifest.uuid + echo "#define TLS_VERSION_UUID \\" >$@ + cat $(srcdir)/manifest.uuid >>$@ + echo "" >>$@ #======================================================================== # We need to enumerate the list of .c to .o lines here. # # In the following lines, $(srcdir) refers to the toplevel directory @@ -308,36 +357,15 @@ # As necessary, add $(srcdir):$(srcdir)/compat:.... #======================================================================== VPATH = $(srcdir):$(srcdir)/generic:$(srcdir)/unix:$(srcdir)/win:$(srcdir)/macosx +tls.@OBJEXT@: tlsUuid.h tls.tcl.h + .c.@OBJEXT@: $(COMPILE) -c `@CYGPATH@ $<` -o $@ -# Create a C-source-ified version of the script resources -# for TclTLS so that we only need a single file to enable -# this extension -tls.tcl.h: @srcdir@/library/tls.tcl Makefile - od -A n -v -t xC < '@srcdir@/library/tls.tcl' > tls.tcl.h.new.1 - sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2 - rm -f tls.tcl.h.new.1 - mv tls.tcl.h.new.2 @srcdir@/generic/tls.tcl.h - -tls.o: tlsUuid.h - -$(srcdir)/manifest.uuid: - printf "git-" >$(srcdir)/manifest.uuid - (cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid || \ - (printf "svn-r" >$(srcdir)/manifest.uuid ; \ - svn info --show-item last-changed-revision >>$(srcdir)/manifest.uuid) || \ - printf "unknown" >$(srcdir)/manifest.uuid) - -tlsUuid.h: $(srcdir)/manifest.uuid - echo "#define TLS_VERSION_UUID \\" >$@ - cat $(srcdir)/manifest.uuid >>$@ - echo "" >>$@ - #======================================================================== # Create the pkgIndex.tcl file. # It is usually easiest to let Tcl do this for you with pkg_mkIndex, but # you may find that you need to customize the package. If so, either # modify the -hand version, or create a pkgIndex.tcl.in file and have @@ -361,13 +389,13 @@ DIST_INSTALL_DATA = CPPROG='cp -p' $(INSTALL) -m 644 DIST_INSTALL_DATA_RECUR = CPPROG='cp -p -R' $(INSTALL) DIST_INSTALL_SCRIPT = CPPROG='cp -p' $(INSTALL) -m 755 dist-clean: - rm -rf $(DIST_DIR) $(DIST_ROOT)/$(PKG_DIR).tar.* + rm -rf $(DIST_DIR) $(top_builddir)/$(PKG_DIR).tar.* -dist: dist-clean +dist: dist-clean manifest.uuid # TEA files $(INSTALL_DATA_DIR) $(DIST_DIR) $(DIST_INSTALL_DATA) $(srcdir)/Makefile.in \ $(srcdir)/acinclude.m4 $(srcdir)/aclocal.m4 \ $(srcdir)/configure.ac $(DIST_DIR)/ @@ -376,32 +404,21 @@ # Extension files $(DIST_INSTALL_DATA) $(srcdir)/ChangeLog \ $(srcdir)/license.terms $(srcdir)/manifest.uuid \ $(srcdir)/README.txt $(srcdir)/pkgIndex.tcl.in $(DIST_DIR)/ - # TEA files - $(INSTALL_DATA_DIR) $(DIST_DIR)/tclconfig - $(DIST_INSTALL_DATA) $(srcdir)/tclconfig/README.txt \ - $(srcdir)/tclconfig/tcl.m4 $(srcdir)/tclconfig/install-sh \ - $(srcdir)/tclconfig/license.terms $(DIST_DIR)/tclconfig/ - - $(INSTALL_DATA_DIR) $(DIST_DIR)/win - $(DIST_INSTALL_DATA) \ - $(srcdir)/win/README.txt $(srcdir)/win/*.vc \ - $(srcdir)/win/nmakehlp.c $(srcdir)/win/*.in $(DIST_DIR)/win/ - - list='build demos doc generic library macosx tests unix'; \ + list='build demos doc generic library tclconfig tests win'; \ for p in $$list; do \ if test -d $(srcdir)/$$p ; then \ $(INSTALL_DATA_DIR) $(DIST_DIR)/$$p; \ $(DIST_INSTALL_DATA_RECUR) $(srcdir)/$$p/* $(DIST_DIR)/$$p/; \ fi; \ done (cd $(DIST_ROOT); $(COMPRESS);) - cd $(top_builddir) mv $(DIST_ROOT)/$(PKG_DIR).tar.gz $(top_builddir) + cd $(top_builddir) #======================================================================== # End of user-definable section #======================================================================== @@ -416,11 +433,11 @@ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean: clean -rm -f *.tab.c -rm -f $(CONFIG_CLEAN_FILES) - -rm -f config.cache config.log config.status + -rm -f config.cache config.log config.status configure~ -rm -fR autom4te.cache #======================================================================== # Install binary object libraries. On Windows this includes both .dll and # .lib files. Because the .lib files are not explicitly listed anywhere, @@ -457,10 +474,13 @@ done @if test "x$(SHARED_BUILD)" = "x1"; then \ echo " Install pkgIndex.tcl $(DESTDIR)$(pkglibdir)"; \ $(INSTALL_DATA) pkgIndex.tcl "$(DESTDIR)$(pkglibdir)"; \ fi + @if test -f "$(srcdir)/tlsConfig.sh"; then \ + $(INSTALL_DATA) $(srcdir)/tlsConfig.sh $(DESTDIR)$(libdir); \ + fi #======================================================================== # Install binary executables (e.g. .exe files and dependent .dll files) # This is for files that must go in the bin directory (located next to # wish and tclsh), like dependent .dll files on Windows. Index: README.txt ================================================================== --- README.txt +++ README.txt @@ -2,25 +2,21 @@ Intro ===== This package provides an extension which implements Secure Socket Layer (SSL) -and Transport Layer Security (TLS) over Transmission Control Protocol (TCP) -network communication channels. It utilizes either the OpenSSL or LibreSSL -software library. - -Version 1.9 also provides a cryptography library providing TCL scripts access -to the crypto capabilities of the OpenSSL library. +and Transport Layer Security (TLS) encryption over Transmission Control +Protocol (TCP) network communication channels utilizing the OpenSSL library. Description =========== This extension works by creating a layered TCL Channel on top of an existing bi-directional channel created by the TLS socket command. All existing socket -functionality is supported, in addition to several new options. Both client -and server modes are supported. +functionality is supported in addition to several new options. Both client and +server modes are supported. Documentation ============= @@ -28,55 +24,74 @@ Compatibility ============= -This package requires TCL 8.5 or later. +TCL +--- + +This package requires TCL 8.5 or later. It will also work with TCL 9, but it is +not binary compatible between major TCL versions. This means if this extension +is built with TCL 8.x it will not load into TCL 9 or vice versa. It is best +to compile both separately then install them with the compatible TCL versions. + +OpenSSL +------- + +This package is compatible with OpenSSL v1.1.1 or later, though 3.2 or later is +preferred. See http://www.openssl.org/. Please note that there are a few API +incompatibilities between OpenSSL 1.1.1 and 3.x, so if this extension is built +against OpenSSL 1.1.1 it is not binary compatible with OpenSSL 3.x or vice +versa. + +TCLTLS +------ -This package is compatible with: -- OpenSSL v1.1.1 or later. See (http://www.openssl.org/ -- LibreSSL (TBD version) +There were several changes made in the callback command arguments between +versions 1.7 and 2.0. See the doc/tls.html for what changed and library/tls.tcl +for example handler functions that are backwards compatible. Installation ============ -This package uses the Tcl Extension Architecture (TEA) to build and install on -any supported Unix, Mac, or MS Windows system. Either the OpenSSL or LibreSSL -software libraries must be built and available prior to building TCL TLS. +This package uses the TCL Extension Architecture (TEA) to build and install on +any supported Unix, Mac, or MS Windows system. It depends on the OpenSSL +libraries being available prior to building the TCLTLS extension. UNIX and Linux -------------- -The standard TEA config, make and install process is supported. +The standard TEA config, make, and install process is supported. $ cd tcltls $ ./configure --enable-64bit $ make $ make test $ make install -The supported configure options include all of the standard TEA configure script -options, plus: +The supported configure options include all of the standard TEA configure +script options, plus: --disable-tls1 disable TLS1 protocol --disable-tls1_1 disable TLS1.1 protocol --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol + --enable-debug enable debugging mode and output more status --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-hardening enable hardening attempts --enable-static-ssl enable static linking to the SSL library If either TCL or OpenSSL are installed in non-standard locations, the following configure options are available. For all options, see ./configure --help. --with-tcl= path to where tclCondig.sh file resides --with-tclinclude= directory containing the public Tcl header files - --with-openssl-dir= path to root directory of OpenSSL or LibreSSL installation - --with-openssl-includedir= path to include directory of OpenSSL or LibreSSL installation - --with-openssl-libdir= path to lib directory of OpenSSL or LibreSSL installation - --with-openssl-pkgconfig= path to root directory of OpenSSL or LibreSSL pkgconfigdir + --with-openssl-dir= path to root directory of OpenSSL installation + --with-openssl-includedir= path to include directory of OpenSSL installation + --with-openssl-libdir= path to lib directory of OpenSSL installation + --with-openssl-pkgconfig= path to root directory of OpenSSL pkg-config directory MacOS ----- @@ -93,11 +108,20 @@ Windows ------- If installing with MinGW, use the TEA build process. If using MS Visual C -(MSVC), see the win/README.txt file for the installation instructions. +(MSVC), see win/README.txt for the build and installation instructions. + + +Certificate Validation +---------------------- + +If OpenSSL is not installed on the system, the Certificate Authority (CA) +provided certificates must be downloaded and installed with the software. +These are used for certificate validation. The CURL team makes them available +at https://curl.se/docs/caextract.html. Look for the cacert.pem file. Copyrights ========== @@ -104,11 +128,11 @@ Original TLS Copyright (C) 1997-2000 Matt Newman TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions TLS 1.6 Copyright (C) 2008 ActiveState Software Inc. TLS 1.7 Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState Software Inc, Roy Keene -TLS 1.8 Copyright (C) 2023 Brian O'Hagan +TLS 1.8-2.0 Copyright (C) 2023-2024 Brian O'Hagan Acknowledgments =============== Non-exclusive credits for TLS are: Index: acinclude.m4 ================================================================== --- acinclude.m4 +++ acinclude.m4 @@ -7,57 +7,81 @@ # # Add here whatever m4 macros you want to define for your package # AC_DEFUN([TCLTLS_SSL_OPENSSL], [ + dnl Determine if pkg-config tool is available AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) + dnl Enable support for SSL 3.0 protocol + AC_ARG_ENABLE([ssl3], AS_HELP_STRING([--disable-ssl3], [disable SSL3 protocol]), [ + if test "$enableval" == "no"; then + AC_DEFINE([NO_SSL3], [1], [Disable SSL3 protocol]) + AC_MSG_CHECKING([for disable SSL3 protocol]) + AC_MSG_RESULT([yes]) + fi + ], AC_DEFINE([NO_SSL3], [1], [Disable SSL3 protocol])) + dnl Disable support for TLS 1.0 protocol AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) AC_MSG_CHECKING([for disable TLS1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.1 protocol AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) AC_MSG_CHECKING([for disable TLS1.1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.2 protocol AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) AC_MSG_CHECKING([for disable TLS1.2 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.3 protocol AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) AC_MSG_CHECKING([for disable TLS1.3 protocol]) AC_MSG_RESULT([yes]) fi ]) + + dnl Determine if debugging mode should be enabled + AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], + [enable debugging mode and output more status]), [ + tcltls_debug_mode="$enableval" + ], [ + tcltls_debug_mode='no' + ]) + if test "$tcltls_debug_mode" == 'yes'; then + AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging mode]) + fi + AC_MSG_CHECKING([for debug mode]) + AC_MSG_RESULT([$tcltls_debug_mode]) + dnl Determine if we have been asked to use a fast path if possible AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [ tcltls_ssl_fastpath="$enableval" ], [ tcltls_ssl_fastpath='no' ]) - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Enable SSL library direct use of the underlying file descriptor]) fi AC_MSG_CHECKING([for fast path]) AC_MSG_RESULT([$tcltls_ssl_fastpath]) @@ -66,12 +90,12 @@ AC_ARG_ENABLE([hardening], AS_HELP_STRING([--enable-hardening], [enable hardening attempts]), [ tcltls_enable_hardening="$enableval" ], [ tcltls_enable_hardening='yes' ]) - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then TEA_ADD_CFLAGS([-fstack-protector-all]) TEA_ADD_CFLAGS([-fno-strict-overflow]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) fi fi @@ -90,11 +114,11 @@ dnl Set SSL files root path AC_ARG_WITH([openssl-dir], AS_HELP_STRING([--with-openssl-dir=], - [path to root directory of OpenSSL or LibreSSL installation] + [path to root directory of OpenSSL installation] ), [ openssldir="$withval" ], [ openssldir='' ] @@ -103,47 +127,46 @@ AC_MSG_RESULT($openssldir) dnl Set SSL include files path AC_ARG_WITH([openssl-includedir], AS_HELP_STRING([--with-openssl-includedir=], - [path to include directory of OpenSSL or LibreSSL installation] + [path to include directory of OpenSSL installation] ), [ opensslincludedir="$withval" ], [ - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi ] ) AC_MSG_CHECKING([for OpenSSL include directory]) AC_MSG_RESULT($opensslincludedir) - dnl Set SSL include vars - if test ! -z "$opensslincludedir"; then - if test -f "$opensslincludedir/openssl/ssl.h"; then + dnl Set SSL include variables + if test -n "$opensslincludedir"; then + AC_MSG_CHECKING([for ssl.h]) + if test -f "${opensslincludedir}/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" - AC_MSG_CHECKING([for ssl.h]) AC_MSG_RESULT([yes]) else - AC_MSG_CHECKING([for ssl.h]) AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to locate ssl.h]) fi fi dnl Set SSL lib files path AC_ARG_WITH([openssl-libdir], AS_HELP_STRING([--with-openssl-libdir=], - [path to lib directory of OpenSSL or LibreSSL installation] + [path to lib directory of OpenSSL installation] ), [ openssllibdir="$withval" ], [ - if test ! -z "$openssldir"; then - if test "$do64bit" == 'yes'; then + if test -n "$openssldir"; then + if test "$do64bit" == 'yes' -a -d ${openssldir}/lib64; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi else @@ -152,30 +175,30 @@ ] ) AC_MSG_CHECKING([for OpenSSL lib directory]) AC_MSG_RESULT($openssllibdir) - dnl Set SSL lib vars - if test ! -z "$openssllibdir"; then - if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + dnl Set SSL lib variables + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then + if test "$TCLEXT_TLS_STATIC_SSL" == 'no'; then + LIBEXT=${SHLIB_SUFFIX} + else + LIBEXT='.a' + fi + + if test -f "${openssllibdir}/libssl${LIBEXT}"; then + SSL_LIBS_PATH="-L$openssllibdir" else - AC_MSG_ERROR([Unable to locate libssl${SHLIB_SUFFIX}]) + AC_MSG_ERROR([Unable to locate libssl${LIBEXT}]) fi fi dnl Set location of pkgconfig files AC_ARG_WITH([openssl-pkgconfig], AS_HELP_STRING([--with-openssl-pkgconfig=], - [path to pkgconfigdir directory for OpenSSL or LibreSSL] + [path to pkgconfigdir directory for OpenSSL] ), [ opensslpkgconfigdir="$withval" ], [ if test -d ${libdir}/../pkgconfig; then opensslpkgconfigdir="$libdir/../pkgconfig" @@ -185,55 +208,67 @@ ] ) AC_MSG_CHECKING([for OpenSSL pkgconfig]) AC_MSG_RESULT($opensslpkgconfigdir) - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - dnl Use pkg-config to find the libraries - if test -n "${PKG_CONFIG}"; then + dnl Use pkg-config to find OpenSSL if not already found + if test -n "$PKG_CONFIG" -a -z "$openssldir" -a -z "$opensslincludedir" -a -z "$openssllibdir"; then + USE_PKG_CONFIG=`"${PKG_CONFIG}" --list-all | grep openssl` + + dnl Use pkg-config to find the library names + if test -n "$USE_PKG_CONFIG"; then dnl Temporarily update PKG_CONFIG_PATH PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" - if test -n "${opensslpkgconfigdir}"; then + if test -n "$opensslpkgconfigdir"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then AC_MSG_ERROR([Unable to locate ${opensslpkgconfigdir}/openssl.pc]) fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "$SHARED_BUILD" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi if test -z "$TCLTLS_SSL_INCLUDES"; then TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" + fi fi - - dnl Fallback settings for OpenSSL includes and libs - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi + dnl Use fall-back settings for OpenSSL include and library paths if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "$TCLEXT_TLS_STATIC_SSL" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + # HPUX: -Wl,-a,archive ... -Wl,-a,shared_archive + fi + fi dnl Include config variables in --help list and make available to be substituted via AC_SUBST. - AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL]) - AC_ARG_VAR([TCLTLS_SSL_INCLUDES], [C compiler include paths for OpenSSL or LibreSSL]) - AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL]) + AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL]) + AC_ARG_VAR([TCLTLS_SSL_INCLUDES], [C compiler include paths for OpenSSL]) + AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL]) ]) DELETED build/update-wiki-docs Index: build/update-wiki-docs ================================================================== --- build/update-wiki-docs +++ /dev/null @@ -1,16 +0,0 @@ -#! /usr/bin/env bash - -version="$1" - -cd "$(dirname "$(which "$0")")/.." || exit 1 - -if [ -z "${version}" ]; then - version="$(cat configure.ac | grep AC_INIT | head -1 | sed 's@^AC_INIT([^,]*, *@@;s@,.*$@@;s@ *)$@@')" -fi - -newBody="$(cat tls.htm | sed 's@\[@[@g' | sed '/<\/body>/,$ d;0,/]/ d;// d' | sed 's/@@VERS@@/'"${version}"'/g' | grep -iv '^[@g' | sed '/<\/body>/,$ d;0,/]/ d;// d' | sed 's/@@VERS@@/'"${version}"'/g' | grep -iv '^/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -99,11 +99,11 @@ done IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then @@ -129,32 +129,32 @@ *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="as_nop=: -if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 + as_bourne_compatible="if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else \$as_nop - case \`(set -o) 2>/dev/null\` in #( +else case e in #( + e) case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } @@ -168,12 +168,13 @@ as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ) then : -else \$as_nop - exitcode=1; echo positional parameters were not saved. +else case e in #( + e) exitcode=1; echo positional parameters were not saved. ;; +esac fi test x\$exitcode = x0 || exit 1 blah=\$(echo \$(echo blah)) test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" @@ -183,18 +184,19 @@ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null then : as_have_required=yes -else $as_nop - as_have_required=no +else case e in #( + e) as_have_required=no ;; +esac fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null then : -else $as_nop - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +else case e in #( + e) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS case $as_dir in #((( @@ -223,16 +225,17 @@ done IFS=$as_save_IFS if $as_found then : -else $as_nop - if { test -f "$SHELL" || test -f "$SHELL.exe"; } && +else case e in #( + e) if { test -f "$SHELL" || test -f "$SHELL.exe"; } && as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null then : CONFIG_SHELL=$SHELL as_have_required=yes -fi +fi ;; +esac fi if test "x$CONFIG_SHELL" != x then : @@ -250,11 +253,11 @@ *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail -# out after a failed `exec'. +# out after a failed 'exec'. printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno @@ -269,11 +272,12 @@ $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 -fi +fi ;; +esac fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. @@ -308,18 +312,10 @@ { set +e as_fn_set_status $1 exit $1 } # as_fn_exit -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () @@ -384,15 +380,16 @@ then : eval 'as_fn_append () { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the @@ -402,25 +399,18 @@ then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith -# as_fn_nop -# --------- -# Do nothing but, unlike ":", preserve the value of $?. -as_fn_nop () -{ - return $? -} -as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the @@ -490,10 +480,12 @@ sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' + t clear + :clear s/[$]LINENO.*/&-/ t lineno b :lineno N @@ -538,11 +530,10 @@ # the shell variables $as_echo and $as_echo_n. New code should use # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. as_echo='printf %s\n' as_echo_n='printf %s' - rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir @@ -550,13 +541,13 @@ fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else @@ -577,14 +568,16 @@ as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated test -n "$DJDIR" || exec 7<&0 &1 @@ -657,12 +650,10 @@ PKG_STUB_LIB_FILE MAKE_STUB_LIB MAKE_STATIC_LIB MAKE_SHARED_LIB MAKE_LIB -EGREP -GREP LDFLAGS_DEFAULT CFLAGS_DEFAULT LD_LIBRARY_PATH_VAR SHLIB_CFLAGS SHLIB_LD_LIBS @@ -775,14 +766,16 @@ enable_stubs enable_64bit enable_64bit_vis enable_rpath enable_symbols +enable_ssl3 enable_tls1 enable_tls1_1 enable_tls1_2 enable_tls1_3 +enable_debug enable_ssl_fastpath enable_hardening enable_static_ssl with_openssl_dir with_openssl_includedir @@ -907,11 +900,11 @@ -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -933,11 +926,11 @@ -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: \`$ac_useropt'" + as_fn_error $? "invalid feature name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -1146,11 +1139,11 @@ -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1162,11 +1155,11 @@ -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: \`$ac_useropt'" + as_fn_error $? "invalid package name: '$ac_useropt'" ac_useropt_orig=$ac_useropt ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1192,20 +1185,20 @@ ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; - -*) as_fn_error $? "unrecognized option: \`$ac_option' -Try \`$0 --help' for more information" + -*) as_fn_error $? "unrecognized option: '$ac_option' +Try '$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) - as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + as_fn_error $? "invalid variable name: '$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) @@ -1251,11 +1244,11 @@ NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done -# There might be people who depend on the old broken behavior: `$host' +# There might be people who depend on the old broken behavior: '$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias @@ -1319,11 +1312,11 @@ fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi -ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_msg="sources are in $srcdir, but 'cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then @@ -1347,11 +1340,11 @@ # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tls 1.8.0 to adapt to many kinds of systems. +'configure' configures tls 1.8.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. @@ -1361,26 +1354,26 @@ Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit - -q, --quiet, --silent do not print \`checking ...' messages + -q, --quiet, --silent do not print 'checking ...' messages --cache-file=FILE cache test results in FILE [disabled] - -C, --config-cache alias for \`--cache-file=config.cache' + -C, --config-cache alias for '--cache-file=config.cache' -n, --no-create do not create output files - --srcdir=DIR find the sources in DIR [configure dir or \`..'] + --srcdir=DIR find the sources in DIR [configure dir or '..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] -By default, \`make install' will install all the files in -\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify -an installation prefix other than \`$ac_default_prefix' using \`--prefix', -for instance \`--prefix=\$HOME'. +By default, 'make install' will install all the files in +'$ac_default_prefix/bin', '$ac_default_prefix/lib' etc. You can specify +an installation prefix other than '$ac_default_prefix' using '--prefix', +for instance '--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] @@ -1425,14 +1418,16 @@ shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) + --disable-ssl3 disable SSL3 protocol --disable-tls1 disable TLS1 protocol --disable-tls1_1 disable TLS1.1 protocol --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol + --enable-debug enable debugging mode and output more status --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-hardening enable hardening attempts --enable-static-ssl enable static linking to the SSL library @@ -1442,21 +1437,17 @@ --with-tcl directory containing tcl configuration (tclConfig.sh) --with-tcl8 Compile for Tcl8 in Tcl9 environment --with-tclinclude directory containing the public Tcl header files --with-openssl-dir= - path to root directory of OpenSSL or LibreSSL - installation + path to root directory of OpenSSL installation --with-openssl-includedir= - path to include directory of OpenSSL or LibreSSL - installation + path to include directory of OpenSSL installation --with-openssl-libdir= - path to lib directory of OpenSSL or LibreSSL - installation + path to lib directory of OpenSSL installation --with-openssl-pkgconfig= - path to pkgconfigdir directory for OpenSSL or - LibreSSL + path to pkgconfigdir directory for OpenSSL Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -1464,17 +1455,17 @@ LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor TCLTLS_SSL_CFLAGS - C compiler flags for OpenSSL or LibreSSL + C compiler flags for OpenSSL TCLTLS_SSL_INCLUDES - C compiler include paths for OpenSSL or LibreSSL + C compiler include paths for OpenSSL TCLTLS_SSL_LIBS - libraries to pass to the linker for OpenSSL or LibreSSL + libraries to pass to the linker for OpenSSL -Use these variables to override the choices made by `configure' or to help +Use these variables to override the choices made by 'configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? @@ -1538,13 +1529,13 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF tls configure 1.8.0 -generated by GNU Autoconf 2.71 +generated by GNU Autoconf 2.72 -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi @@ -1579,15 +1570,16 @@ test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile @@ -1617,97 +1609,22 @@ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that -# executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: program exited with status $ac_status" >&5 - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - -# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists and can be compiled using the include files in -# INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -printf %s "checking for $2... " >&6; } -if eval test \${$3+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - eval "$3=yes" -else $as_nop - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -fi -eval ac_res=\$$3 - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -printf "%s\n" "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_compile - # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { @@ -1735,15 +1652,16 @@ test "$cross_compiling" = yes || test -x conftest$ac_exeext } then : ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_retval=1 + ac_retval=1 ;; +esac fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. @@ -1751,10 +1669,89 @@ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else case e in #( + e) printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status ;; +esac +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + eval "$3=yes" +else case e in #( + e) eval "$3=no" ;; +esac +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac +fi +eval ac_res=\$$3 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { @@ -1762,19 +1759,19 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 printf %s "checking for $2... " >&6; } if eval test \${$3+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. */ + which can conflict with char $2 (void); below. */ #include #undef $2 /* Override any GCC internal prototype to avoid an error. @@ -1781,11 +1778,11 @@ Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif -char $2 (); +char $2 (void); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me @@ -1800,15 +1797,17 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : eval "$3=yes" -else $as_nop - eval "$3=no" +else case e in #( + e) eval "$3=no" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext + conftest$ac_exeext conftest.$ac_ext ;; +esac fi eval ac_res=\$$3 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno @@ -1837,11 +1836,11 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by tls $as_me 1.8.0, which was -generated by GNU Autoconf 2.71. Invocation command line was +generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log @@ -2083,14 +2082,14 @@ if test -f "$ac_site_file" && test -r "$ac_site_file"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files @@ -2122,13 +2121,11 @@ #include struct stat; /* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ struct buf { int x; }; struct buf * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; +static char *e (char **p, int i) { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { @@ -2138,10 +2135,25 @@ s = g (p, va_arg (v,int)); va_end (v); return s; } +/* C89 style stringification. */ +#define noexpand_stringify(a) #a +const char *stringified = noexpand_stringify(arbitrary+token=sequence); + +/* C89 style token pasting. Exercises some of the corner cases that + e.g. old MSVC gets wrong, but not very hard. */ +#define noexpand_concat(a,b) a##b +#define expand_concat(a,b) noexpand_concat(a,b) +extern int vA; +extern int vbee; +#define aye A +#define bee B +int *pvA = &expand_concat(v,aye); +int *pvbee = &noexpand_concat(v,bee); + /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not \xHH hex character constants. These do not provoke an error unfortunately, instead are silently treated as an "x". The following induces an error, until -std is added to get proper ANSI mode. Curiously \x00 != x always comes out true, for an @@ -2165,20 +2177,23 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); ' # Test code for whether the C compiler supports C99 (global declarations) ac_c_conftest_c99_globals=' -// Does the compiler advertise C99 conformance? +/* Does the compiler advertise C99 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L # error "Compiler does not advertise C99 conformance" #endif + +// See if C++-style comments work. #include extern int puts (const char *); extern int printf (const char *, ...); extern int dprintf (int, const char *, ...); extern void *malloc (size_t); +extern void free (void *); // Check varargs macros. These examples are taken from C99 6.10.3.5. // dprintf is used instead of fprintf to avoid needing to declare // FILE and stderr. #define debug(...) dprintf (2, __VA_ARGS__) @@ -2224,11 +2239,10 @@ typedef const char *ccp; static inline int test_restrict (ccp restrict text) { - // See if C++-style comments work. // Iterate through items via the restricted pointer. // Also check for declarations in for loops. for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) continue; return 0; @@ -2290,10 +2304,12 @@ struct incomplete_array *ia = malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); ia->datasize = 10; for (int i = 0; i < ia->datasize; ++i) ia->data[i] = i * 1.234; + // Work around memory leak warnings. + free (ia); // Check named initializers. struct named_init ni = { .number = 34, .name = L"Test wide string", @@ -2311,11 +2327,11 @@ || dynamic_array[ni.number - 1] != 543); ' # Test code for whether the C compiler supports C11 (global declarations) ac_c_conftest_c11_globals=' -// Does the compiler advertise C11 conformance? +/* Does the compiler advertise C11 conformance? */ #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L # error "Compiler does not advertise C11 conformance" #endif // Check _Alignas. @@ -2434,36 +2450,36 @@ eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was set to '$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: '$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: '$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: '$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in '$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: '$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: '$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: '$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: '$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in @@ -2475,15 +2491,15 @@ *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + as_fn_error $? "run '${MAKE-make} distclean' and/or 'rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## @@ -2527,12 +2543,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CYGPATH+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CYGPATH"; then +else case e in #( + e) if test -n "$CYGPATH"; then ac_cv_prog_CYGPATH="$CYGPATH" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2551,11 +2567,12 @@ done done IFS=$as_save_IFS test -z "$ac_cv_prog_CYGPATH" && ac_cv_prog_CYGPATH="echo" -fi +fi ;; +esac fi CYGPATH=$ac_cv_prog_CYGPATH if test -n "$CYGPATH"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CYGPATH" >&5 printf "%s\n" "$CYGPATH" >&6; } @@ -2630,12 +2647,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking system version" >&5 printf %s "checking system version... " >&6; } if test ${tcl_cv_sys_version+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # TEA specific: if test "${TEA_PLATFORM}" = "windows" ; then tcl_cv_sys_version=windows else tcl_cv_sys_version=`uname -s`-`uname -r` @@ -2650,11 +2667,12 @@ if test "`uname -s`" = "NetBSD" -a -f /etc/debian_version ; then tcl_cv_sys_version=NetBSD-Debian fi fi fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_sys_version" >&5 printf "%s\n" "$tcl_cv_sys_version" >&6; } system=$tcl_cv_sys_version @@ -2706,12 +2724,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Tcl configuration" >&5 printf %s "checking for Tcl configuration... " >&6; } if test ${ac_cv_c_tclconfig+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # First check to see if --with-tcl was specified. if test x"${with_tclconfig}" != x ; then case "${with_tclconfig}" in */tclConfig.sh ) @@ -2792,14 +2810,20 @@ `ls -d /usr/local/lib 2>/dev/null` \ `ls -d /usr/contrib/lib 2>/dev/null` \ `ls -d /usr/pkg/lib 2>/dev/null` \ `ls -d /usr/lib 2>/dev/null` \ `ls -d /usr/lib64 2>/dev/null` \ + `ls -d /usr/lib/tcl9.0 2>/dev/null` \ + `ls -d /usr/lib/tcl8.7 2>/dev/null` \ `ls -d /usr/lib/tcl8.6 2>/dev/null` \ `ls -d /usr/lib/tcl8.5 2>/dev/null` \ + `ls -d /usr/local/lib/tcl9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tcl8.7 2>/dev/null` \ `ls -d /usr/local/lib/tcl8.6 2>/dev/null` \ `ls -d /usr/local/lib/tcl8.5 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tcl9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tcl8.7 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tcl8.6 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tcl8.5 2>/dev/null` \ ; do if test -f "$i/tclConfig.sh" ; then ac_cv_c_tclconfig="`(cd $i; pwd)`" @@ -2824,11 +2848,12 @@ ac_cv_c_tclconfig="`(cd $i/unix; pwd)`" break fi done fi - + ;; +esac fi if test x"${ac_cv_c_tclconfig}" = x ; then TCL_BIN_DIR="# no Tcl configs found" @@ -2861,12 +2886,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2884,11 +2909,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -2906,12 +2932,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2929,11 +2955,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -2964,12 +2991,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -2987,11 +3014,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3009,12 +3037,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -3049,11 +3077,12 @@ # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3073,12 +3102,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3096,11 +3125,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3122,12 +3152,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3145,11 +3175,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -3183,12 +3214,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3206,11 +3237,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -3228,12 +3260,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3251,11 +3283,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -3280,14 +3313,14 @@ fi fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 @@ -3355,12 +3388,12 @@ (eval "$ac_link_default") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. -# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' + # Autoconf-2.13 could set the ac_cv_exeext variable to 'no'. +# So ignore a value of 'no', otherwise this would lead to 'EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do @@ -3376,11 +3409,11 @@ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not - # safe: cross compilers may not add the suffix if given an `-o' + # safe: cross compilers may not add the suffix if given an '-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) @@ -3387,27 +3420,29 @@ break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= -else $as_nop - ac_file='' +else case e in #( + e) ac_file='' ;; +esac fi if test -z "$ac_file" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables -See \`config.log' for more details" "$LINENO" 5; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } +See 'config.log' for more details" "$LINENO" 5; } +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 printf %s "checking for C compiler default output file name... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 printf "%s\n" "$ac_file" >&6; } @@ -3427,28 +3462,29 @@ (eval "$ac_link") 2>&5 ac_status=$? printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then : - # If both `conftest.exe' and `conftest' are `present' (well, observable) -# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will -# work properly (i.e., refer to `conftest.exe'), while it won't with -# `rm'. + # If both 'conftest.exe' and 'conftest' are 'present' (well, observable) +# catch 'conftest.exe'. For instance with Cygwin, 'ls conftest' will +# work properly (i.e., refer to 'conftest.exe'), while it won't with +# 'rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi rm -f conftest conftest$ac_cv_exeext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 printf "%s\n" "$ac_cv_exeext" >&6; } @@ -3460,10 +3496,12 @@ #include int main (void) { FILE *f = fopen ("conftest.out", "w"); + if (!f) + return 1; return ferror (f) || fclose (f) != 0; ; return 0; } @@ -3499,30 +3537,31 @@ cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error 77 "cannot run C compiled programs. -If you meant to cross compile, use \`--host'. -See \`config.log' for more details" "$LINENO" 5; } +If you meant to cross compile, use '--host'. +See 'config.log' for more details" "$LINENO" 5; } fi fi fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 printf "%s\n" "$cross_compiling" >&6; } -rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +rm -f conftest.$ac_ext conftest$ac_cv_exeext \ + conftest.o conftest.obj conftest.out ac_clean_files=$ac_clean_files_save { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 printf %s "checking for suffix of object files... " >&6; } if test ${ac_cv_objext+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -3550,20 +3589,22 @@ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 +else case e in #( + e) printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi -rm -f conftest.$ac_cv_objext conftest.$ac_ext +rm -f conftest.$ac_cv_objext conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT @@ -3570,12 +3611,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -3588,16 +3629,18 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ac_compiler_gnu=$ac_cv_c_compiler_gnu @@ -3611,12 +3654,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -3630,12 +3673,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) @@ -3646,12 +3689,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -3664,16 +3707,19 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS @@ -3696,12 +3742,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c11_program _ACEOF @@ -3714,40 +3760,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c99_program _ACEOF @@ -3760,40 +3809,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c89_program _ACEOF @@ -3806,29 +3858,32 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -3840,15 +3895,15 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for existence of ${TCL_BIN_DIR}/tclConfig.sh" >&5 printf %s "checking for existence of ${TCL_BIN_DIR}/tclConfig.sh... " >&6; } if test -f "${TCL_BIN_DIR}/tclConfig.sh" ; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: loading" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: loading" >&5 printf "%s\n" "loading" >&6; } . "${TCL_BIN_DIR}/tclConfig.sh" else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: could not find ${TCL_BIN_DIR}/tclConfig.sh" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: could not find ${TCL_BIN_DIR}/tclConfig.sh" >&5 printf "%s\n" "could not find ${TCL_BIN_DIR}/tclConfig.sh" >&6; } fi # If the TCL_BIN_DIR is the build directory (not the install directory), # then set the common variable name to the value of the build variables. @@ -3855,13 +3910,13 @@ # For example, the variable TCL_LIB_SPEC will be set to the value # of TCL_BUILD_LIB_SPEC. An extension should make use of TCL_LIB_SPEC # instead of TCL_BUILD_LIB_SPEC since it will work with both an # installed and uninstalled version of Tcl. if test -f "${TCL_BIN_DIR}/Makefile" ; then - TCL_LIB_SPEC="${TCL_BUILD_LIB_SPEC}" - TCL_STUB_LIB_SPEC="${TCL_BUILD_STUB_LIB_SPEC}" - TCL_STUB_LIB_PATH="${TCL_BUILD_STUB_LIB_PATH}" + TCL_LIB_SPEC="${TCL_BUILD_LIB_SPEC}" + TCL_STUB_LIB_SPEC="${TCL_BUILD_STUB_LIB_SPEC}" + TCL_STUB_LIB_PATH="${TCL_BUILD_STUB_LIB_PATH}" elif test "`uname -s`" = "Darwin"; then # If Tcl was built as a framework, attempt to use the libraries # from the framework at the given location so that linking works # against Tcl.framework installed in an arbitrary location. case ${TCL_DEFS} in @@ -3919,22 +3974,22 @@ # first test we've already retrieved platform (cross-compile), fallback to unix otherwise: TEA_PLATFORM="${TEA_PLATFORM-unix}" CYGPATH=echo -else $as_nop - +else case e in #( + e) TEA_PLATFORM="windows" # Extract the first word of "cygpath", so it can be a program name with args. set dummy cygpath; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CYGPATH+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CYGPATH"; then +else case e in #( + e) if test -n "$CYGPATH"; then ac_cv_prog_CYGPATH="$CYGPATH" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -3953,11 +4008,12 @@ done done IFS=$as_save_IFS test -z "$ac_cv_prog_CYGPATH" && ac_cv_prog_CYGPATH="echo" -fi +fi ;; +esac fi CYGPATH=$ac_cv_prog_CYGPATH if test -n "$CYGPATH"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CYGPATH" >&5 printf "%s\n" "$CYGPATH" >&6; } @@ -3965,11 +4021,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi - + ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CC=$hold_cc { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TEA_PLATFORM" >&5 printf "%s\n" "$TEA_PLATFORM" >&6; } @@ -4055,12 +4112,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4078,11 +4135,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4100,12 +4158,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4123,11 +4181,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4158,12 +4217,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4181,11 +4240,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4203,12 +4263,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH @@ -4243,11 +4303,12 @@ # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4267,12 +4328,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4290,11 +4351,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4316,12 +4378,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4339,11 +4401,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4377,12 +4440,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$CC"; then +else case e in #( + e) if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4400,11 +4463,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi CC=$ac_cv_prog_CC if test -n "$CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 printf "%s\n" "$CC" >&6; } @@ -4422,12 +4486,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_CC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_CC"; then +else case e in #( + e) if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4445,11 +4509,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 printf "%s\n" "$ac_ct_CC" >&6; } @@ -4474,14 +4539,14 @@ fi fi -test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 @@ -4509,12 +4574,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 printf %s "checking whether the compiler supports GNU C... " >&6; } if test ${ac_cv_c_compiler_gnu+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -4527,16 +4592,18 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_compiler_gnu=yes -else $as_nop - ac_compiler_gnu=no +else case e in #( + e) ac_compiler_gnu=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } ac_compiler_gnu=$ac_cv_c_compiler_gnu @@ -4550,12 +4617,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 printf %s "checking whether $CC accepts -g... " >&6; } if test ${ac_cv_prog_cc_g+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_save_c_werror_flag=$ac_c_werror_flag +else case e in #( + e) ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4569,12 +4636,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes -else $as_nop - CFLAGS="" +else case e in #( + e) CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) @@ -4585,12 +4652,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : -else $as_nop - ac_c_werror_flag=$ac_save_c_werror_flag +else case e in #( + e) ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -4603,16 +4670,19 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_c_werror_flag=$ac_save_c_werror_flag + ac_c_werror_flag=$ac_save_c_werror_flag ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 printf "%s\n" "$ac_cv_prog_cc_g" >&6; } if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS @@ -4635,12 +4705,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 printf %s "checking for $CC option to enable C11 features... " >&6; } if test ${ac_cv_prog_cc_c11+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c11=no +else case e in #( + e) ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c11_program _ACEOF @@ -4653,40 +4723,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c11" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c11" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c11" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c11" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } - CC="$CC $ac_cv_prog_cc_c11" + CC="$CC $ac_cv_prog_cc_c11" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 - ac_prog_cc_stdc=c11 + ac_prog_cc_stdc=c11 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 printf %s "checking for $CC option to enable C99 features... " >&6; } if test ${ac_cv_prog_cc_c99+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c99=no +else case e in #( + e) ac_cv_prog_cc_c99=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c99_program _ACEOF @@ -4699,40 +4772,43 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c99" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c99" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c99" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c99" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } - CC="$CC $ac_cv_prog_cc_c99" + CC="$CC $ac_cv_prog_cc_c99" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 - ac_prog_cc_stdc=c99 + ac_prog_cc_stdc=c99 ;; +esac fi fi if test x$ac_prog_cc_stdc = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 printf %s "checking for $CC option to enable C89 features... " >&6; } if test ${ac_cv_prog_cc_c89+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_prog_cc_c89=no +else case e in #( + e) ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_c_conftest_c89_program _ACEOF @@ -4745,29 +4821,32 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext -CC=$ac_save_CC +CC=$ac_save_CC ;; +esac fi if test "x$ac_cv_prog_cc_c89" = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 printf "%s\n" "unsupported" >&6; } -else $as_nop - if test "x$ac_cv_prog_cc_c89" = x +else case e in #( + e) if test "x$ac_cv_prog_cc_c89" = x then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 printf "%s\n" "none needed" >&6; } -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } - CC="$CC $ac_cv_prog_cc_c89" + CC="$CC $ac_cv_prog_cc_c89" ;; +esac fi ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 - ac_prog_cc_stdc=c89 + ac_prog_cc_stdc=c89 ;; +esac fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -4788,12 +4867,12 @@ fi if test -z "$CPP"; then if test ${ac_cv_prog_CPP+y} then : printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded +else case e in #( + e) # Double quotes because $CC needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do @@ -4807,13 +4886,14 @@ Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4823,28 +4903,30 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : break fi done ac_cv_prog_CPP=$CPP - + ;; +esac fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi @@ -4863,13 +4945,14 @@ Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO" then : -else $as_nop - # Broken: fails on valid input. -continue +else case e in #( + e) # Broken: fails on valid input. +continue ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4879,28 +4962,30 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : # Broken: success on invalid input. continue -else $as_nop - # Passes both tests. +else case e in #( + e) # Passes both tests. ac_preproc_ok=: -break +break ;; +esac fi rm -f conftest.err conftest.i conftest.$ac_ext done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +# Because of 'break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok then : -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +else case e in #( + e) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in '$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in '$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } +See 'config.log' for more details" "$LINENO" 5; } ;; +esac fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -4917,12 +5002,12 @@ set x ${MAKE-make} ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval test \${ac_cv_prog_make_${ac_make}_set+y} then : printf %s "(cached) " >&6 -else $as_nop - cat >conftest.make <<\_ACEOF +else case e in #( + e) cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. @@ -4930,11 +5015,12 @@ *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac -rm -f conftest.make +rm -f conftest.make ;; +esac fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } SET_MAKE= @@ -4955,12 +5041,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then +else case e in #( + e) if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -4978,11 +5064,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 printf "%s\n" "$RANLIB" >&6; } @@ -5000,12 +5087,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -5023,11 +5110,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 printf "%s\n" "$ac_ct_RANLIB" >&6; } @@ -5101,12 +5189,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the compiler understands -pipe" >&5 printf %s "checking if the compiler understands -pipe... " >&6; } if test ${tcl_cv_cc_pipe+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS; CFLAGS="$CFLAGS -pipe" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int @@ -5118,15 +5206,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_cc_pipe=yes -else $as_nop - tcl_cv_cc_pipe=no +else case e in #( + e) tcl_cv_cc_pipe=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_pipe" >&5 printf "%s\n" "$tcl_cv_cc_pipe" >&6; } if test $tcl_cv_cc_pipe = yes; then CFLAGS="$CFLAGS -pipe" @@ -5146,12 +5236,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 printf %s "checking whether byte ordering is bigendian... " >&6; } if test ${ac_cv_c_bigendian+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_cv_c_bigendian=unknown +else case e in #( + e) ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler @@ -5193,12 +5283,12 @@ #include int main (void) { -#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ - && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \\ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \\ && LITTLE_ENDIAN) bogus endian macros #endif ; @@ -5225,12 +5315,13 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -5270,12 +5361,13 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_c_bigendian=yes -else $as_nop - ac_cv_c_bigendian=no +else case e in #( + e) ac_cv_c_bigendian=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi @@ -5298,37 +5390,39 @@ unsigned short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } - extern int foo; - -int -main (void) -{ -return use_ascii (foo) == use_ebcdic (foo); - ; - return 0; -} + int + main (int argc, char **argv) + { + /* Intimidate the compiler so that it does not + optimize the arrays away. */ + char *p = argv[0]; + ascii_mm[1] = *p++; ebcdic_mm[1] = *p++; + ascii_ii[1] = *p++; ebcdic_ii[1] = *p++; + return use_ascii (argc) == use_ebcdic (*p); + } _ACEOF -if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_link "$LINENO" then : - if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + if grep BIGenDianSyS conftest$ac_exeext >/dev/null; then ac_cv_c_bigendian=yes fi - if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if grep LiTTleEnDian conftest$ac_exeext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main (void) { @@ -5347,18 +5441,21 @@ } _ACEOF if ac_fn_c_try_run "$LINENO" then : ac_cv_c_bigendian=no -else $as_nop - ac_cv_c_bigendian=yes +else case e in #( + e) ac_cv_c_bigendian=yes ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - fi + fi ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 printf "%s\n" "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) @@ -5375,11 +5472,10 @@ esac #----------------------------------------------------------------------- -# __CHANGE__ # Specify the C source files to compile in TEA_ADD_SOURCES, # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS @@ -5477,11 +5573,11 @@ done - vars="library/tls.tcl" + vars="library/tls.tcl license.terms README.txt" for i in $vars; do # check for existence, be strict because it is installed if test ! -f "${srcdir}/$i" ; then as_fn_error $? "could not find tcl source file '${srcdir}/$i'" "$LINENO" 5 fi @@ -5489,29 +5585,31 @@ done #-------------------------------------------------------------------- -# # You can add more files to clean if your extension creates any extra # files by extending CLEANFILES. # Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # # A few miscellaneous platform-specific items: # TEA_ADD_* any platform specific compiler/build info here. #-------------------------------------------------------------------- -CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms" + + CLEANFILES="$CLEANFILES pkgIndex.tcl generic/tls.tcl.h tlsUuid.h" + + if test "${TEA_PLATFORM}" = "windows" ; then - printf "%s\n" "#define BUILD_tls 1" >>confdefs.h - printf "%s\n" "#define WINDOWS 1" >>confdefs.h + CLEANFILES="$CLEANFILES *.lib *.dll *.exp *.ilk *.pdb vc*.pch" - CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch" else - CLEANFILES="pkgIndex.tcl *.so" + + CLEANFILES="$CLEANFILES *.so" + fi #-------------------------------------------------------------------- # Choose which headers you need. Extension authors should try very @@ -5534,12 +5632,12 @@ if test ${ac_cv_c_tclh+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # Use the value from --with-tclinclude, if it was given if test x"${with_tclinclude}" != x ; then if test -f "${with_tclinclude}/tcl.h" ; then ac_cv_c_tclh=${with_tclinclude} @@ -5584,11 +5682,12 @@ ac_cv_c_tclh=$i break fi done fi - + ;; +esac fi # Print a message based on how we determined the include path @@ -5621,12 +5720,13 @@ # Check whether --enable-threads was given. if test ${enable_threads+y} then : enableval=$enable_threads; tcl_ok=$enableval -else $as_nop - tcl_ok=yes +else case e in #( + e) tcl_ok=yes ;; +esac fi if test "${enable_threads+set}" = set; then enableval="$enable_threads" @@ -5660,20 +5760,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lpthread" >&5 printf %s "checking for pthread_mutex_init in -lpthread... " >&6; } if test ${ac_cv_lib_pthread_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5681,24 +5787,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthread_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthread_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthread_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthread_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthread_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then # Check a little harder for __pthread_mutex_init in the same # library, as some systems hide it there until pthread.h is @@ -5708,20 +5817,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __pthread_mutex_init in -lpthread" >&5 printf %s "checking for __pthread_mutex_init in -lpthread... " >&6; } if test ${ac_cv_lib_pthread___pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char __pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char __pthread_mutex_init (void); int main (void) { return __pthread_mutex_init (); ; @@ -5729,24 +5844,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthread___pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthread___pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthread___pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread___pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthread___pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthread___pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi fi if test "$tcl_ok" = "yes"; then @@ -5756,20 +5874,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lpthreads" >&5 printf %s "checking for pthread_mutex_init in -lpthreads... " >&6; } if test ${ac_cv_lib_pthreads_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lpthreads $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5777,24 +5901,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_pthreads_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_pthreads_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_pthreads_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthreads_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_pthreads_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_pthreads_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "yes"; then # The space is needed THREADS_LIBS=" -lpthreads" @@ -5802,20 +5929,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lc" >&5 printf %s "checking for pthread_mutex_init in -lc... " >&6; } if test ${ac_cv_lib_c_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5823,42 +5956,51 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_c_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_c_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_c_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_c_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_init in -lc_r" >&5 printf %s "checking for pthread_mutex_init in -lc_r... " >&6; } if test ${ac_cv_lib_c_r_pthread_mutex_init+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lc_r $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char pthread_mutex_init (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_mutex_init (void); int main (void) { return pthread_mutex_init (); ; @@ -5866,24 +6008,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_c_r_pthread_mutex_init=yes -else $as_nop - ac_cv_lib_c_r_pthread_mutex_init=no +else case e in #( + e) ac_cv_lib_c_r_pthread_mutex_init=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_r_pthread_mutex_init" >&5 printf "%s\n" "$ac_cv_lib_c_r_pthread_mutex_init" >&6; } if test "x$ac_cv_lib_c_r_pthread_mutex_init" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "yes"; then # The space is needed THREADS_LIBS=" -pthread" @@ -5939,12 +6084,13 @@ printf %s "checking how to build libraries... " >&6; } # Check whether --enable-shared was given. if test ${enable_shared+y} then : enableval=$enable_shared; shared_ok=$enableval -else $as_nop - shared_ok=yes +else case e in #( + e) shared_ok=yes ;; +esac fi if test "${enable_shared+set}" = set; then enableval="$enable_shared" @@ -5955,12 +6101,13 @@ # Check whether --enable-stubs was given. if test ${enable_stubs+y} then : enableval=$enable_stubs; stubs_ok=$enableval -else $as_nop - stubs_ok=yes +else case e in #( + e) stubs_ok=yes ;; +esac fi if test "${enable_stubs+set}" = set; then enableval="$enable_stubs" @@ -5972,23 +6119,23 @@ # Stubs are always enabled for shared builds if test "$shared_ok" = "yes" ; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: shared" >&5 printf "%s\n" "shared" >&6; } SHARED_BUILD=1 - STUBS_BUILD=1 + STUBS_BUILD=1 else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: static" >&5 printf "%s\n" "static" >&6; } SHARED_BUILD=0 printf "%s\n" "#define STATIC_BUILD 1" >>confdefs.h - if test "$stubs_ok" = "yes" ; then - STUBS_BUILD=1 - else - STUBS_BUILD=0 - fi + if test "$stubs_ok" = "yes" ; then + STUBS_BUILD=1 + else + STUBS_BUILD=0 + fi fi if test "${STUBS_BUILD}" = "1" ; then printf "%s\n" "#define USE_TCL_STUBS 1" >>confdefs.h @@ -6018,12 +6165,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RANLIB"; then +else case e in #( + e) if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6041,11 +6188,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 printf "%s\n" "$RANLIB" >&6; } @@ -6063,12 +6211,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RANLIB+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RANLIB"; then +else case e in #( + e) if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6086,11 +6234,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 printf "%s\n" "$ac_ct_RANLIB" >&6; } @@ -6123,12 +6272,13 @@ printf %s "checking if 64bit support is requested... " >&6; } # Check whether --enable-64bit was given. if test ${enable_64bit+y} then : enableval=$enable_64bit; do64bit=$enableval -else $as_nop - do64bit=no +else case e in #( + e) do64bit=no ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $do64bit" >&5 printf "%s\n" "$do64bit" >&6; } @@ -6138,12 +6288,13 @@ printf %s "checking if 64bit Sparc VIS support is requested... " >&6; } # Check whether --enable-64bit-vis was given. if test ${enable_64bit_vis+y} then : enableval=$enable_64bit_vis; do64bitVIS=$enableval -else $as_nop - do64bitVIS=no +else case e in #( + e) do64bitVIS=no ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $do64bitVIS" >&5 printf "%s\n" "$do64bitVIS" >&6; } # Force 64bit on with VIS @@ -6158,12 +6309,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler supports visibility \"hidden\"" >&5 printf %s "checking if compiler supports visibility \"hidden\"... " >&6; } if test ${tcl_cv_cc_visibility_hidden+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS; CFLAGS="$CFLAGS -Werror" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ extern __attribute__((__visibility__("hidden"))) void f(void); @@ -6177,16 +6328,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_visibility_hidden=yes -else $as_nop - tcl_cv_cc_visibility_hidden=no +else case e in #( + e) tcl_cv_cc_visibility_hidden=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_visibility_hidden" >&5 printf "%s\n" "$tcl_cv_cc_visibility_hidden" >&6; } if test $tcl_cv_cc_visibility_hidden = yes then : @@ -6206,12 +6359,13 @@ printf %s "checking if rpath support is requested... " >&6; } # Check whether --enable-rpath was given. if test ${enable_rpath+y} then : enableval=$enable_rpath; doRpath=$enableval -else $as_nop - doRpath=yes +else case e in #( + e) doRpath=yes ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $doRpath" >&5 printf "%s\n" "$doRpath" >&6; } @@ -6222,12 +6376,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking system version" >&5 printf %s "checking system version... " >&6; } if test ${tcl_cv_sys_version+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) # TEA specific: if test "${TEA_PLATFORM}" = "windows" ; then tcl_cv_sys_version=windows else tcl_cv_sys_version=`uname -s`-`uname -r` @@ -6242,11 +6396,12 @@ if test "`uname -s`" = "NetBSD" -a -f /etc/debian_version ; then tcl_cv_sys_version=NetBSD-Debian fi fi fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_sys_version" >&5 printf "%s\n" "$tcl_cv_sys_version" >&6; } system=$tcl_cv_sys_version @@ -6276,26 +6431,27 @@ then : CFLAGS_OPTIMIZE=-O2 CFLAGS_WARNING="-Wall" -else $as_nop - +else case e in #( + e) CFLAGS_OPTIMIZE=-O CFLAGS_WARNING="" - + ;; +esac fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$AR"; then +else case e in #( + e) if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6313,11 +6469,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi AR=$ac_cv_prog_AR if test -n "$AR"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 printf "%s\n" "$AR" >&6; } @@ -6335,12 +6492,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_AR+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_AR"; then +else case e in #( + e) if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6358,11 +6515,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 printf "%s\n" "$ac_ct_AR" >&6; } @@ -6389,12 +6547,13 @@ STLIB_LD='${AR} cr' LD_LIBRARY_PATH_VAR="LD_LIBRARY_PATH" if test "x$SHLIB_VERSION" = x then : SHLIB_VERSION="" -else $as_nop - SHLIB_VERSION=".$SHLIB_VERSION" +else case e in #( + e) SHLIB_VERSION=".$SHLIB_VERSION" ;; +esac fi case $system in # TEA specific: windows) MACHINE="X86" @@ -6411,18 +6570,18 @@ ;; esac fi if test "$GCC" != "yes" ; then - if test "${SHARED_BUILD}" = "0" ; then + if test "${SHARED_BUILD}" = "0" ; then runtime=-MT - else + else runtime=-MD - fi - case "x`echo \${VisualStudioVersion}`" in - x1[4-9]*) - lflags="${lflags} -nodefaultlib:libucrt.lib" + fi + case "x`echo \${VisualStudioVersion}`" in + x1[4-9]*) + lflags="${lflags} -nodefaultlib:libucrt.lib" vars="ucrt.lib" for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib @@ -6430,16 +6589,16 @@ fi PKG_LIBS="$PKG_LIBS $i" done - ;; - *) - ;; - esac + ;; + *) + ;; + esac - if test "$do64bit" != "no" ; then + if test "$do64bit" != "no" ; then CC="cl.exe" RC="rc.exe" lflags="${lflags} -nologo -MACHINE:${MACHINE} " LINKBIN="link.exe" CFLAGS_DEBUG="-nologo -Zi -Od -W3 ${runtime}d" @@ -6474,12 +6633,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$RC"; then +else case e in #( + e) if test -n "$RC"; then ac_cv_prog_RC="$RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6497,11 +6656,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi RC=$ac_cv_prog_RC if test -n "$RC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RC" >&5 printf "%s\n" "$RC" >&6; } @@ -6519,12 +6679,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_RC+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_RC"; then +else case e in #( + e) if test -n "$ac_ct_RC"; then ac_cv_prog_ac_ct_RC="$ac_ct_RC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -6542,11 +6702,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_RC=$ac_cv_prog_ac_ct_RC if test -n "$ac_ct_RC"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RC" >&5 printf "%s\n" "$ac_ct_RC" >&6; } @@ -6580,12 +6741,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cross-compile version of gcc" >&5 printf %s "checking for cross-compile version of gcc... " >&6; } if test ${ac_cv_cross+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef _WIN32 #error cross-compiler #endif @@ -6599,15 +6760,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : ac_cv_cross=yes -else $as_nop - ac_cv_cross=no +else case e in #( + e) ac_cv_cross=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cross" >&5 printf "%s\n" "$ac_cv_cross" >&6; } if test "$ac_cv_cross" = "yes"; then case "$do64bit" in @@ -6654,11 +6817,11 @@ SHLIB_SUFFIX=".dll" SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.dll' TCL_LIB_VERSIONS_OK=nodots - ;; + ;; AIX-*) if test "$GCC" != "yes" then : # AIX requires the _r compiler when gcc isn't being used @@ -6666,11 +6829,11 @@ *_r|*_r\ *) # ok ... ;; *) # Make sure only first arg gets _r - CC=`echo "$CC" | sed -e 's/^\([^ ]*\)/\1_r/'` + CC=`echo "$CC" | sed -e 's/^\([^ ]*\)/\1_r/'` ;; esac { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using $CC for compiling with threads" >&5 printf "%s\n" "Using $CC for compiling with threads" >&6; } @@ -6689,19 +6852,20 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;} -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS -q64" LDFLAGS_ARCH="-q64" RANLIB="${RANLIB} -X64" AR="${AR} -X64" SHLIB_LD_FLAGS="-b64" - + ;; +esac fi fi if test "`uname -m`" = ia64 @@ -6712,34 +6876,37 @@ if test "$GCC" = yes then : CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' -else $as_nop - +else case e in #( + e) CC_SEARCH_FLAGS='"-R${LIB_RUNTIME_DIR}"' - + ;; +esac fi LD_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' -else $as_nop - +else case e in #( + e) if test "$GCC" = yes then : SHLIB_LD='${CC} -shared -Wl,-bexpall' -else $as_nop - +else case e in #( + e) SHLIB_LD="/bin/ld -bhalt:4 -bM:SRE -bexpall -H512 -T512 -bnoentry" LDFLAGS="$LDFLAGS -brtl" - + ;; +esac fi SHLIB_LD="${SHLIB_LD} ${SHLIB_LD_FLAGS}" CC_SEARCH_FLAGS='"-L${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} - + ;; +esac fi ;; BeOS*) SHLIB_CFLAGS="-fPIC" SHLIB_LD='${CC} -nostart' @@ -6753,20 +6920,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_ntoa in -lbind" >&5 printf %s "checking for inet_ntoa in -lbind... " >&6; } if test ${ac_cv_lib_bind_inet_ntoa+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lbind $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char inet_ntoa (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntoa (void); int main (void) { return inet_ntoa (); ; @@ -6774,16 +6947,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_bind_inet_ntoa=yes -else $as_nop - ac_cv_lib_bind_inet_ntoa=no +else case e in #( + e) ac_cv_lib_bind_inet_ntoa=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bind_inet_ntoa" >&5 printf "%s\n" "$ac_cv_lib_bind_inet_ntoa" >&6; } if test "x$ac_cv_lib_bind_inet_ntoa" = xyes then : @@ -6832,20 +7007,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inet_ntoa in -lnetwork" >&5 printf %s "checking for inet_ntoa in -lnetwork... " >&6; } if test ${ac_cv_lib_network_inet_ntoa+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-lnetwork $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char inet_ntoa (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntoa (void); int main (void) { return inet_ntoa (); ; @@ -6853,16 +7034,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_network_inet_ntoa=yes -else $as_nop - ac_cv_lib_network_inet_ntoa=no +else case e in #( + e) ac_cv_lib_network_inet_ntoa=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_network_inet_ntoa" >&5 printf "%s\n" "$ac_cv_lib_network_inet_ntoa" >&6; } if test "x$ac_cv_lib_network_inet_ntoa" = xyes then : @@ -6882,30 +7065,37 @@ if test "`uname -m`" = ia64 then : SHLIB_SUFFIX=".so" -else $as_nop - +else case e in #( + e) SHLIB_SUFFIX=".sl" - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { return shl_load (); ; @@ -6913,24 +7103,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = yes then : @@ -6946,14 +7139,15 @@ then : SHLIB_LD='${CC} -shared' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -z" - + ;; +esac fi # Check to enable 64-bit flags for compiler/linker if test "$do64bit" = "yes" then : @@ -6977,16 +7171,17 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;} ;; esac -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS +DD64" LDFLAGS_ARCH="+DD64" - + ;; +esac fi fi ;; HP-UX-*.08.*|HP-UX-*.09.*|HP-UX-*.10.*) SHLIB_SUFFIX=".sl" @@ -6993,20 +7188,26 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 printf %s "checking for shl_load in -ldld... " >&6; } if test ${ac_cv_lib_dld_shl_load+y} then : printf %s "(cached) " >&6 -else $as_nop - ac_check_lib_save_LIBS=$LIBS +else case e in #( + e) ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char shl_load (); + builtin and then its argument prototype would still apply. + The 'extern "C"' is for builds by C++ compilers; + although this is not generally supported in C code supporting it here + has little cost and some practical benefit (sr 110532). */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (void); int main (void) { return shl_load (); ; @@ -7014,24 +7215,27 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : ac_cv_lib_dld_shl_load=yes -else $as_nop - ac_cv_lib_dld_shl_load=no +else case e in #( + e) ac_cv_lib_dld_shl_load=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS +LIBS=$ac_check_lib_save_LIBS ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = xyes then : tcl_ok=yes -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = yes then : @@ -7075,12 +7279,12 @@ then : CFLAGS="$CFLAGS -mabi=n32" LDFLAGS="$LDFLAGS -mabi=n32" -else $as_nop - +else case e in #( + e) case $system in IRIX-6.3) # Use to build 6.2 compatible binaries on 6.3. CFLAGS="$CFLAGS -n32 -D_OLD_TERMIOS" ;; @@ -7087,11 +7291,12 @@ *) CFLAGS="$CFLAGS -n32" ;; esac LDFLAGS="$LDFLAGS -n32" - + ;; +esac fi ;; IRIX64-6.*) SHLIB_CFLAGS="" SHLIB_LD="ld -n32 -shared -rdata_shared" @@ -7106,23 +7311,24 @@ # Check to enable 64-bit flags for compiler/linker if test "$do64bit" = yes then : - if test "$GCC" = yes + if test "$GCC" = yes then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported by gcc" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported by gcc" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported by gcc" >&2;} -else $as_nop - - do64bit_ok=yes - SHLIB_LD="ld -64 -shared -rdata_shared" - CFLAGS="$CFLAGS -64" - LDFLAGS_ARCH="-64" - +else case e in #( + e) + do64bit_ok=yes + SHLIB_LD="ld -64 -shared -rdata_shared" + CFLAGS="$CFLAGS -64" + LDFLAGS_ARCH="-64" + ;; +esac fi fi ;; Linux*|GNU*|NetBSD-Debian|DragonFly-*|FreeBSD-*) @@ -7145,11 +7351,11 @@ LIBS=`echo $LIBS | sed s/-pthread//` CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $PTHREAD_LIBS" fi ;; - esac + esac if test $doRpath = yes then : CC_SEARCH_FLAGS='"-Wl,-rpath,${LIB_RUNTIME_DIR}"' @@ -7165,12 +7371,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -m64 flag" >&5 printf %s "checking if compiler accepts -m64 flag... " >&6; } if test ${tcl_cv_cc_m64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -m64" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7183,16 +7389,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_m64=yes -else $as_nop - tcl_cv_cc_m64=no +else case e in #( + e) tcl_cv_cc_m64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_m64" >&5 printf "%s\n" "$tcl_cv_cc_m64" >&6; } if test $tcl_cv_cc_m64 = yes then : @@ -7294,12 +7502,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -arch ppc64 flag" >&5 printf %s "checking if compiler accepts -arch ppc64 flag... " >&6; } if test ${tcl_cv_cc_arch_ppc64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -arch ppc64 -mpowerpc64 -mcpu=G5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7312,16 +7520,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_arch_ppc64=yes -else $as_nop - tcl_cv_cc_arch_ppc64=no +else case e in #( + e) tcl_cv_cc_arch_ppc64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_arch_ppc64" >&5 printf "%s\n" "$tcl_cv_cc_arch_ppc64" >&6; } if test $tcl_cv_cc_arch_ppc64 = yes then : @@ -7334,12 +7544,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler accepts -arch x86_64 flag" >&5 printf %s "checking if compiler accepts -arch x86_64 flag... " >&6; } if test ${tcl_cv_cc_arch_x86_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_cflags=$CFLAGS CFLAGS="$CFLAGS -arch x86_64" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7352,16 +7562,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_cc_arch_x86_64=yes -else $as_nop - tcl_cv_cc_arch_x86_64=no +else case e in #( + e) tcl_cv_cc_arch_x86_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - CFLAGS=$hold_cflags + CFLAGS=$hold_cflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cc_arch_x86_64" >&5 printf "%s\n" "$tcl_cv_cc_arch_x86_64" >&6; } if test $tcl_cv_cc_arch_x86_64 = yes then : @@ -7373,61 +7585,24 @@ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Don't know how enable 64-bit on architecture \`arch\`" >&5 printf "%s\n" "$as_me: WARNING: Don't know how enable 64-bit on architecture \`arch\`" >&2;};; esac -else $as_nop - +else case e in #( + e) # Check for combined 32-bit and 64-bit fat build if echo "$CFLAGS " |grep -E -q -- '-arch (ppc64|x86_64) ' \ && echo "$CFLAGS " |grep -E -q -- '-arch (ppc|i386) ' then : fat_32_64=yes fi - + ;; +esac fi # TEA specific: use LDFLAGS_DEFAULT instead of LDFLAGS SHLIB_LD='${CC} -dynamiclib ${CFLAGS} ${LDFLAGS_DEFAULT}' - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ld accepts -single_module flag" >&5 -printf %s "checking if ld accepts -single_module flag... " >&6; } -if test ${tcl_cv_ld_single_module+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - hold_ldflags=$LDFLAGS - LDFLAGS="$LDFLAGS -dynamiclib -Wl,-single_module" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main (void) -{ -int i; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - tcl_cv_ld_single_module=yes -else $as_nop - tcl_cv_ld_single_module=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_single_module" >&5 -printf "%s\n" "$tcl_cv_ld_single_module" >&6; } - if test $tcl_cv_ld_single_module = yes -then : - - SHLIB_LD="${SHLIB_LD} -Wl,-single_module" - -fi # TEA specific: link shlib with current and compatibility version flags vers=`echo ${PACKAGE_VERSION} | sed -e 's/^\([0-9]\{1,5\}\)\(\(\.[0-9]\{1,3\}\)\{0,2\}\).*$/\1\2/p' -e d` SHLIB_LD="${SHLIB_LD} -current_version ${vers:-0} -compatibility_version ${vers:-0}" SHLIB_SUFFIX=".dylib" LDFLAGS="$LDFLAGS -headerpad_max_install_names" @@ -7434,12 +7609,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if ld accepts -search_paths_first flag" >&5 printf %s "checking if ld accepts -search_paths_first flag... " >&6; } if test ${tcl_cv_ld_search_paths_first+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-search_paths_first" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7452,16 +7627,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_ld_search_paths_first=yes -else $as_nop - tcl_cv_ld_search_paths_first=no +else case e in #( + e) tcl_cv_ld_search_paths_first=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags + LDFLAGS=$hold_ldflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_search_paths_first" >&5 printf "%s\n" "$tcl_cv_ld_search_paths_first" >&6; } if test $tcl_cv_ld_search_paths_first = yes then : @@ -7492,12 +7669,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit X11" >&5 printf %s "checking for 64-bit X11... " >&6; } if test ${tcl_cv_lib_x11_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) for v in CFLAGS CPPFLAGS LDFLAGS; do eval 'hold_'$v'="$'$v'";'$v'="`echo "$'$v' "|sed -e "s/-arch ppc / /g" -e "s/-arch i386 / /g"`"' done CPPFLAGS="$CPPFLAGS -I/usr/X11R6/include" LDFLAGS="$LDFLAGS -L/usr/X11R6/lib -lX11" @@ -7513,18 +7690,20 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_lib_x11_64=yes -else $as_nop - tcl_cv_lib_x11_64=no +else case e in #( + e) tcl_cv_lib_x11_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext for v in CFLAGS CPPFLAGS LDFLAGS; do eval $v'="$hold_'$v'"' - done + done ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_lib_x11_64" >&5 printf "%s\n" "$tcl_cv_lib_x11_64" >&6; } fi @@ -7534,12 +7713,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit Tk" >&5 printf %s "checking for 64-bit Tk... " >&6; } if test ${tcl_cv_lib_tk_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) for v in CFLAGS CPPFLAGS LDFLAGS; do eval 'hold_'$v'="$'$v'";'$v'="`echo "$'$v' "|sed -e "s/-arch ppc / /g" -e "s/-arch i386 / /g"`"' done CPPFLAGS="$CPPFLAGS -DUSE_TCL_STUBS=1 -DUSE_TK_STUBS=1 ${TCL_INCLUDES} ${TK_INCLUDES}" LDFLAGS="$LDFLAGS ${TCL_STUB_LIB_SPEC} ${TK_STUB_LIB_SPEC}" @@ -7555,18 +7734,20 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_lib_tk_64=yes -else $as_nop - tcl_cv_lib_tk_64=no +else case e in #( + e) tcl_cv_lib_tk_64=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext for v in CFLAGS CPPFLAGS LDFLAGS; do eval $v'="$hold_'$v'"' - done + done ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_lib_tk_64" >&5 printf "%s\n" "$tcl_cv_lib_tk_64" >&6; } fi @@ -7594,16 +7775,17 @@ # Digital OSF/1 SHLIB_CFLAGS="" if test "$SHARED_BUILD" = 1 then : - SHLIB_LD='ld -shared -expect_unresolved "*"' + SHLIB_LD='ld -shared -expect_unresolved "*"' -else $as_nop - - SHLIB_LD='ld -non_shared -expect_unresolved "*"' - +else case e in #( + e) + SHLIB_LD='ld -non_shared -expect_unresolved "*"' + ;; +esac fi SHLIB_SUFFIX=".so" if test $doRpath = yes then : @@ -7611,13 +7793,14 @@ LD_SEARCH_FLAGS='-rpath ${LIB_RUNTIME_DIR}' fi if test "$GCC" = yes then : CFLAGS="$CFLAGS -mieee" -else $as_nop - - CFLAGS="$CFLAGS -DHAVE_TZSET -std1 -ieee" +else case e in #( + e) + CFLAGS="$CFLAGS -DHAVE_TZSET -std1 -ieee" ;; +esac fi # see pthread_intro(3) for pthread support on osf1, k.furukawa CFLAGS="$CFLAGS -DHAVE_PTHREAD_ATTR_SETSTACKSIZE" CFLAGS="$CFLAGS -DTCL_THREAD_STACK_MIN=PTHREAD_STACK_MIN*64" LIBS=`echo $LIBS | sed s/-lpthreads//` @@ -7624,15 +7807,16 @@ if test "$GCC" = yes then : LIBS="$LIBS -lpthread -lmach -lexc" -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -pthread" LDFLAGS="$LDFLAGS -pthread" - + ;; +esac fi ;; QNX-6*) # QNX RTP # This may work for all QNX, but it was only reported for v6. @@ -7648,15 +7832,16 @@ then : SHLIB_CFLAGS="-fPIC -melf" LDFLAGS="$LDFLAGS -melf -Wl,-Bexport" -else $as_nop - +else case e in #( + e) SHLIB_CFLAGS="-Kpic -belf" LDFLAGS="$LDFLAGS -belf -Wl,-Bexport" - + ;; +esac fi SHLIB_LD="ld -G" SHLIB_LD_LIBS="" SHLIB_SUFFIX=".so" CC_SEARCH_FLAGS="" @@ -7682,16 +7867,17 @@ SHLIB_LD='${CC} -shared' CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} -else $as_nop - +else case e in #( + e) SHLIB_LD="/usr/ccs/bin/ld -G -z text" CC_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} - + ;; +esac fi ;; SunOS-5*) # Note: If _REENTRANT isn't defined, then Solaris # won't define thread-safe library routines. @@ -7720,41 +7906,44 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC < 3.2 on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC < 3.2 on $system" >&2;} -else $as_nop - +else case e in #( + e) do64bit_ok=yes CFLAGS="$CFLAGS -m64 -mcpu=v9" LDFLAGS="$LDFLAGS -m64 -mcpu=v9" SHLIB_CFLAGS="-fPIC" - + ;; +esac fi -else $as_nop - +else case e in #( + e) do64bit_ok=yes if test "$do64bitVIS" = yes then : CFLAGS="$CFLAGS -xarch=v9a" LDFLAGS_ARCH="-xarch=v9a" -else $as_nop - +else case e in #( + e) CFLAGS="$CFLAGS -xarch=v9" LDFLAGS_ARCH="-xarch=v9" - + ;; +esac fi # Solaris 64 uses this as well #LD_LIBRARY_PATH_VAR="LD_LIBRARY_PATH_64" - + ;; +esac fi -else $as_nop - if test "$arch" = "amd64 i386" +else case e in #( + e) if test "$arch" = "amd64 i386" then : if test "$GCC" = yes then : @@ -7766,28 +7955,31 @@ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported with GCC on $system" >&5 printf "%s\n" "$as_me: WARNING: 64bit mode not supported with GCC on $system" >&2;};; esac -else $as_nop - +else case e in #( + e) do64bit_ok=yes case $system in SunOS-5.1[1-9]*|SunOS-5.[2-9][0-9]*) CFLAGS="$CFLAGS -m64" LDFLAGS="$LDFLAGS -m64";; *) CFLAGS="$CFLAGS -xarch=amd64" LDFLAGS="$LDFLAGS -xarch=amd64";; esac - + ;; +esac fi -else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported for $arch" >&5 -printf "%s\n" "$as_me: WARNING: 64bit mode not supported for $arch" >&2;} -fi +else case e in #( + e) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 64bit mode not supported for $arch" >&5 +printf "%s\n" "$as_me: WARNING: 64bit mode not supported for $arch" >&2;} ;; +esac +fi ;; +esac fi fi SHLIB_SUFFIX=".so" @@ -7811,35 +8003,37 @@ # for finding sparcv9 libgcc, get the regular libgcc # path, remove so name and append 'sparcv9' #v9gcclibdir="`gcc -print-file-name=libgcc_s.so` | ..." #CC_SEARCH_FLAGS="${CC_SEARCH_FLAGS},-R,$v9gcclibdir" -else $as_nop - if test "$arch" = "amd64 i386" +else case e in #( + e) if test "$arch" = "amd64 i386" then : # JH: static-libgcc is necessary for core Tcl, but may # not be necessary for extensions. SHLIB_LD="$SHLIB_LD -m64 -static-libgcc" -fi +fi ;; +esac fi fi -else $as_nop - +else case e in #( + e) case $system in SunOS-5.[1-9][0-9]*) # TEA specific: use LDFLAGS_DEFAULT instead of LDFLAGS SHLIB_LD='${CC} -G -z text ${LDFLAGS_DEFAULT}';; *) SHLIB_LD='/usr/ccs/bin/ld -G -z text';; esac CC_SEARCH_FLAGS='"-Wl,-R,${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS='-R "${LIB_RUNTIME_DIR}"' - + ;; +esac fi ;; UNIX_SV* | UnixWare-5*) SHLIB_CFLAGS="-KPIC" SHLIB_LD='${CC} -G' @@ -7850,12 +8044,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld accepts -Bexport flag" >&5 printf %s "checking for ld accepts -Bexport flag... " >&6; } if test ${tcl_cv_ld_Bexport+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-Bexport" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7868,16 +8062,18 @@ } _ACEOF if ac_fn_c_try_link "$LINENO" then : tcl_cv_ld_Bexport=yes -else $as_nop - tcl_cv_ld_Bexport=no +else case e in #( + e) tcl_cv_ld_Bexport=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - LDFLAGS=$hold_ldflags + LDFLAGS=$hold_ldflags ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_ld_Bexport" >&5 printf "%s\n" "$tcl_cv_ld_Bexport" >&6; } if test $tcl_cv_ld_Bexport = yes then : @@ -7950,16 +8146,16 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SEH support in compiler" >&5 printf %s "checking for SEH support in compiler... " >&6; } if test ${tcl_cv_seh+y} then : printf %s "(cached) " >&6 -else $as_nop - if test "$cross_compiling" = yes +else case e in #( + e) if test "$cross_compiling" = yes then : tcl_cv_seh=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define WIN32_LEAN_AND_MEAN #include #undef WIN32_LEAN_AND_MEAN @@ -7977,18 +8173,21 @@ _ACEOF if ac_fn_c_try_run "$LINENO" then : tcl_cv_seh=yes -else $as_nop - tcl_cv_seh=no +else case e in #( + e) tcl_cv_seh=no ;; +esac fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext + conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_seh" >&5 printf "%s\n" "$tcl_cv_seh" >&6; } if test "$tcl_cv_seh" = "no" ; then @@ -8005,12 +8204,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EXCEPTION_DISPOSITION support in include files" >&5 printf %s "checking for EXCEPTION_DISPOSITION support in include files... " >&6; } if test ${tcl_cv_eh_disposition+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define WIN32_LEAN_AND_MEAN # include # undef WIN32_LEAN_AND_MEAN @@ -8026,15 +8225,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_eh_disposition=yes -else $as_nop - tcl_cv_eh_disposition=no +else case e in #( + e) tcl_cv_eh_disposition=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_eh_disposition" >&5 printf "%s\n" "$tcl_cv_eh_disposition" >&6; } if test "$tcl_cv_eh_disposition" = "no" ; then @@ -8049,12 +8250,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winnt.h that ignores VOID define" >&5 printf %s "checking for winnt.h that ignores VOID define... " >&6; } if test ${tcl_cv_winnt_ignore_void+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define VOID void #define WIN32_LEAN_AND_MEAN #include @@ -8073,15 +8274,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_winnt_ignore_void=yes -else $as_nop - tcl_cv_winnt_ignore_void=no +else case e in #( + e) tcl_cv_winnt_ignore_void=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_winnt_ignore_void" >&5 printf "%s\n" "$tcl_cv_winnt_ignore_void" >&6; } if test "$tcl_cv_winnt_ignore_void" = "yes" ; then @@ -8097,12 +8300,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cast to union support" >&5 printf %s "checking for cast to union support... " >&6; } if test ${tcl_cv_cast_to_union+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { @@ -8115,15 +8318,17 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_cast_to_union=yes -else $as_nop - tcl_cv_cast_to_union=no +else case e in #( + e) tcl_cv_cast_to_union=no ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_cast_to_union" >&5 printf "%s\n" "$tcl_cv_cast_to_union" >&6; } if test "$tcl_cv_cast_to_union" = "yes"; then @@ -8162,12 +8367,12 @@ tcl_flags="" if test ${tcl_cv_flag__isoc99_source+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) { @@ -8177,12 +8382,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__isoc99_source=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _ISOC99_SOURCE 1 #include int main (void) @@ -8193,16 +8398,19 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__isoc99_source=yes -else $as_nop - tcl_cv_flag__isoc99_source=no +else case e in #( + e) tcl_cv_flag__isoc99_source=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_flag__isoc99_source}" = "xyes" ; then printf "%s\n" "#define _ISOC99_SOURCE 1" >>confdefs.h @@ -8213,12 +8421,12 @@ if test "${TCL_MAJOR_VERSION}" -ne 8 ; then if test ${tcl_cv_flag__file_offset_bits+y} then : printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) { @@ -8228,12 +8436,12 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__file_offset_bits=no -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include int main (void) @@ -8244,16 +8452,19 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_flag__file_offset_bits=yes -else $as_nop - tcl_cv_flag__file_offset_bits=no +else case e in #( + e) tcl_cv_flag__file_offset_bits=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_flag__file_offset_bits}" = "xyes" ; then printf "%s\n" "#define _FILE_OFFSET_BITS 64" >>confdefs.h @@ -8274,12 +8485,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit integer type" >&5 printf %s "checking for 64-bit integer type... " >&6; } if test ${tcl_cv_type_64bit+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) tcl_cv_type_64bit=none # See if the compiler knows natively about __int64 cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8292,35 +8503,37 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_type_64bit=__int64 -else $as_nop - tcl_type_64bit="long long" +else case e in #( + e) tcl_type_64bit="long long" ;; +esac fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # See if we could use long anyway Note that we substitute in the # type that is our current guess for a 64-bit type inside this check # program, so it should be modified only carefully... - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { switch (0) { - case 1: case (sizeof(${tcl_type_64bit})==sizeof(long)): ; - } + case 1: case (sizeof(${tcl_type_64bit})==sizeof(long)): ; + } ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_type_64bit=${tcl_type_64bit} fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "${tcl_cv_type_64bit}" = none ; then printf "%s\n" "#define TCL_WIDE_INT_IS_LONG 1" >>confdefs.h @@ -8345,12 +8558,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64-bit time_t" >&5 printf %s "checking for 64-bit time_t... " >&6; } if test ${tcl_cv_time_t_64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8361,14 +8574,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_time_t_64=yes -else $as_nop - tcl_cv_time_t_64=no +else case e in #( + e) tcl_cv_time_t_64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_time_t_64" >&5 printf "%s\n" "$tcl_cv_time_t_64" >&6; } if test "x${tcl_cv_time_t_64}" = "xno" ; then # Note that _TIME_BITS=64 requires _FILE_OFFSET_BITS=64 @@ -8376,12 +8591,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if _TIME_BITS=64 enables 64-bit time_t" >&5 printf %s "checking if _TIME_BITS=64 enables 64-bit time_t... " >&6; } if test ${tcl_cv__time_bits+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _TIME_BITS 64 #include int @@ -8393,14 +8608,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv__time_bits=yes -else $as_nop - tcl_cv__time_bits=no +else case e in #( + e) tcl_cv__time_bits=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv__time_bits" >&5 printf "%s\n" "$tcl_cv__time_bits" >&6; } if test "x${tcl_cv__time_bits}" = "xyes" ; then @@ -8413,12 +8630,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct dirent64" >&5 printf %s "checking for struct dirent64... " >&6; } if test ${tcl_cv_struct_dirent64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int @@ -8430,14 +8647,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_struct_dirent64=yes -else $as_nop - tcl_cv_struct_dirent64=no +else case e in #( + e) tcl_cv_struct_dirent64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_struct_dirent64" >&5 printf "%s\n" "$tcl_cv_struct_dirent64" >&6; } if test "x${tcl_cv_struct_dirent64}" = "xyes" ; then @@ -8448,32 +8667,34 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DIR64" >&5 printf %s "checking for DIR64... " >&6; } if test ${tcl_cv_DIR64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main (void) { struct dirent64 *p; DIR64 d = opendir64("."); - p = readdir64(d); rewinddir64(d); closedir64(d); + p = readdir64(d); rewinddir64(d); closedir64(d); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_DIR64=yes -else $as_nop - tcl_cv_DIR64=no +else case e in #( + e) tcl_cv_DIR64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_DIR64" >&5 printf "%s\n" "$tcl_cv_DIR64" >&6; } if test "x${tcl_cv_DIR64}" = "xyes" ; then @@ -8484,12 +8705,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct stat64" >&5 printf %s "checking for struct stat64... " >&6; } if test ${tcl_cv_struct_stat64+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8501,14 +8722,16 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_struct_stat64=yes -else $as_nop - tcl_cv_struct_stat64=no +else case e in #( + e) tcl_cv_struct_stat64=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcl_cv_struct_stat64" >&5 printf "%s\n" "$tcl_cv_struct_stat64" >&6; } if test "x${tcl_cv_struct_stat64}" = "xyes" ; then @@ -8532,12 +8755,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for off64_t" >&5 printf %s "checking for off64_t... " >&6; } if test ${tcl_cv_type_off64_t+y} then : printf %s "(cached) " >&6 -else $as_nop - +else case e in #( + e) cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main (void) @@ -8549,19 +8772,21 @@ } _ACEOF if ac_fn_c_try_compile "$LINENO" then : tcl_cv_type_off64_t=yes -else $as_nop - tcl_cv_type_off64_t=no +else case e in #( + e) tcl_cv_type_off64_t=no ;; +esac fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ;; +esac fi if test "x${tcl_cv_type_off64_t}" = "xyes" && \ - test "x${ac_cv_func_lseek64}" = "xyes" && \ - test "x${ac_cv_func_open64}" = "xyes" ; then + test "x${ac_cv_func_lseek64}" = "xyes" && \ + test "x${ac_cv_func_open64}" = "xyes" ; then printf "%s\n" "#define HAVE_TYPE_OFF64_T 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } @@ -8583,12 +8808,13 @@ printf %s "checking for build with symbols... " >&6; } # Check whether --enable-symbols was given. if test ${enable_symbols+y} then : enableval=$enable_symbols; tcl_ok=$enableval -else $as_nop - tcl_ok=no +else case e in #( + e) tcl_ok=no ;; +esac fi if test "$tcl_ok" = "no"; then CFLAGS_DEFAULT="${CFLAGS_OPTIMIZE} -DNDEBUG" LDFLAGS_DEFAULT="${LDFLAGS_OPTIMIZE}" @@ -8641,18 +8867,18 @@ # depends on values set by the TEA_ENABLE_SHARED, TEA_ENABLE_SYMBOLS, # and TEA_LOAD_TCLCONFIG macros above. #-------------------------------------------------------------------- -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -printf %s "checking for grep that handles long lines and -e... " >&6; } -if test ${ac_cv_path_GREP+y} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep -e" >&5 +printf %s "checking for egrep -e... " >&6; } +if test ${ac_cv_path_EGREP_TRADITIONAL+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then - ac_path_GREP_found=false +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS @@ -8662,69 +8888,59 @@ *) as_dir=$as_dir/ ;; esac for ac_prog in grep ggrep do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( *GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - printf "%s\n" 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" -E 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - $ac_path_GREP_found && break 3 + $ac_path_EGREP_TRADITIONAL_found && break 3 done done done IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -printf "%s\n" "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -printf %s "checking for egrep... " >&6; } -if test ${ac_cv_path_EGREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then + : + fi +else + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + + if test "$ac_cv_path_EGREP_TRADITIONAL" +then : + ac_cv_path_EGREP_TRADITIONAL="$ac_cv_path_EGREP_TRADITIONAL -E" +else case e in #( + e) if test -z "$EGREP_TRADITIONAL"; then + ac_path_EGREP_TRADITIONAL_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS @@ -8734,58 +8950,60 @@ *) as_dir=$as_dir/ ;; esac for ac_prog in egrep do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in + ac_path_EGREP_TRADITIONAL="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP_TRADITIONAL" || continue +# Check for GNU ac_path_EGREP_TRADITIONAL and select it if it is found. + # Check for GNU $ac_path_EGREP_TRADITIONAL +case `"$ac_path_EGREP_TRADITIONAL" --version 2>&1` in #( *GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" ac_path_EGREP_TRADITIONAL_found=:;; +#( *) ac_count=0 printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + printf "%s\n" 'EGREP_TRADITIONAL' >> "conftest.nl" + "$ac_path_EGREP_TRADITIONAL" 'EGR(EP|AC)_TRADITIONAL$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then + if test $ac_count -gt ${ac_path_EGREP_TRADITIONAL_max-0}; then # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count + ac_cv_path_EGREP_TRADITIONAL="$ac_path_EGREP_TRADITIONAL" + ac_path_EGREP_TRADITIONAL_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac - $ac_path_EGREP_found && break 3 + $ac_path_EGREP_TRADITIONAL_found && break 3 done done done IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then + if test -z "$ac_cv_path_EGREP_TRADITIONAL"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -printf "%s\n" "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - + ac_cv_path_EGREP_TRADITIONAL=$EGREP_TRADITIONAL +fi + ;; +esac +fi ;; +esac +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP_TRADITIONAL" >&5 +printf "%s\n" "$ac_cv_path_EGREP_TRADITIONAL" >&6; } + EGREP_TRADITIONAL=$ac_cv_path_EGREP_TRADITIONAL if test "${TEA_PLATFORM}" = "windows" -a "$GCC" != "yes"; then MAKE_STATIC_LIB="\${STLIB_LD} -out:\$@ \$(PKG_OBJECTS)" MAKE_SHARED_LIB="\${SHLIB_LD} \${LDFLAGS} \${LDFLAGS_DEFAULT} -out:\$@ \$(PKG_OBJECTS) \${SHLIB_LD_LIBS}" @@ -8796,11 +9014,11 @@ print("manifest needed") #endif _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "manifest needed" >/dev/null 2>&1 + $EGREP_TRADITIONAL "manifest needed" >/dev/null 2>&1 then : # Could do a CHECK_PROG for mt, but should always be with MSVC8+ VC_MANIFEST_EMBED_DLL="if test -f \$@.manifest ; then mt.exe -nologo -manifest \$@.manifest -outputresource:\$@\;2 ; fi" VC_MANIFEST_EMBED_EXE="if test -f \$@.manifest ; then mt.exe -nologo -manifest \$@.manifest -outputresource:\$@\;1 ; fi" @@ -8831,17 +9049,22 @@ # substituted. (@@@ Might not be necessary anymore) #-------------------------------------------------------------------- PACKAGE_LIB_PREFIX8="${PACKAGE_LIB_PREFIX}" PACKAGE_LIB_PREFIX9="${PACKAGE_LIB_PREFIX}tcl9" - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then PACKAGE_LIB_PREFIX="${PACKAGE_LIB_PREFIX9}" else PACKAGE_LIB_PREFIX="${PACKAGE_LIB_PREFIX8}" printf "%s\n" "#define TCL_MAJOR_VERSION 8" >>confdefs.h + fi + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tk8}" != x; then + +printf "%s\n" "#define TK_MAJOR_VERSION 8" >>confdefs.h + fi if test "${TEA_PLATFORM}" = "windows" ; then if test "${SHARED_BUILD}" = "1" ; then # We force the unresolved linking of symbols that are really in # the private libraries of Tcl and Tk. @@ -8862,11 +9085,11 @@ eval eval "PKG_LIB_FILE8=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi if test "$GCC" = "yes"; then @@ -8890,11 +9113,11 @@ eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi fi @@ -8921,20 +9144,20 @@ # This marco includes the TCL TLS specific functions to set the # OpenSSL or LibreSSL config. #-------------------------------------------------------------------- - if test -n "$ac_tool_prefix"; then + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$PKG_CONFIG"; then +else case e in #( + e) if test -n "$PKG_CONFIG"; then ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -8952,11 +9175,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi PKG_CONFIG=$ac_cv_prog_PKG_CONFIG if test -n "$PKG_CONFIG"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 printf "%s\n" "$PKG_CONFIG" >&6; } @@ -8974,12 +9198,12 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 printf %s "checking for $ac_word... " >&6; } if test ${ac_cv_prog_ac_ct_PKG_CONFIG+y} then : printf %s "(cached) " >&6 -else $as_nop - if test -n "$ac_ct_PKG_CONFIG"; then +else case e in #( + e) if test -n "$ac_ct_PKG_CONFIG"; then ac_cv_prog_ac_ct_PKG_CONFIG="$ac_ct_PKG_CONFIG" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do @@ -8997,11 +9221,12 @@ fi done done IFS=$as_save_IFS -fi +fi ;; +esac fi ac_ct_PKG_CONFIG=$ac_cv_prog_ac_ct_PKG_CONFIG if test -n "$ac_ct_PKG_CONFIG"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_PKG_CONFIG" >&5 printf "%s\n" "$ac_ct_PKG_CONFIG" >&6; } @@ -9023,16 +9248,38 @@ fi else PKG_CONFIG="$ac_cv_prog_PKG_CONFIG" fi + + # Check whether --enable-ssl3 was given. +if test ${enable_ssl3+y} +then : + enableval=$enable_ssl3; + if test "$enableval" == "no"; then + +printf "%s\n" "#define NO_SSL3 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable SSL3 protocol" >&5 +printf %s "checking for disable SSL3 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + fi + +else case e in #( + e) +printf "%s\n" "#define NO_SSL3 1" >>confdefs.h + ;; +esac +fi + # Check whether --enable-tls1 was given. if test ${enable_tls1+y} then : enableval=$enable_tls1; - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then printf "%s\n" "#define NO_TLS1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1 protocol" >&5 printf %s "checking for disable TLS1 protocol... " >&6; } @@ -9045,11 +9292,11 @@ # Check whether --enable-tls1_1 was given. if test ${enable_tls1_1+y} then : enableval=$enable_tls1_1; - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.1 protocol" >&5 printf %s "checking for disable TLS1.1 protocol... " >&6; } @@ -9062,11 +9309,11 @@ # Check whether --enable-tls1_2 was given. if test ${enable_tls1_2+y} then : enableval=$enable_tls1_2; - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.2 protocol" >&5 printf %s "checking for disable TLS1.2 protocol... " >&6; } @@ -9079,11 +9326,11 @@ # Check whether --enable-tls1_3 was given. if test ${enable_tls1_3+y} then : enableval=$enable_tls1_3; - if test "${enableval}" = "no"; then + if test "$enableval" == "no"; then printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.3 protocol" >&5 printf %s "checking for disable TLS1.3 protocol... " >&6; } @@ -9092,24 +9339,49 @@ fi fi + + # Check whether --enable-debug was given. +if test ${enable_debug+y} +then : + enableval=$enable_debug; + tcltls_debug_mode="$enableval" + +else case e in #( + e) + tcltls_debug_mode='no' + ;; +esac +fi + + if test "$tcltls_debug_mode" == 'yes'; then + +printf "%s\n" "#define TCLEXT_TCLTLS_DEBUG 1" >>confdefs.h + + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for debug mode" >&5 +printf %s "checking for debug mode... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_debug_mode" >&5 +printf "%s\n" "$tcltls_debug_mode" >&6; } + # Check whether --enable-ssl-fastpath was given. if test ${enable_ssl_fastpath+y} then : enableval=$enable_ssl_fastpath; tcltls_ssl_fastpath="$enableval" -else $as_nop - +else case e in #( + e) tcltls_ssl_fastpath='no' - + ;; +esac fi - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fast path" >&5 @@ -9122,18 +9394,19 @@ if test ${enable_hardening+y} then : enableval=$enable_hardening; tcltls_enable_hardening="$enableval" -else $as_nop - +else case e in #( + e) tcltls_enable_hardening='yes' - + ;; +esac fi - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then PKG_CFLAGS="$PKG_CFLAGS -fstack-protector-all" @@ -9155,14 +9428,15 @@ if test ${enable_static_ssl+y} then : enableval=$enable_static_ssl; TCLEXT_TLS_STATIC_SSL="$enableval" -else $as_nop - +else case e in #( + e) TCLEXT_TLS_STATIC_SSL='no' - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for static linking of openSSL libraries" >&5 printf %s "checking for static linking of openSSL libraries... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $TCLEXT_TLS_STATIC_SSL" >&5 @@ -9174,15 +9448,16 @@ if test ${with_openssl_dir+y} then : withval=$with_openssl_dir; openssldir="$withval" -else $as_nop - +else case e in #( + e) openssldir='' - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL directory" >&5 printf %s "checking for OpenSSL directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssldir" >&5 @@ -9193,37 +9468,36 @@ if test ${with_openssl_includedir+y} then : withval=$with_openssl_includedir; opensslincludedir="$withval" -else $as_nop - - if test ! -z "$openssldir"; then +else case e in #( + e) + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL include directory" >&5 printf %s "checking for OpenSSL include directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslincludedir" >&5 printf "%s\n" "$opensslincludedir" >&6; } - if test ! -z "$opensslincludedir"; then - if test -f "$opensslincludedir/openssl/ssl.h"; then + if test -n "$opensslincludedir"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 +printf %s "checking for ssl.h... " >&6; } + if test -f "${opensslincludedir}/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 -printf %s "checking for ssl.h... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 -printf %s "checking for ssl.h... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } as_fn_error $? "Unable to locate ssl.h" "$LINENO" 5 fi fi @@ -9233,42 +9507,43 @@ if test ${with_openssl_libdir+y} then : withval=$with_openssl_libdir; openssllibdir="$withval" -else $as_nop - - if test ! -z "$openssldir"; then - if test "$do64bit" == 'yes'; then +else case e in #( + e) + if test -n "$openssldir"; then + if test "$do64bit" == 'yes' -a -d ${openssldir}/lib64; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi else openssllibdir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL lib directory" >&5 printf %s "checking for OpenSSL lib directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssllibdir" >&5 printf "%s\n" "$openssllibdir" >&6; } - if test ! -z "$openssllibdir"; then - if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then + if test "$TCLEXT_TLS_STATIC_SSL" == 'no'; then + LIBEXT=${SHLIB_SUFFIX} + else + LIBEXT='.a' + fi + + if test -f "${openssllibdir}/libssl${LIBEXT}"; then + SSL_LIBS_PATH="-L$openssllibdir" else - as_fn_error $? "Unable to locate libssl${SHLIB_SUFFIX}" "$LINENO" 5 + as_fn_error $? "Unable to locate libssl${LIBEXT}" "$LINENO" 5 fi fi # Check whether --with-openssl-pkgconfig was given. @@ -9275,66 +9550,78 @@ if test ${with_openssl_pkgconfig+y} then : withval=$with_openssl_pkgconfig; opensslpkgconfigdir="$withval" -else $as_nop - +else case e in #( + e) if test -d ${libdir}/../pkgconfig; then opensslpkgconfigdir="$libdir/../pkgconfig" else opensslpkgconfigdir='' fi - + ;; +esac fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL pkgconfig" >&5 printf %s "checking for OpenSSL pkgconfig... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslpkgconfigdir" >&5 printf "%s\n" "$opensslpkgconfigdir" >&6; } - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - if test -n "${PKG_CONFIG}"; then + if test -n "$PKG_CONFIG" -a -z "$openssldir" -a -z "$opensslincludedir" -a -z "$openssllibdir"; then + USE_PKG_CONFIG=`"${PKG_CONFIG}" --list-all | grep openssl` + + if test -n "$USE_PKG_CONFIG"; then PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" - if test -n "${opensslpkgconfigdir}"; then + if test -n "$opensslpkgconfigdir"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then as_fn_error $? "Unable to locate ${opensslpkgconfigdir}/openssl.pc" "$LINENO" 5 fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "$SHARED_BUILD" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_INCLUDES"; then TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" + fi fi - - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi - if test -z "$TCLTLS_SSL_CFLAGS"; then + if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi + fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "$TCLEXT_TLS_STATIC_SSL" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + # HPUX: -Wl,-a,archive ... -Wl,-a,shared_archive + fi fi @@ -9407,41 +9694,41 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tclsh" >&5 printf %s "checking for tclsh... " >&6; } if test -f "${TCL_BIN_DIR}/Makefile" ; then - # tclConfig.sh is in Tcl build directory - if test "${TEA_PLATFORM}" = "windows"; then - if test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" - fi - else - TCLSH_PROG="${TCL_BIN_DIR}/tclsh" - fi - else - # tclConfig.sh is in install location - if test "${TEA_PLATFORM}" = "windows"; then - TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" - else - TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}.${TCL_MINOR_VERSION}" - fi - list="`ls -d ${TCL_BIN_DIR}/../bin 2>/dev/null` \ - `ls -d ${TCL_BIN_DIR}/.. 2>/dev/null` \ - `ls -d ${TCL_PREFIX}/bin 2>/dev/null`" - for i in $list ; do - if test -f "$i/${TCLSH_PROG}" ; then - REAL_TCL_BIN_DIR="`cd "$i"; pwd`/" - break - fi - done - TCLSH_PROG="${REAL_TCL_BIN_DIR}${TCLSH_PROG}" + # tclConfig.sh is in Tcl build directory + if test "${TEA_PLATFORM}" = "windows"; then + if test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" + fi + else + TCLSH_PROG="${TCL_BIN_DIR}/tclsh" + fi + else + # tclConfig.sh is in install location + if test "${TEA_PLATFORM}" = "windows"; then + TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" + else + TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}.${TCL_MINOR_VERSION}" + fi + list="`ls -d ${TCL_BIN_DIR}/../bin 2>/dev/null` \ + `ls -d ${TCL_BIN_DIR}/.. 2>/dev/null` \ + `ls -d ${TCL_PREFIX}/bin 2>/dev/null`" + for i in $list ; do + if test -f "$i/${TCLSH_PROG}" ; then + REAL_TCL_BIN_DIR="`cd "$i"; pwd`/" + break + fi + done + TCLSH_PROG="${REAL_TCL_BIN_DIR}${TCLSH_PROG}" fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${TCLSH_PROG}" >&5 printf "%s\n" "${TCLSH_PROG}" >&6; } @@ -9477,12 +9764,12 @@ # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # -# `ac_cv_env_foo' variables (set or unset) will be overridden when -# loading this file, other *unset* `ac_cv_foo' will be assigned the +# 'ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* 'ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, @@ -9508,18 +9795,18 @@ done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) - # `set' does not quote correctly, so add quotes: double-quote + # 'set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) - # `set' quotes correctly as required by POSIX, so do not add quotes. + # 'set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | @@ -9579,13 +9866,11 @@ t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote -s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g -s/\[/\\&/g -s/\]/\\&/g +s/[][ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\$/$$/g H :any ${ g @@ -9642,25 +9927,25 @@ ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -as_nop=: if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else $as_nop - case `(set -o) 2>/dev/null` in #( +else case e in #( + e) case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; +esac ;; esac fi @@ -9728,11 +10013,11 @@ done IFS=$as_save_IFS ;; esac -# We did not find ourselves, most probably we were run as `sh COMMAND' +# We did not find ourselves, most probably we were run as 'sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then @@ -9755,11 +10040,10 @@ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error - # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -9797,15 +10081,16 @@ then : eval 'as_fn_append () { eval $1+=\$2 }' -else $as_nop - as_fn_append () +else case e in #( + e) as_fn_append () { eval $1=\$$1\$2 - } + } ;; +esac fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the @@ -9815,15 +10100,16 @@ then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else $as_nop - as_fn_arith () +else case e in #( + e) as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` - } + } ;; +esac fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then @@ -9902,13 +10188,13 @@ fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: - # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. - # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. - # In both cases, we have to default to `cp -pR'. + # 1) On MSYS, both 'ln -s file dir' and 'ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; 'ln -s' creates a wrapper executable. + # In both cases, we have to default to 'cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else @@ -9985,14 +10271,16 @@ } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. -as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" +as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g" +as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated # Sed expression to map a string onto a valid variable name. -as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" +as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g" +as_tr_sh="eval sed '$as_sed_sh'" # deprecated exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## @@ -10004,11 +10292,11 @@ # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by tls $as_me 1.8.0, which was -generated by GNU Autoconf 2.71. Invocation command line was +generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS @@ -10031,11 +10319,11 @@ _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ -\`$as_me' instantiates files and other configuration actions +'$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... @@ -10059,14 +10347,14 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ tls config.status 1.8.0 -configured by $0, generated by GNU Autoconf 2.71, +configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" -Copyright (C) 2021 Free Software Foundation, Inc. +Copyright (C) 2023 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' @@ -10119,12 +10407,12 @@ -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. - -*) as_fn_error $? "unrecognized option: \`$1' -Try \`$0 --help' for more information." ;; + -*) as_fn_error $? "unrecognized option: '$1' +Try '$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac @@ -10171,11 +10459,11 @@ do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "pkgIndex.tcl") CONFIG_FILES="$CONFIG_FILES pkgIndex.tcl" ;; - *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + *) as_fn_error $? "invalid argument: '$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, @@ -10189,11 +10477,11 @@ # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: -# after its creation but before its name has been assigned to `$tmp'. +# after its creation but before its name has been assigned to '$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" @@ -10213,11 +10501,11 @@ } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. -# This happens for instance with `./config.status config.h'. +# This happens for instance with './config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. @@ -10379,11 +10667,11 @@ case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; - :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :L* | :C*:*) as_fn_error $? "invalid tag '$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: @@ -10401,23 +10689,23 @@ do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, - # because $ac_f cannot contain `:'. + # because $ac_f cannot contain ':'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || - as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + as_fn_error 1 "cannot find input file: '$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done - # Let's still pretend it is `configure' which instantiates (i.e., don't + # Let's still pretend it is 'configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' @@ -10537,11 +10825,11 @@ s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF -# Neutralize VPATH when `$srcdir' = `.'. +# Neutralize VPATH when '$srcdir' = '.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub @@ -10566,13 +10854,13 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable 'datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -1,19 +1,16 @@ #!/bin/bash -norc dnl This file is an input file used by the GNU "autoconf" program to dnl generate the file "configure", which is run during Tcl installation dnl to configure the system for the local environment. -# #----------------------------------------------------------------------- # This is the configure.ac for the TclTLS extension. The only places you # should need to modify this file are marked by the string __CHANGE__. #----------------------------------------------------------------------- #----------------------------------------------------------------------- -# Set your package name and version numbers here. -# # This initializes the environment with PACKAGE_NAME and PACKAGE_VERSION # set as provided. These will also be added as -D defs in your Makefile # so you can encode the package version directly into the source files. # This will also define a special symbol for Windows (BUILD_ # so that we create the export library with the dll. @@ -60,11 +57,10 @@ #----------------------------------------------------------------------- TEA_SETUP_COMPILER #----------------------------------------------------------------------- -# __CHANGE__ # Specify the C source files to compile in TEA_ADD_SOURCES, # public headers that need to be installed in TEA_ADD_HEADERS, # stub library C source files to compile in TEA_ADD_STUB_SOURCES, # and runtime Tcl library files in TEA_ADD_TCL_SOURCES. # This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS @@ -75,30 +71,28 @@ TEA_ADD_HEADERS([generic/tls.h]) TEA_ADD_INCLUDES([]) TEA_ADD_LIBS([]) TEA_ADD_CFLAGS([]) TEA_ADD_STUB_SOURCES([]) -TEA_ADD_TCL_SOURCES([library/tls.tcl]) +TEA_ADD_TCL_SOURCES([library/tls.tcl license.terms README.txt]) #-------------------------------------------------------------------- -# # You can add more files to clean if your extension creates any extra # files by extending CLEANFILES. # Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # # A few miscellaneous platform-specific items: # TEA_ADD_* any platform specific compiler/build info here. #-------------------------------------------------------------------- -CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms" +TEA_ADD_CLEANFILES([pkgIndex.tcl generic/tls.tcl.h tlsUuid.h]) + if test "${TEA_PLATFORM}" = "windows" ; then - AC_DEFINE(BUILD_tls) - AC_DEFINE(WINDOWS) - CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch" + TEA_ADD_CLEANFILES([*.lib *.dll *.exp *.ilk *.pdb vc*.pch]) else - CLEANFILES="pkgIndex.tcl *.so" + TEA_ADD_CLEANFILES([*.so]) fi AC_SUBST(CLEANFILES) #-------------------------------------------------------------------- # Choose which headers you need. Extension authors should try very Index: doc/tls.html ================================================================== --- doc/tls.html +++ doc/tls.html @@ -7,55 +7,62 @@ -

Tcl Tls Extension Documentation

+

TCL Tls Extension Documentation

NAME
tls - binding to OpenSSL library - for socket and I/O channel communications.
+ for encrypted socket and I/O channel communications.
SYNOPSIS
-
package require Tcl ?8.5?
-
package require tls
-
 
-
tls::init ?options?
-
tls::socket ?options? host port
-
tls::socket ?-server command? ?options? port
-
tls::handshake channel
-
tls::status ?-local? channel
-
tls::connection channel
-
tls::import channel ?options?
-
tls::unimport channel
-
 
-
tls::protocols
-
tls::version
-
-
+
package require Tcl ?8.5-?
+
package require tls ?1.8-?
+
 
+
tls::init ?options?
+
tls::socket ?options? host port
+
tls::socket ?-server command? ?options? port
+
tls::handshake channel
+
tls::status ?-local? channel
+
tls::connection channel
+
tls::import channel ?options?
+
tls::unimport channel
+
 
+
tls::ciphers ?protocol? ?verbose? ?supported?
+
tls::protocols
+
tls::version
+
COMMANDS
+
CERTIFICATE VALIDATION
CALLBACK OPTIONS
+
DEBUG
HTTPS EXAMPLE
-
SPECIAL CONSIDERATIONS
-
SEE ALSO
+
SPECIAL CONSIDERATIONS
+
See Also
+
KEYWORDS
+

NAME

tls - binding to OpenSSL library -for socket and I/O channel communications.

+for encrypted socket and I/O channel communications.

+
+ +

SYNOPSIS

-

package require Tcl ?8.5?
-package require tls
+

package require Tcl ?8.5-?
+package require tls ?1.8-?

tls::init ?options?
tls::socket ?options? host port
tls::socket ?-server command? ?options? port
tls::status ?-local? channel
@@ -62,196 +69,207 @@ tls::connection channel
tls::handshake channel
tls::import channel ?options?
tls::unimport channel

+tls::ciphers ?protocol? ?verbose? ?supported?
tls::protocols
tls::version

+
+ +

DESCRIPTION

This extension provides TCL script access to secure socket communications using the Transport Layer Security (TLS) protocol. It provides a generic -binding to OpenSSL, utilizing the -Tcl_StackChannel API in Tcl 8.4 and higher. +binding to OpenSSL, utilizing the +Tcl_StackChannel API in TCL 8.4 and higher. These sockets behave exactly the same as channels created using the built-in socket command, along with additional options for controlling -the SSL session. +the SSL/TLS session.

+
+ +

COMMANDS

Typically one would use the tls::socket command -which provides compatibility with the native Tcl socket +which provides compatibility with the native TCL socket command. In such cases tls::import should not be used directly.

-
tls::init ?options?
Optional function to set the default options used by tls::socket. If you call tls::import - directly this routine has no effect. Any of the options - that tls::socket accepts can be set - using this command, though you should limit your options - to only TLS related ones.
+ directly, this command has no effect. This command supports all of the + same options as the tls::socket command, though you + should limit your options to only TLS related ones.
 
tls::socket ?options? host port
tls::socket ?-server command? ?options? port
-
This is a helper function that utilizes the underlying - commands (tls::import). It behaves - exactly the same as the native Tcl socket - command except the options can also include any of the - applicable tls:import - options with one additional option:
-
-
+
This is a helper function that utilizes the underlying commands + (socket and tls::import) to create + the connection. It behaves the same as the native TCL socket + command, but also supports the tls:import + command options and one additional option:
+
-autoservername bool
Automatically set the -servername argument to the host - argument (default is false).
-
-
+ argument (default is false). +
tls::import channel ?options?
-
Add SSL/TLS encryption to a regular Tcl channel. It need +
Add SSL/TLS encryption to a regular TCL channel. It need not be a socket, but must provide bi-directional flow. Also set session parameters for SSL handshake.
- -
-
+
-alpn list
List of protocols to offer during Application-Layer Protocol Negotiation (ALPN). For example: h2 and http/1.1, but not h3 or quic.
-cadir dir
-
Set the CA certificates path. The default directory is platform - specific and can be set at compile time. This can be overridden - via the SSL_CERT_DIR environment variable.
+
Specifies the directory where the Certificate Authority (CA) + certificates are stored. The default is platform specific and can be + set at compile time. The default location can be overridden via the + SSL_CERT_DIR environment variable. + See CERTIFICATE VALIDATION.
-cafile filename
-
Set the certificate authority (CA) certificates file. The default - is the cert.pem file in the OpsnSSL directory. This can also be - overridden via the SSL_CERT_FILE environment variable.
+
Specifies the file with the Certificate Authority (CA) certificates + to use. The default is cert.pem, in the OpenSSL directory. + The default file can be overridden via the SSL_CERT_FILE + environment variable. + See CERTIFICATE VALIDATION.
+
-castore URI
+
URI for a Certificate Authority (CA) store, which may be a single + container or a catalog of containers. Starting with OpenSSL 3.2 on + Windows, set to "org.openssl.winstore://" to use the built-in + Windows Cert Store. The Windows cert store only supports root + certificate stores. + See CERTIFICATE VALIDATION.
-certfile filename
-
Specify the filename with the certificate to use.
-
-cert filename
-
Specify the contents of a certificate to use, as a DER - encoded binary value (X.509 DER).
+
Specifies the file with the certificate to use in PEM format. + This also contains the public key.
+
-cert binary_string
+
Specifies the certificate to use as a DER encoded string (X.509 DER).
-cipher string
-
List of ciphers to use. String is a colon (":") separated list - of ciphers. Ciphers can be combined - using the + character. Prefixes can be used to permanently - remove ("!"), delete ("-"), or move a cypher to the end of - the list ("+"). Keywords @STRENGTH (sort by algorithm - key length), @SECLEVEL=n (set security level to - n), and DEFAULT (use default cipher list, at start only) - can also be specified. See OpenSSL documentation for the full - list of valid values. (TLS 1.2 and earlier only)
+
Specifies the list of ciphers to use for TLS 1.2 and earlier. String is a + colon (":") separated list of ciphers. Ciphers can be combined using the + + character. Prefixes can be used to permanently remove ("!"), + delete ("-"), or move a cipher to the end of the list ("+"). Keywords + @STRENGTH (sort by algorithm key length), @SECLEVEL=n + (set security level to n), and DEFAULT (use default cipher list, + at start only) can also be specified. See OpenSSL documentation for the + full list of valid values.
-ciphersuites string
-
List of cipher suites to use. String is a colon (":") - separated list of cipher suite names. (TLS 1.3 only)
+
Specifies the list of cipher suites to use for TLS 1.3. String is a colon + (":") separated list of cipher suite names.
-command callback
-
Callback command to invoke at several points during the handshake. - This is used to pass errors and tracing information, and - it can allow Tcl scripts to perform their own certificate - validation in place of the default validation provided by - OpenSSL. See CALLBACK OPTIONS - for further discussion.
+
Specifies the callback command to be invoked at several points during the + handshake to pass errors, tracing information, and protocol messages. + See CALLBACK OPTIONS for more info.
-dhparams filename
-
Specify the Diffie-Hellman parameters file.
+
Specifies the Diffie-Hellman (DH) parameters file.
-keyfile filename
-
Specify the private key file. (default is - value of -certfile)
+
Specifies the private key file. (default is value of -certfile).
-key filename
-
Specify the private key to use as a DER encoded value (PKCS#1 DER)
+
Specifies the private key to use as a DER encoded string (PKCS#1 DER).
-model channel
Force this channel to share the same SSL_CTX structure as the specified channel, and therefore share callbacks etc.
-password callback
-
Callback command to invoke when OpenSSL needs to obtain a password. - Typically used to unlock the private key of a certificate. The - callback should return a string which represents the password - to be used. See CALLBACK OPTIONS - for further discussion.
+
Specifies the callback command to invoke when OpenSSL needs to + obtain a password. This is typically used to unlock the private key of + a certificate. The callback should return a password string. + See CALLBACK OPTIONS for more info.
-post_handshake bool
-
Allow post-handshake ticket updates.
+
Allow post-handshake session ticket updates.
-request bool
-
Request a certificate from peer during SSL handshake. - (default is true)
+
Request a certificate from peer during the SSL handshake. This is + needed to do certificate validation. (default is true). + See CERTIFICATE VALIDATION.
-require bool
-
Require a valid certificate from peer during SSL handshake. - If this is set to true, then -request must - also be set to true and a either a -cadir, -cafile, or platform - default must be provided in order to validate against. - (default is false)
+
Require a valid certificate from peer during SSL handshake. If this + is set to true, then -request must also be set to + true and a either a -cadir, -cafile, -castore, or platform default + must be provided in order to validate against. (default is false). + See CERTIFICATE VALIDATION.
-security_level integer
-
Set security level. Must be 0 to 5. The security level affects - the cipher suite encryption algorithms, supported ECC curves, - supported signature algorithms, DH parameter sizes, certificate - key sizes and signature algorithms. The default is 1. - Level 3 and higher disable support for session tickets and only - accept cipher suites that provide forward secrecy.
+
Specifies the security level (value from 0 to 5). The security level + affects the cipher suite encryption algorithms, supported ECC curves, + supported signature algorithms, DH parameter sizes, certificate key + sizes and signature algorithms. The default is 1 prior to OpenSSL 3.2 + and 2 thereafter. Level 3 and higher disable support for session + tickets and only accept cipher suites that provide forward secrecy.
-server bool
-
Set to act as a server and respond with a server handshake when - a client connects and provides a client handshake. +
Specifies whether to act as a server and respond with a server + handshake when a client connects and provides a client handshake. (default is false)
-servername host
-
Specify server's hostname. Used to set the TLS 'Server Name - Indication' (SNI) extension. Set to the expected servername - in the server's certificate or one of the subjectAltName - alternates.
+
Specify server's hostname. This is used to set the TLS Server Name + Indication (SNI) extension. Set this to the expected servername in the + server's certificate or one of the subjectAltName alternates.
-session_id string
-
Session id to resume session.
+
Specifies the session id to resume session.
-ssl2 bool
-
Enable use of SSL v2. (default is false)
+
Enable use of SSL v2. (default is false). + Note: Recent versions of OpenSSL don't support SSLv2.
-ssl3 bool
-
Enable use of SSL v3. (default is false)
+
Enable use of SSL v3. (default is false). + Note: SSL v3 must also be enabled with a compile time option.
-tls1 bool
-
Enable use of TLS v1. (default is true)
+
Enable use of TLS v1. (default is true). + Note: TLS 1.0 needs SHA1 to operate, which is only available in + security level 0 for Open SSL 3.0+.
-tls1.1 bool
-
Enable use of TLS v1.1 (default is true)
+
Enable use of TLS v1.1 (default is true). + Note: TLS 1.1 needs SHA1 to operate, which is only available in + security level 0 for Open SSL 3.0+.
-tls1.2 bool
Enable use of TLS v1.2 (default is true)
-tls1.3 bool
Enable use of TLS v1.3 (default is true)
-validatecommand callback
-
Callback command to invoke to verify or validate protocol config - parameters during the protocol negotiation phase. See - CALLBACK OPTIONS - for further discussion.
-
-
- +
Specifies the callback command to invoke to validate protocol + config parameters during the protocol negotiation phase. This can be + used by TCL scripts to perform their own certificate validation to + supplement the default validation provided by OpenSSL. The script must + return a boolean true to continue the negotiation. See + CALLBACK OPTIONS for more info.
+
tls::unimport channel
Provided for symmetry to tls::import, this - unstacks the encryption of a regular Tcl channel. An error - is thrown if TLS is not the top stacked channel type.
+ unstacks the encryption of a regular TCL channel. An error + is thrown if TLS is not the top stacked channel type.
 
tls::handshake channel
Forces handshake to take place, and returns 0 if handshake is still in progress (non-blocking), or 1 if the handshake was successful. If the handshake failed this routine will throw an error.
 
tls::status - ?-local? channel
+ ?-local? channel
Returns the current status of an SSL channel. The result is a list of key-value pairs describing the SSL, certificate, and certificate verification status. If the SSL handshake has not yet completed, an empty list is returned. If -local is specified, then the local certificate is used.
-
- SSL Status +
+ SSL Status
alpn protocol
The protocol selected after Application-Layer Protocol Negotiation (ALPN).
cipher cipher
-
The current cipher in use between for the channel.
+
The current cipher in use for the session.
peername name
The peername from the certificate.
protocol version
The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.
@@ -269,38 +287,34 @@
verifyResult result
Certificate verification result.
ca_names list
List of the Certificate Authorities used to create the certificate.
-
-
- Certificate Status + Certificate Status
all string
Dump of all certificate info.
-
version value
The certificate version.
serialNumber n
The serial number of the certificate as a hex string.
signature algorithm
Cipher algorithm used for certificate signature.
issuer dn
The distinguished name (DN) of the certificate issuer.
notBefore date
-
The begin date for the validity of the certificate.
+
The beginning date of the certificate validity.
notAfter date
-
The expiration date for the certificate.
+
The expiration date of the certificate validity.
subject dn
The distinguished name (DN) of the certificate subject. Fields include: Common Name (CN), Organization (O), Locality or City (L), State or Province (S), and Country Name (C).
issuerUniqueID string
The issuer unique id.
subjectUniqueID string
The subject unique id.
-
num_extensions n
Number of certificate extensions.
extensions list
List of certificate extension names.
authorityKeyIdentifier string
@@ -307,21 +321,19 @@
(AKI) Key identifier of the Issuing CA certificate that signed the SSL certificate as a hex string. This value matches the SKI value of the Intermediate CA certificate.
subjectKeyIdentifier string
(SKI) Hash of the public key inside the certificate as a hex - string. Used to identify certificates that contain a particular - public key.
+ string. Used to identify certificates that contain a particular + public key.
subjectAltName list
List of all of the alternative domain names, sub domains, and IP addresses that are secured by the certificate.
ocsp list
List of all Online Certificate Status Protocol (OCSP) URLs.
-
certificate cert
The PEM encoded certificate.
-
signatureAlgorithm algorithm
Cipher algorithm used for the certificate signature.
signatureValue string
Certificate signature as a hex string.
signatureDigest version
@@ -332,24 +344,23 @@
Certificate signature public key as a hex string.
bits n
Number of bits used for certificate signature key.
self_signed boolean
Whether the certificate signature is self signed.
-
sha1_hash hash
The SHA1 hash of the certificate as a hex string.
sha256_hash hash
The SHA256 hash of the certificate as a hex string.
-
+
tls::connection channel
Returns the current connection status of an SSL channel. The result is a list of key-value pairs describing the connection.
-
- SSL Status +
+ SSL Status
state state
State of the connection.
servername name
The name of the connected to server.
@@ -369,13 +380,11 @@
expansion mode
Expansion method.
caList list
List of Certificate Authorities (CA) for X.509 certificate.
-
-
- Cipher Info + Cipher Info
cipher cipher
The current cipher in use for the connection.
standard_name name
The standard RFC name of cipher.
@@ -385,21 +394,19 @@
The number of secret bits used for cipher.
min_version version
The minimum protocol version for cipher.
cipher_is_aead boolean
Whether the cipher is Authenticated Encryption with - Associated Data (AEAD).
+ Associated Data (AEAD).
cipher_id id
The OpenSSL cipher id.
description string
A text description of the cipher.
handshake_digest boolean
Digest used during handshake.
-
-
- Session Info + Session Info
alpn protocol
The protocol selected after Application-Layer Protocol Negotiation (ALPN).
resumable boolean
@@ -419,291 +426,342 @@
master_key binary_string
Unique session master key.
session_cache_mode mode
Server cache mode (client, server, or both).
-
+
+
tls::ciphers + ?protocol? ?verbose? ?supported?
+
Without any args, returns a list of all symmetric ciphers for use + with the -cipher option. With protocol, + only the ciphers supported for that protocol are returned. See + tls::protocols command + for the supported protocols. If verbose is specified as true + then a verbose, human readable list is returned with additional + information on the cipher. If supported is specified as true, + then only the ciphers supported for protocol will be listed.
+
 
tls::protocols
-
Returns a list of the supported protocols. Valid values are: +
Returns a list of the supported SSL/TLS protocols. Valid values are: ssl2, ssl3, tls1, tls1.1, tls1.2, and tls1.3. Exact list depends on OpenSSL version and compile time flags.
- +
 
tls::version
Returns the OpenSSL version string.
+
+ +
+ +

CERTIFICATE VALIDATION

+ +

Summary of command line options:

+

The following options are used for certificate validation:

+
    +
  • The -cadir option specifies the directory where the Certificate +Authority (CA) certificates are stored. The default is platform specific, but +is usually "/etc/ssl/certs" on Linux/Unix systems. The default location can be +overridden via the SSL_CERT_DIR environment variable.
  • +
  • The -cafile option specifies the file that contains all of the +Certificate Authority (CA) certificates in the PEM file format. The default is +cert.pem, in the OpenSSL directory. On Linux/Unix systems, this is +usually "/etc/ssl/ca-bundle.pem". The default file can be overridden via the +SSL_CERT_FILE environment variable.
  • +
  • The -castore option contains the URI to the Certificate Authority +(CA) store, which may be a single container or a catalog of containers. +Starting with OpenSSL 3.2 on Windows, set this to "org.openssl.winstore://" to +use the built-in Windows Certificate Store. The Windows cert store only +supports root certificate stores.
  • +
  • The -request option is used to request the server send its +certificate chain as part of the connection negotiation process. This is +needed to do certificate validation. The default is true. In addition, the +client can manually inspect and accept or reject each certificate using the +-validatecommand option.
  • +
  • The -require option is used to require certificate validation be +performed as part of the connection negotiation process. A valid CA directory, +file, or store must be present for this to work.
  • +
+ +
+

When are command line options needed:

+

+By default, a client TLS connection does NOT validate the server certificate +chain. This limitation is due to the lack of a common cross platform +database of Certificate Authority (CA) provided certificates to validate +against. Many Linux systems natively support OpenSSL and thus have these +certificates installed as part of the OS, but MacOS and Windows do not. In +order to use the -require option, one of the following must be true:

+
    +
  • On Linux and Unix systems with OpenSSL already installed, if the CA +certificates are stored in the standard locations, or the SSL_CERT_DIR +or SSL_CERT_FILE env vars are set, then no other options are needed.
  • + +
  • If OpenSSL is not installed in the default location, or when using Mac OS +or Windows and OpenSSL is installed, the SSL_CERT_DIR and/or +SSL_CERT_FILE env vars or the -cadir and/or -cafile + options must be defined.
  • + +
  • On Windows, starting in OpenSSL 3.2, it is now possible to access the +built-in Windows Certificate Store from OpenSSL. This can be achieved by +setting the -castore option to "org.openssl.winstore://".
  • + +
  • If OpenSSL is not installed, the CA certificates must be downloaded and +installed with the user software. The CURL team makes them available at +CA certificates extracted +from Mozilla in the cacert.pem file. You must then either +set the SSL_CERT_DIR and/or SSL_CERT_FILE env vars or the +-cadir or -cafile options to the CA cert file's install +location. It is your responsibility to keep this file up to date.
  • +
+
+ +

CALLBACK OPTIONS

As indicated above, individual channels can be given their own callbacks to handle intermediate processing by the OpenSSL library, using the -command, -password, and -validate_command options passed to either of tls::socket or tls::import. -If the callback generates an error, the bgerror command will be -invoked with the error information. +Unlike previous versions of TCL TLS, only if the callback generates an error, +will the bgerror command will be invoked with the error information.

-
-
-command callback
Invokes the specified callback script at several points during the OpenSSL handshake and use. See below for the possible arguments passed to the callback script. Values returned from the callback are ignored. - -
-
- -
- -
- error channelId message -
-
- This form of callback is invoked whenever an error occurs during the - initial connection, handshake, or I/O operations. The message - argument can be from the Tcl_ErrnoMsg, OpenSSL function - ERR_reason_error_string(), or a custom message. -
- -
- -
- info channelId major minor message type -
-
- This form of callback is invoked by the OpenSSL function - SSL_set_info_callback() during the initial connection - and handshake operations. The type argument is new for - TLS 1.8. The arguments are: -
-
    -
  • Possible values for major are: - handshake, alert, connect, accept.
  • -
  • Possible values for minor are: - start, done, read, write, loop, exit.
  • -
  • The message argument is a descriptive string which may - be generated either by SSL_state_string_long() or by - SSL_alert_desc_string_long(), depending on the context.
  • -
  • For alerts, the possible values for type are: - warning, fatal, and unknown. For others, - info is used.
  • -
-
- -
- message channelId direction version content_type message -
-
- This form of callback is invoked by the OpenSSL function - SSL_set_msg_callback() whenever a message is sent or - received during the initial connection, handshake, or I/O operations. - It is only available when OpenSSL is complied with the - enable-ssl-trace option. Arguments are: direction - is Sent or Received, version is the protocol - version, content_type is the message content type, and - message is more info from the SSL_trace API. - This callback is new for TLS 1.8. -
-
- -
- session channelId session_id ticket lifetime -
-
- This form of callback is invoked by the OpenSSL function - SSL_CTX_sess_set_new_cb() whenever a new session id is - sent by the server during the initial connection and handshake, but - can also be received later if the -post_handshake option is - used. Arguments are: session_id is the current - session identifier, ticket is the session ticket info, and - lifetime is the the ticket lifetime in seconds. - This callback is new for TLS 1.8. -
-
-
-
- -
- +
+
+
+ error channelId message +
+
+ This form of callback is invoked whenever an error occurs during the + initial connection, handshake, or I/O operations. The message + argument can be from the Tcl_ErrnoMsg, OpenSSL function + ERR_reason_error_string(), or a custom message. +
+
+
+ info channelId major minor message type +
+
+ This form of callback is invoked by the OpenSSL function + SSL_set_info_callback() during the initial connection + and handshake operations. The type argument is new for + TLS 1.8. The arguments are: +
+
    +
  • Possible values for major are: + handshake, alert, connect, accept.
  • +
  • Possible values for minor are: + start, done, read, write, loop, exit.
  • +
  • The message argument is a descriptive string which may + be generated either by SSL_state_string_long() or by + SSL_alert_desc_string_long(), depending on the context.
  • +
  • For alerts, the possible values for type are: + warning, fatal, and unknown. For others, + info is used.
  • +
+
+
+ message channelId direction version content_type message +
+
+ This form of callback is invoked by the OpenSSL function + SSL_set_msg_callback() whenever a message is sent or + received during the initial connection, handshake, or I/O operations. + It is only available when OpenSSL is complied with the + enable-ssl-trace option. Arguments are: direction + is Sent or Received, version is the protocol + version, content_type is the message content type, and + message is more info from the SSL_trace API. + This callback is new for TLS 1.8. +
+
+
+ session channelId session_id ticket lifetime +
+
+ This form of callback is invoked by the OpenSSL function + SSL_CTX_sess_set_new_cb() whenever a new session id is + sent by the server during the initial connection and handshake, but + can also be received later if the -post_handshake option is + used. Arguments are: session_id is the current + session identifier, ticket is the session ticket info, and + lifetime is the the ticket lifetime in seconds. + This callback is new for TLS 1.8. +
+
+ +
+
+
-password callback
Invokes the specified callback script when OpenSSL needs to obtain a password. See below for the possible arguments passed to the callback script. See below for valid return values. -
-
-
- -
- password rwflag size -
-
- Invoked when loading or storing a PEM certificate with encryption. - Where rwflag is 0 for reading/decryption or 1 for - writing/encryption (can prompt user to confirm) and - size is the max password length in bytes. - The callback should return the password as a string. - Both arguments are new for TLS 1.8. -
-
- -
- - +
+ password rwflag size +
+
+ Invoked when loading or storing a PEM certificate with encryption. + Where rwflag is 0 for reading/decryption or 1 for + writing/encryption (can prompt user to confirm) and size is + the max password length in bytes. The callback should return the + password as a string. Both arguments are new for TLS 1.8. +
+
+ + +
+
-validatecommand callback
Invokes the specified callback script during handshake in order to validate the provided value(s). See below for the possible arguments passed to the callback script. If not specified, OpenSSL will accept valid certificates and extensions. To reject the value and abort the connection, the callback should return 0. To accept the value and continue the connection, it should return 1. To reject the value, but continue the connection, it should return 2. -
-
-
- -
- alpn channelId protocol match -
-
- For servers, this form of callback is invoked when the client ALPN - extension is received. If match is true, protocol - is the first -alpn option specified protocol common to both - the client and server. If not, the first client specified protocol is - used. It is called after the hello and ALPN callbacks. - This callback is new for TLS 1.8. -
- -
- -
- hello channelId servername -
-
- For servers, this form of callback is invoked during client hello - message processing. The purpose is so the server can select the - appropriate certificate to present to the client, and to make other - configuration adjustments relevant to that server name and its - configuration. It is called before the SNI and ALPN callbacks. - This callback is new for TLS 1.8. -
- -
- -
- sni channelId servername -
-
- For servers, this form of callback is invoked when the Server Name - Indication (SNI) extension is received. The servername - argument is the client provided server name in the -servername - option. The purpose is so when a server supports multiple names, the - right certificate can be used. It is called after the hello callback - but before the ALPN callback. - This callback is new for TLS 1.8. -
- -
- -
- verify channelId depth cert status error -
-
- This form of callback is invoked by OpenSSL when a new certificate - is received from the peer. It allows the client to check the - certificate verification results and choose whether to continue - or not. It is called for each certificate in the certificate chain. -
    -
  • The depth argument is the integer depth of the - certificate in the certificate chain, where 0 is the peer certificate - and higher values going up to the Certificate Authority (CA).
  • -
  • The cert argument is a list of key-value pairs similar - to those returned by - tls::status.
  • -
  • The status argument is the boolean validity of the - current certificate where 0 is invalid and 1 is valid.
  • -
  • The error argument is the error message, if any, generated - by X509_STORE_CTX_get_error().
  • -
-
-
+
+ alpn channelId protocol match +
+
+ For servers, this form of callback is invoked when the client ALPN + extension is received. If match is true, protocol + is the first -alpn option specified protocol common to both + the client and server. If not, the first client specified protocol is + used. It is called after the hello and ALPN callbacks. + This callback is new for TLS 1.8. +
+
+
+ hello channelId servername +
+
+ For servers, this form of callback is invoked during client hello + message processing. The purpose is so the server can select the + appropriate certificate to present to the client, and to make other + configuration adjustments relevant to that server name and its + configuration. It is called before the SNI and ALPN callbacks. + This callback is new for TLS 1.8. +
+
+
+ sni channelId servername +
+
+ For servers, this form of callback is invoked when the Server Name + Indication (SNI) extension is received. The servername + argument is the client provided server name in the -servername + option. The purpose is so when a server supports multiple names, the + right certificate can be used. It is called after the hello callback + but before the ALPN callback. + This callback is new for TLS 1.8. +
+
+
+ verify channelId depth cert status error +
+
+ This form of callback is invoked by OpenSSL when a new certificate + is received from the peer. It allows the client to check the + certificate verification results and choose whether to continue + or not. It is called for each certificate in the certificate chain. +
    +
  • The depth argument is the integer depth of the + certificate in the certificate chain, where 0 is the peer certificate + and higher values going up to the Certificate Authority (CA).
  • +
  • The cert argument is a list of key-value pairs similar + to those returned by + tls::status.
  • +
  • The status argument is the boolean validity of the + current certificate where 0 is invalid and 1 is valid.
  • +
  • The error argument is the error message, if any, generated + by X509_STORE_CTX_get_error().
  • +
+
+
-

Reference implementations of these callbacks are provided in the distribution as tls::callback, tls::password, -and tls::validate_command respectively. Note that these are -sample implementations only. In a more realistic deployment +and tls::validate_command respectively. Note that these are +sample implementations only. In a more realistic deployment you would specify your own callback scripts on each TLS channel using the --command, -password, and -validate_command options. +-command, -password, and +-validate_command options.

-

The default behavior when the -command and -validate_command options are not specified is for TLS to process the associated library callbacks internally. The default behavior when the -password option is not specified is for TLS to process the associated library callbacks by attempting to call tls::password. The difference between these two behaviors is a consequence of maintaining compatibility with earlier implementations.

-

The use of the reference callbacks tls::callback, tls::password, and tls::validate_command -is not recommended. They may be removed from future releases. +is not recommended. They may be removed from future releases.

+
+ +

DEBUG

-TLS key logging can be enabled by setting the environment variable +

For most debugging needs, the -callback option can be used to provide +sufficient insight and information on the TLS handshake and progress. If further +troubleshooting insight is needed, the compile time option --enable-debug +can be used to get detailed execution flow status.

+ +

TLS key logging can be enabled by setting the environment variable SSLKEYLOGFILE to the name of the file to log to. Then whenever TLS key material is generated or received it will be logged to the file. This is useful for logging key data for network logging tools to use to -decrypt the data. +decrypt the data.

-

-The tls::debug variable provides some additional -control over these reference callbacks. Its value is zero by default. +

The tls::debug variable provides some additional +control over these reference callbacks. Its value is zero by default. Higher values produce more diagnostic output, and will also force the verify method in tls::callback to accept the certificate, even when it is invalid if the tls::validate_command -callback is used for the -validatecommand option. -

- -

- -The use of the variable tls::debug is not recommended. -It may be removed from future releases. - -

+callback is used for the -validatecommand option.

+ +

The use of the variable tls::debug is not recommended. +It may be removed from future releases.

Debug Examples

These examples use the default Unix platform SSL certificates. For standard installations, -cadir and -cafile should not be needed. If your certificates are in non-standard locations, update -cadir or use -cafile as needed.


-Example #1: Use HTTP package - +

Example #1: Use HTTP package


 package require http
 package require tls
 set url "https://www.tcl.tk/"
 
@@ -722,11 +780,11 @@
 
 # Cleanup
 ::http::cleanup $token
 
-Example #2: Use raw socket +

Example #2: Use raw socket


 package require tls
 
 set url "www.tcl-lang.org"
 set port 443
@@ -748,20 +806,21 @@
 close $ch
 parray status
 parray conn
 parray chan
 
+
+

HTTPS EXAMPLE

These examples use the default Unix platform SSL certificates. For standard installations, -cadir and -cafile should not be needed. If your certificates are in non-standard locations, update -cadir or use -cafile as needed.

-Example #1: Get web page - +

Example #1: Get web page


 package require http
 package require tls
 set url "https://www.tcl.tk/"
 
@@ -779,12 +838,11 @@
 
 # Cleanup
 ::http::cleanup $token
 
-Example #2: Download file - +

Example #2: Download file


 package require http
 package require tls
 
 set url "https://wiki.tcl-lang.org/sitemap.xml"
@@ -798,28 +856,40 @@
 
 # Cleanup
 close $ch
 ::http::cleanup $token
 
+
+ +

SPECIAL CONSIDERATIONS

The capabilities of this package can vary enormously based upon how the linked to OpenSSL library was configured and built. New versions may obsolete older protocol versions, add or remove ciphers, change default values, etc. Use the tls::protocols commands to obtain the supported protocol versions.

-

SEE ALSO

+
+ +

See Also

socket, fileevent, http, -OpenSSL

+OpenSSL

+ +
+ +

KEYWORDS

+ +

ssl, tls, socket, +certificate, https


-Copyright © 1999 Matt Newman.
-Copyright © 2004 Starfish Systems.
-Copyright © 2023 Brian O'Hagan.
+Copyright © 1999 Matt Newman
+Copyright © 2004 Starfish Systems
+Copyright © 2023-2024 Brian O'Hagan
 
Index: generic/tls.c ================================================================== --- generic/tls.c +++ generic/tls.c @@ -1,20 +1,21 @@ /* + * TLS Channel - This extension provides a encrypted communication channel + * using the TLS or SSL protocols. It can be layered on top of any + * bi-directional Tcl_Channel. + * + * This was initially built (almost) from scratch based upon observation of + * OpenSSL 0.9.2B. + * * Copyright (C) 1997-1999 Matt Newman * some modifications: * Copyright (C) 2000 Ajuba Solutions * Copyright (C) 2002 ActiveState Corporation * Copyright (C) 2004 Starfish Systems * Copyright (C) 2023 Brian O'Hagan * - * TLS (aka SSL) Channel - can be layered on any bi-directional - * Tcl_Channel (Note: Requires Trf Core Patch) - * - * This was built (almost) from scratch based upon observation of - * OpenSSL 0.9.2B - * - * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for + * Additional credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * * Also work done by the follow people provided the impetus to do this "right": * tclSSL (Colin McCormack, Shared Technology) @@ -25,10 +26,13 @@ #include "tlsInt.h" #include "tclOpts.h" #include "tlsUuid.h" #include #include +#include +#include +#include #include #include /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L @@ -39,19 +43,17 @@ /* * Forward declarations */ #define F2N(key, dsp) \ - (((key) == NULL) ? (char *) NULL : \ + (((key) == NULL) ? (char *)NULL : \ Tcl_TranslateFileName(interp, (key), (dsp))) static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, - int key_asn1_len, int cert_asn1_len, char *CApath, char *CAfile, - char *ciphers, char *ciphersuites, int level, char *DHparams); - -static int TlsLibInit(int uninitialize); + Tcl_Size key_asn1_len, Tcl_Size cert_asn1_len, char *CApath, char *CAstore, + char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams); #define TLS_PROTO_SSL2 0x01 #define TLS_PROTO_SSL3 0x02 #define TLS_PROTO_TLS1 0x04 #define TLS_PROTO_TLS1_1 0x08 @@ -59,33 +61,10 @@ #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) #define SSLKEYLOGFILE "SSLKEYLOGFILE" -/* - * Thread-Safe TLS Code - */ - -#ifdef TCL_THREADS -#define OPENSSL_THREAD_DEFINES -#include - -#ifdef OPENSSL_THREADS -#include -#include - -/* - * Threaded operation requires locking callbacks - * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL. - */ - -static Tcl_Mutex *locks = NULL; -static int locksCount = 0; -static Tcl_Mutex init_mx; -#endif /* OPENSSL_THREADS */ -#endif /* TCL_THREADS */ - /********************/ /* Callbacks */ /********************/ @@ -104,17 +83,21 @@ * Evaluates callback command * *------------------------------------------------------------------- */ static int -EvalCallback(Tcl_Interp *interp, State *statePtr, Tcl_Obj *cmdPtr) { +EvalCallback( + Tcl_Interp *interp, /* Tcl interpreter */ + State *statePtr, /* Client state for TLS socket */ + Tcl_Obj *cmdPtr) /* Command to eval as a Tcl object */ +{ int code, ok = 0; dprintf("Called"); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); + Tcl_Preserve((void *) interp); + Tcl_Preserve((void *) statePtr); /* Eval callback with success for ok or return value 1, fail for error or return value 0 */ Tcl_ResetResult(interp); code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); dprintf("EvalCallback: %d", code); @@ -133,12 +116,12 @@ #else Tcl_BackgroundException(interp, code); #endif } - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); + Tcl_Release((void *) statePtr); + Tcl_Release((void *) interp); return ok; } /* *------------------------------------------------------------------- @@ -154,20 +137,25 @@ * Calls callback (if defined) * *------------------------------------------------------------------- */ static void -InfoCallback(const SSL *ssl, int where, int ret) { +InfoCallback( + const SSL *ssl, /* SSL context */ + int where, /* Source of info */ + int ret) /* message enum */ +{ State *statePtr = (State*)SSL_get_app_data((SSL *)ssl); Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; - char *major; char *minor; + const char *major, *minor; dprintf("Called"); - if (statePtr->callback == (Tcl_Obj*)NULL) + if (statePtr->callback == (Tcl_Obj*)NULL) { return; + } if (where & SSL_CB_HANDSHAKE_START) { major = "handshake"; minor = "start"; } else if (where & SSL_CB_HANDSHAKE_DONE) { @@ -226,11 +214,19 @@ * *------------------------------------------------------------------- */ #ifndef OPENSSL_NO_SSL_TRACE static void -MessageCallback(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { +MessageCallback( + int write_p, /* Message 0=received, 1=sent */ + int version, /* TLS version */ + int content_type, /* Protocol content type */ + const void *buf, /* Protocol message */ + size_t len, /* Protocol message length */ + SSL *ssl, /* SSL context */ + void *arg) /* Client state for TLS socket */ +{ State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; char *ver, *type; BIO *bio; @@ -237,12 +233,13 @@ char buffer[15000]; buffer[0] = 0; dprintf("Called"); - if (statePtr->callback == (Tcl_Obj*)NULL) + if (statePtr->callback == (Tcl_Obj*)NULL) { return; + } switch(version) { #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2) case SSL2_VERSION: ver = "SSLv2"; @@ -310,10 +307,12 @@ buffer[n] = 0; (void)BIO_flush(bio); BIO_free(bio); } + dprintf("Message direction=%d, ver=%s, type=%s, message=%s", write_p, ver, type, &buffer[0]); + /* Create command to eval with fn, chan, direction, version, type, and message args */ cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("message", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); @@ -363,11 +362,14 @@ * to a string describing the SSL negotiation failure reason * *------------------------------------------------------------------- */ static int -VerifyCallback(int ok, X509_STORE_CTX *ctx) { +VerifyCallback( + int ok, /* Verify result */ + X509_STORE_CTX *ctx) /* CTX context */ +{ Tcl_Obj *cmdPtr; SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Interp *interp = statePtr->interp; @@ -386,25 +388,27 @@ } } else if (cert == NULL || ssl == NULL) { return 0; } - dprintf("VerifyCallback: eval callback"); + dprintf("VerifyCallback: create callback command"); /* Create command to eval with fn, chan, depth, cert info list, status, and error args */ cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("verify", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(depth)); - Tcl_ListObjAppendElement(interp, cmdPtr, Tls_NewX509Obj(interp, cert)); + Tcl_ListObjAppendElement(interp, cmdPtr, Tls_NewX509Obj(interp, cert, 0)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(ok)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj((char*)X509_verify_cert_error_string(err), -1)); /* Prevent I/O while callback is in progress */ /* statePtr->flags |= TLS_TCL_CALLBACK; */ + + dprintf("VerifyCallback: eval callback"); /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); ok = EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); @@ -427,20 +431,26 @@ * to a string describing the SSL negotiation failure reason * *------------------------------------------------------------------- */ void -Tls_Error(State *statePtr, char *msg) { +Tls_Error( + State *statePtr, /* Client state for TLS socket */ + const char *msg) /* Error message */ +{ Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr, *listPtr; unsigned long err; statePtr->err = msg; - dprintf("Called"); + dprintf("Called with message %s", msg); - if (statePtr->callback == (Tcl_Obj*)NULL) + if (statePtr->callback == (Tcl_Obj*)NULL) { return; + } + + dprintf("Tls_Error: create callback command"); /* Create command to eval with fn, chan, and message args */ cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("error", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, @@ -457,10 +467,12 @@ Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(ERR_reason_error_string(err), -1)); } Tcl_ListObjAppendElement(interp, cmdPtr, listPtr); } + dprintf("Tls_Error: eval callback"); + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); } @@ -475,11 +487,14 @@ * Side effects: * none * *------------------------------------------------------------------- */ -void KeyLogCallback(const SSL *ssl, const char *line) { +void KeyLogCallback( + const SSL *ssl, /* Client state for TLS socket */ + const char *line) /* Key data to be logged */ +{ char *str = getenv(SSLKEYLOGFILE); FILE *fd; dprintf("Called"); @@ -509,11 +524,16 @@ * Password size in bytes or -1 for an error. * *------------------------------------------------------------------- */ static int -PasswordCallback(char *buf, int size, int rwflag, void *udata) { +PasswordCallback( + char *buf, /* Pointer to buffer to store password in */ + int size, /* Buffer length in bytes */ + int rwflag, /* Whether password is needed for read or write */ + void *udata) /* Client state for TLS socket */ +{ State *statePtr = (State *) udata; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code; Tcl_Size len; @@ -532,19 +552,23 @@ return (int) len; } else { return -1; } } + + dprintf("PasswordCallback: create callback command"); /* Create command to eval with fn, rwflag, and size args */ cmdPtr = Tcl_DuplicateObj(statePtr->password); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("password", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(rwflag)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(size)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); + dprintf("PasswordCallback: eval callback"); + + Tcl_Preserve((void *) interp); + Tcl_Preserve((void *) statePtr); /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); if (code != TCL_OK) { @@ -554,24 +578,24 @@ Tcl_BackgroundException(interp, code); #endif } Tcl_DecrRefCount(cmdPtr); - Tcl_Release((ClientData) statePtr); + Tcl_Release((void *) statePtr); /* If successful, pass back password string and truncate if too long */ if (code == TCL_OK) { char *ret = (char *) Tcl_GetStringFromObj(Tcl_GetObjResult(interp), &len); if (len > (Tcl_Size) size-1) { len = (Tcl_Size) size-1; } strncpy(buf, ret, (size_t) len); buf[len] = '\0'; - Tcl_Release((ClientData) interp); + Tcl_Release((void *) interp); return (int) len; } - Tcl_Release((ClientData) interp); + Tcl_Release((void *) interp); return -1; } /* *------------------------------------------------------------------- @@ -594,11 +618,14 @@ * 1 = success where app retains session in session cache, and must call SSL_SESSION_free() when done. * *------------------------------------------------------------------- */ static int -SessionCallback(SSL *ssl, SSL_SESSION *session) { +SessionCallback( + SSL *ssl, /* SSL context */ + SSL_SESSION *session) /* Session context */ +{ State *statePtr = (State*)SSL_get_app_data((SSL *)ssl); Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; const unsigned char *ticket; const unsigned char *session_id; @@ -663,12 +690,18 @@ * protocols are configured for this connection. The connection continues. * *------------------------------------------------------------------- */ static int -ALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) { +ALPNCallback( + SSL *ssl, /* SSL context */ + const unsigned char **out, /* Return buffer to store selected protocol */ + unsigned char *outlen, /* Return buffer size */ + const unsigned char *in, /* Peer provided protocols */ + unsigned int inlen, /* Peer buffer size */ + void *arg) /* Client state for TLS socket */ +{ State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; @@ -732,11 +765,16 @@ * *------------------------------------------------------------------- */ #ifdef USE_NPN static int -NPNCallback(const SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) { +NPNCallback( + const SSL *ssl, /* SSL context */ + const unsigned char **out, /* Return buffer to store selected protocol */ + unsigned int *outlen, /* Return buffer size */ + void *arg) /* Client state for TLS socket */ +{ State *statePtr = (State*)arg; dprintf("Called"); if (ssl == NULL || arg == NULL) { @@ -780,11 +818,15 @@ * e.g. if SNI has not been configured. The connection continues. * *------------------------------------------------------------------- */ static int -SNICallback(const SSL *ssl, int *alert, void *arg) { +SNICallback( + const SSL *ssl, /* SSL context */ + int *alert, /* Returned alert message */ + void *arg) /* Client state for TLS socket */ +{ State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; const char *servername = NULL; @@ -852,11 +894,15 @@ * SSL_CLIENT_HELLO_SUCCESS: success * *------------------------------------------------------------------- */ static int -HelloCallback(SSL *ssl, int *alert, void *arg) { +HelloCallback( + SSL *ssl, /* SSL context */ + int *alert, /* Returned alert message */ + void *arg) /* Client state for TLS socket */ +{ State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; int code, res; const char *servername; @@ -865,11 +911,11 @@ dprintf("Called"); if (statePtr->vcmd == (Tcl_Obj*)NULL) { return SSL_CLIENT_HELLO_SUCCESS; - } else if (ssl == (const SSL *)NULL || arg == (void *)NULL) { + } else if (ssl == (const SSL *)NULL || arg == NULL) { return SSL_CLIENT_HELLO_ERROR; } /* Get names */ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) { @@ -948,26 +994,30 @@ * constructs and destroys SSL context (CTX) * *------------------------------------------------------------------- */ static const char *protocols[] = { - "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL + "ssl2", "ssl3", "tls1", "tls1.1", "tls1.2", "tls1.3", NULL }; enum protocol { TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE }; static int -CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +CiphersObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ Tcl_Obj *objPtr = NULL; SSL_CTX *ctx = NULL; SSL *ssl = NULL; STACK_OF(SSL_CIPHER) *sk; char buf[BUFSIZ]; int index, verbose = 0, use_supported = 0; const SSL_METHOD *method; - (void) clientData; dprintf("Called"); if ((objc < 2) || (objc > 4)) { Tcl_WrongNumArgs(interp, 1, objv, "protocol ?verbose? ?supported?"); @@ -986,46 +1036,46 @@ ERR_clear_error(); switch ((enum protocol)index) { case TLS_SSL2: #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = SSLv2_method(); break; #endif case TLS_SSL3: #if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = SSLv3_method(); break; #endif case TLS_TLS1: #if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = TLSv1_method(); break; #endif case TLS_TLS1_1: #if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = TLSv1_1_method(); break; #endif case TLS_TLS1_2: #if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2_METHOD) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = TLSv1_2_method(); break; #endif case TLS_TLS1_3: #if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3) - Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, protocols[index], ": protocol not supported", (char *)NULL); return TCL_ERROR; #else method = TLS_method(); SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); @@ -1036,17 +1086,17 @@ break; } ctx = SSL_CTX_new(method); if (ctx == NULL) { - Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *)NULL); return TCL_ERROR; } ssl = SSL_new(ctx); if (ssl == NULL) { - Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return TCL_ERROR; } /* Use list and order as would be sent in a ClientHello or all available ciphers */ @@ -1065,11 +1115,11 @@ if (c == NULL) continue; /* cipher name or (NONE) */ cp = SSL_CIPHER_get_name(c); if (cp == NULL) break; - Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj((char *) cp, -1)); + Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(cp, -1)); } } else { objPtr = Tcl_NewStringObj("",0); for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++) { @@ -1109,14 +1159,19 @@ * Side effects: * none * *------------------------------------------------------------------- */ + static int -ProtocolsObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +ProtocolsObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ Tcl_Obj *objPtr; - (void) clientData; dprintf("Called"); if (objc != 1) { Tcl_WrongNumArgs(interp, 1, objv, ""); @@ -1164,17 +1219,22 @@ * Side effects: * May force SSL negotiation to take place. * *------------------------------------------------------------------- */ -static int HandshakeObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { - Tcl_Channel chan; /* The channel to set a mode on. */ - State *statePtr; /* client state for ssl socket */ + +static int HandshakeObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ + Tcl_Channel chan; /* The channel to set a mode on. */ + State *statePtr; /* Client state for TLS socket */ const char *errStr = NULL; int ret = 1; int err = 0; - (void) clientData; dprintf("Called"); if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel"); @@ -1190,12 +1250,12 @@ /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), - "\": not a TLS channel", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "HANDSHAKE", "CHANNEL", "INVALID", (char *) NULL); + "\": not a TLS channel", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "HANDSHAKE", "CHANNEL", "INVALID", (char *)NULL); return TCL_ERROR; } statePtr = (State *)Tcl_GetChannelInstanceData(chan); dprintf("Calling Tls_WaitForConnect"); @@ -1213,15 +1273,15 @@ if (!errStr || (*errStr == 0)) { errStr = Tcl_PosixError(interp); } - Tcl_AppendResult(interp, "handshake failed: ", errStr, (char *) NULL); + Tcl_AppendResult(interp, "handshake failed: ", errStr, (char *)NULL); if ((result = SSL_get_verify_result(statePtr->ssl)) != X509_V_OK) { - Tcl_AppendResult(interp, " due to \"", X509_verify_cert_error_string(result), "\"", (char *) NULL); + Tcl_AppendResult(interp, " due to \"", X509_verify_cert_error_string(result), "\"", (char *)NULL); } - Tcl_SetErrorCode(interp, "TLS", "HANDSHAKE", "FAILED", (char *) NULL); + Tcl_SetErrorCode(interp, "TLS", "HANDSHAKE", "FAILED", (char *)NULL); dprintf("Returning TCL_ERROR with handshake failed: %s", errStr); return TCL_ERROR; } else { if (err != 0) { dprintf("Got an error with a completed handshake: err = %i", err); @@ -1231,11 +1291,11 @@ dprintf("Returning TCL_OK with data \"%i\"", ret); Tcl_SetObjResult(interp, Tcl_NewIntObj(ret)); return TCL_OK; } - + /* *------------------------------------------------------------------- * * ImportObjCmd -- * @@ -1249,14 +1309,20 @@ * Side effects: * May modify the behavior of an IO channel. * *------------------------------------------------------------------- */ + static int -ImportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +ImportObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ Tcl_Channel chan; /* The channel to set a mode on. */ - State *statePtr; /* client state for ssl socket */ + State *statePtr; /* Client state for TLS socket */ SSL_CTX *ctx = NULL; Tcl_Obj *script = NULL; Tcl_Obj *password = NULL; Tcl_Obj *vcmd = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; @@ -1272,20 +1338,20 @@ Tcl_Size cert_len = 0; char *ciphers = NULL; char *ciphersuites = NULL; char *CAfile = NULL; char *CApath = NULL; + char *CAstore = NULL; char *DHparams = NULL; char *model = NULL; char *servername = NULL; /* hostname for Server Name Indication */ char *session_id = NULL; Tcl_Obj *alpn = NULL; int ssl2 = 0, ssl3 = 0; int tls1 = 1, tls1_1 = 1, tls1_2 = 1, tls1_3 = 1; int proto = 0, level = -1; int verify = 0, require = 0, request = 1, post_handshake = 0; - (void) clientData; dprintf("Called"); #if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) tls1 = 0; @@ -1322,10 +1388,11 @@ break; OPTOBJ("-alpn", alpn); OPTSTR("-cadir", CApath); OPTSTR("-cafile", CAfile); + OPTSTR("-castore", CAstore); OPTBYTE("-cert", cert, cert_len); OPTSTR("-certfile", certfile); OPTSTR("-cipher", ciphers); OPTSTR("-ciphers", ciphers); OPTSTR("-ciphersuites", ciphersuites); @@ -1349,11 +1416,11 @@ OPTBOOL("-tls1.2", tls1_2); OPTBOOL("-tls1.3", tls1_3); OPTOBJ("-validatecommand", vcmd); OPTOBJ("-vcmd", vcmd); - OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand"); + OPTBAD("option", "-alpn, -cadir, -cafile, -castore, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand"); return TCL_ERROR; } if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER; if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; @@ -1374,18 +1441,20 @@ if (keyfile && !*keyfile) keyfile = NULL; if (ciphers && !*ciphers) ciphers = NULL; if (ciphersuites && !*ciphersuites) ciphersuites = NULL; if (CAfile && !*CAfile) CAfile = NULL; if (CApath && !*CApath) CApath = NULL; + if (CAstore && !*CAstore) CAstore = NULL; if (DHparams && !*DHparams) DHparams = NULL; /* new SSL state */ statePtr = (State *) ckalloc((unsigned) sizeof(State)); memset(statePtr, 0, sizeof(State)); statePtr->flags = flags; statePtr->interp = interp; + statePtr->want = 0; statePtr->vflags = verify; statePtr->err = ""; /* allocate script */ if (script) { @@ -1427,54 +1496,57 @@ * Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), - "\": not a TLS channel", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *) NULL); + "\": not a TLS channel", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "CHANNEL", "INVALID", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; } else { - if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, (int) key_len, - (int) cert_len, CApath, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) { + if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, cert, key_len, + cert_len, CApath, CAstore, CAfile, ciphers, ciphersuites, level, DHparams)) == NULL) { Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } statePtr->ctx = ctx; - /* - * We need to make sure that the channel works in binary (for the - * encryption not to get goofed up). - * We only want to adjust the buffering in pre-v2 channels, where - * each channel in the stack maintained its own buffers. - */ + /* Preserve channel config */ Tcl_DStringInit(&upperChannelTranslation); Tcl_DStringInit(&upperChannelBlocking); Tcl_DStringInit(&upperChannelEOFChar); Tcl_DStringInit(&upperChannelEncoding); Tcl_GetChannelOption(interp, chan, "-eofchar", &upperChannelEOFChar); Tcl_GetChannelOption(interp, chan, "-encoding", &upperChannelEncoding); Tcl_GetChannelOption(interp, chan, "-translation", &upperChannelTranslation); Tcl_GetChannelOption(interp, chan, "-blocking", &upperChannelBlocking); + + /* Ensure the channel works in binary mode (for the encryption not to get goofed up). */ Tcl_SetChannelOption(interp, chan, "-translation", "binary"); Tcl_SetChannelOption(interp, chan, "-blocking", "true"); + + /* Create stacked channel */ dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan)); - statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr, - (TCL_READABLE | TCL_WRITABLE), chan); + statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), statePtr, (TCL_READABLE | TCL_WRITABLE), chan); dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self)); if (statePtr->self == (Tcl_Channel) NULL) { /* * No use of Tcl_EventuallyFree because no possible Tcl_Preserve. */ Tls_Free((tls_free_type *) statePtr); + Tcl_DStringFree(&upperChannelTranslation); + Tcl_DStringFree(&upperChannelEncoding); + Tcl_DStringFree(&upperChannelEOFChar); + Tcl_DStringFree(&upperChannelBlocking); return TCL_ERROR; } + /* Restore channel config */ Tcl_SetChannelOption(interp, statePtr->self, "-translation", Tcl_DStringValue(&upperChannelTranslation)); Tcl_SetChannelOption(interp, statePtr->self, "-encoding", Tcl_DStringValue(&upperChannelEncoding)); Tcl_SetChannelOption(interp, statePtr->self, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar)); Tcl_SetChannelOption(interp, statePtr->self, "-blocking", Tcl_DStringValue(&upperChannelBlocking)); Tcl_DStringFree(&upperChannelTranslation); @@ -1486,32 +1558,32 @@ * SSL Initialization */ statePtr->ssl = SSL_new(statePtr->ctx); if (!statePtr->ssl) { /* SSL library error */ - Tcl_AppendResult(interp, "couldn't construct ssl session: ", GET_ERR_REASON(), (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "INIT", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "couldn't construct ssl session: ", GET_ERR_REASON(), (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "INIT", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* Set host server name */ if (servername) { /* Sets the server name indication (SNI) in ClientHello extension */ /* Per RFC 6066, hostname is a ASCII encoded string, though RFC 4366 says UTF-8. */ if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) { - Tcl_AppendResult(interp, "Set SNI extension failed: ", GET_ERR_REASON(), (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SNI", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "Set SNI extension failed: ", GET_ERR_REASON(), (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SNI", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } /* Set hostname for peer certificate hostname verification in clients. Don't use SSL_set1_host since it has limitations. */ if (!SSL_add1_host(statePtr->ssl, servername)) { - Tcl_AppendResult(interp, "Set DNS hostname failed: ", GET_ERR_REASON(), (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "Set DNS hostname failed: ", GET_ERR_REASON(), (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "HOSTNAME", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } @@ -1518,12 +1590,12 @@ /* Resume session id */ if (session_id && strlen(session_id) <= SSL_MAX_SID_CTX_LENGTH) { /* SSL_set_session() */ if (!SSL_SESSION_set1_id_context(SSL_get_session(statePtr->ssl), (const unsigned char *) session_id, (unsigned int) strlen(session_id))) { - Tcl_AppendResult(interp, "Resume session failed: ", GET_ERR_REASON(), (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "Resume session failed: ", GET_ERR_REASON(), (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "SESSION", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } } @@ -1544,12 +1616,12 @@ /* Determine the memory required for the protocol-list */ for (i = 0; i < cnt; i++) { Tcl_GetStringFromObj(list[i], &len); if (len > 255) { - Tcl_AppendResult(interp, "ALPN protocol names too long", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "ALPN protocol names too long", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); return TCL_ERROR; } protos_len += 1 + (int) len; } @@ -1565,12 +1637,12 @@ } /* SSL_set_alpn_protos makes a copy of the protocol-list */ /* Note: This function reverses the return value convention */ if (SSL_set_alpn_protos(statePtr->ssl, protos, protos_len)) { - Tcl_AppendResult(interp, "Set ALPN protocols failed: ", GET_ERR_REASON(), (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *) NULL); + Tcl_AppendResult(interp, "Set ALPN protocols failed: ", GET_ERR_REASON(), (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "IMPORT", "ALPN", "FAILED", (char *)NULL); Tls_Free((tls_free_type *) statePtr); ckfree(protos); return TCL_ERROR; } @@ -1585,10 +1657,11 @@ /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); + /*SSL_set_verify_depth(SSL_set_verify_depth, 0);*/ SSL_set_info_callback(statePtr->ssl, InfoCallback); /* Callback for observing protocol messages */ #ifndef OPENSSL_NO_SSL_TRACE /* void SSL_CTX_set_msg_callback_arg(statePtr->ctx, (void *)statePtr); @@ -1620,13 +1693,10 @@ sent to the client, this can be done with SSL_do_handshake(). */ if (request && post_handshake && tls1_3) { SSL_verify_client_post_handshake(statePtr->ssl); } - /* set automatic curve selection */ - SSL_set_ecdh_auto(statePtr->ssl, 1); - /* Set server mode */ statePtr->flags |= TLS_TCL_SERVER; SSL_set_accept_state(statePtr->ssl); } else { /* Client callbacks */ @@ -1646,18 +1716,21 @@ } /* Set client mode */ SSL_set_connect_state(statePtr->ssl); } + + /* Set BIO for read and write operations on SSL object */ SSL_set_bio(statePtr->ssl, statePtr->p_bio, statePtr->p_bio); BIO_set_ssl(statePtr->bio, statePtr->ssl, BIO_NOCLOSE); + BIO_set_ssl_mode(statePtr->bio, (long) !server); /* * End of SSL Init */ dprintf("Returning %s", Tcl_GetChannelName(statePtr->self)); - Tcl_SetResult(interp, (char *) Tcl_GetChannelName(statePtr->self), TCL_VOLATILE); + Tcl_SetResult(interp, (char *)Tcl_GetChannelName(statePtr->self), TCL_VOLATILE); return TCL_OK; } /* @@ -1673,42 +1746,198 @@ * Side effects: * May modify the behavior of an IO channel. * *------------------------------------------------------------------- */ + static int -UnimportObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { - Tcl_Channel chan; /* The channel to set a mode on. */ - (void) clientData; +UnimportObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ + Tcl_Channel chan, parent; /* The stacked and underlying channels */ + Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; + int res = TCL_OK; dprintf("Called"); if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel"); return TCL_ERROR; } + /* Validate channel name */ chan = Tcl_GetChannel(interp, Tcl_GetString(objv[1]), NULL); if (chan == (Tcl_Channel) NULL) { return TCL_ERROR; } /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); + parent = Tcl_GetStackedChannel(chan); - if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { + /* Verify is a stacked channel */ + if (parent == NULL) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), - "\": not a TLS channel", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "UNIMPORT", "CHANNEL", "INVALID", (char *) NULL); + "\": not a stacked channel", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "UNIMPORT", "CHANNEL", "INVALID", (char *)NULL); return TCL_ERROR; } - if (Tcl_UnstackChannel(interp, chan) == TCL_ERROR) { + /* Flush any pending data */ + if (Tcl_OutputBuffered(chan) > 0 && Tcl_Flush(chan) != TCL_OK) { + Tcl_AppendResult(interp, "can't flush channel", (char *)NULL); return TCL_ERROR; } - return TCL_OK; + /* Init storage */ + Tcl_DStringInit(&upperChannelTranslation); + Tcl_DStringInit(&upperChannelBlocking); + Tcl_DStringInit(&upperChannelEOFChar); + Tcl_DStringInit(&upperChannelEncoding); + + /* Preserve current channel config */ + Tcl_GetChannelOption(interp, chan, "-blocking", &upperChannelBlocking); + Tcl_GetChannelOption(interp, chan, "-encoding", &upperChannelEncoding); + Tcl_GetChannelOption(interp, chan, "-eofchar", &upperChannelEOFChar); + Tcl_GetChannelOption(interp, chan, "-translation", &upperChannelTranslation); + + /* Unstack the channel */ + if (Tcl_UnstackChannel(interp, chan) != TCL_OK) { + res = TCL_ERROR; + } + + /* Restore channel config */ + Tcl_SetChannelOption(interp, parent, "-encoding", Tcl_DStringValue(&upperChannelEncoding)); + Tcl_SetChannelOption(interp, parent, "-eofchar", Tcl_DStringValue(&upperChannelEOFChar)); + Tcl_SetChannelOption(interp, parent, "-translation", Tcl_DStringValue(&upperChannelTranslation)); + Tcl_SetChannelOption(interp, parent, "-blocking", Tcl_DStringValue(&upperChannelBlocking)); + + /* Clean-up */ + Tcl_DStringFree(&upperChannelTranslation); + Tcl_DStringFree(&upperChannelEncoding); + Tcl_DStringFree(&upperChannelEOFChar); + Tcl_DStringFree(&upperChannelBlocking); + return res; +} + +/* + *------------------------------------------------------------------- + * + * TlsLoadClientCAFileFromMemory -- Load certificates from a client + * CA file from VFS into memory. + * + * Results: + * Number of certificates loaded or 0 for none. + * + * Side effects: + * Loads CA certificates + * + *------------------------------------------------------------------- + */ +static int +TlsLoadClientCAFileFromMemory( + Tcl_Interp *interp, /* Tcl interpreter */ + SSL_CTX *ctx, /* CTX context */ + Tcl_Obj *file) /* CA certificates filename */ +{ + BIO *bio = NULL; + X509 *cert = NULL; + X509_STORE *store = NULL; + Tcl_Obj *buf = NULL; + const void *data = NULL; + X509_NAME *name = NULL; + STACK_OF(X509_NAME) *certNames = NULL; + int ret = 0; + Tcl_Size len = 0; + + /* Read file into memory */ + Tcl_Channel in = Tcl_FSOpenFileChannel(interp, file, "r", 0); + if (in == NULL) { + goto cleanup; + } + Tcl_SetChannelOption(interp, in, "-encoding", "binary"); + buf = Tcl_NewObj(); + Tcl_IncrRefCount(buf); + + if (Tcl_ReadChars(in, buf, -1, 0) < 0) { + Tcl_Close(interp, in); + goto cleanup; + } + Tcl_Close(interp, in); + + data = (const void *) Tcl_GetByteArrayFromObj(buf, &len); + bio = BIO_new_mem_buf(data, len); + if (bio == NULL) { + goto cleanup; + } + + /* Where the certs go */ + store = SSL_CTX_get_cert_store(ctx); + if (store == NULL) { + store = X509_STORE_new(); + if (store == NULL) { + goto cleanup; + } + } + + /* Where the CA names go */ + certNames = sk_X509_NAME_new_null(); + if (!certNames) { + goto cleanup; + } + + /* Attempt to load all certs from the PEM file */ + while ((cert = PEM_read_bio_X509(bio, NULL, 0, NULL)) != NULL) { + if (X509_STORE_add_cert(store, cert) == 0) { + X509_free(cert); + ret = 0; + goto cleanup; + } + /* Copy name to stack before certificate gets freed */ + name = X509_get_subject_name(cert); + if (name) { + X509_NAME *name_copy = X509_NAME_dup(name); + if (!name_copy || !sk_X509_NAME_push(certNames, name_copy)) { + X509_free(cert); + ret = 0; + goto cleanup; + } + } + X509_free(cert); + ret ++; + } + + /* At least one cert was added so retain the store and CA list */ + if (ret) { + if (SSL_CTX_get_cert_store(ctx) == NULL) { + SSL_CTX_set_cert_store(ctx, store); + } + SSL_CTX_set_client_CA_list(ctx, certNames); + } + + cleanup: + + if (! ret) { + /* New store is not required */ + if (store != SSL_CTX_get_cert_store(ctx)) { + X509_STORE_free(store); + } + /* Cert names will not be used */ + if (certNames) { + sk_X509_NAME_pop_free(certNames, X509_NAME_free); + } + } + + BIO_free(bio); + + if (buf) + Tcl_DecrRefCount(buf); + + return ret; } /* *------------------------------------------------------------------- * @@ -1720,14 +1949,30 @@ * Side effects: * constructs SSL context (CTX) * *------------------------------------------------------------------- */ + static SSL_CTX * -CTX_Init(State *statePtr, int isServer, int proto, char *keyfile, char *certfile, - unsigned char *key, unsigned char *cert, int key_len, int cert_len, char *CApath, - char *CAfile, char *ciphers, char *ciphersuites, int level, char *DHparams) { +CTX_Init( + State *statePtr, /* Client state for TLS socket */ + int isServer, /* Is server or client */ + int proto, /* TLS protocol versions mask */ + char *keyfile, /* Private key filename in pEM format */ + char *certfile, /* Certificate filename in PEM format */ + unsigned char *key, /* Private key in PEM format */ + unsigned char *cert, /* Certificate in PEM format */ + Tcl_Size key_len, /* Private key length in bytes */ + Tcl_Size cert_len, /* Certificate length in bytes */ + char *CApath, /* CA directory path */ + char *CAstore, /* CA Store URI path */ + char *CAfile, /* CA filename */ + char *ciphers, /* List of ciphers */ + char *ciphersuites, /* List of cipher suites */ + int level, /* Security level */ + char *DHparams) /* DH parameters */ +{ Tcl_Interp *interp = statePtr->interp; SSL_CTX *ctx = NULL; Tcl_DString ds; int off = 0, abort = 0; int load_private_key; @@ -1734,48 +1979,48 @@ const SSL_METHOD *method; dprintf("Called"); if (!proto) { - Tcl_AppendResult(interp, "no valid protocol selected", (char *) NULL); + Tcl_AppendResult(interp, "no valid protocol selected", (char *)NULL); return NULL; } /* create SSL context */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(NO_SSL2) || defined(OPENSSL_NO_SSL2) if (ENABLED(proto, TLS_PROTO_SSL2)) { - Tcl_AppendResult(interp, "SSL2 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "SSL2 protocol not supported", (char *)NULL); return NULL; } #endif #if defined(NO_SSL3) || defined(OPENSSL_NO_SSL3) if (ENABLED(proto, TLS_PROTO_SSL3)) { - Tcl_AppendResult(interp, "SSL3 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "SSL3 protocol not supported", (char *)NULL); return NULL; } #endif #if defined(NO_TLS1) || defined(OPENSSL_NO_TLS1) if (ENABLED(proto, TLS_PROTO_TLS1)) { - Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "TLS 1.0 protocol not supported", (char *)NULL); return NULL; } #endif #if defined(NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1) if (ENABLED(proto, TLS_PROTO_TLS1_1)) { - Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "TLS 1.1 protocol not supported", (char *)NULL); return NULL; } #endif #if defined(NO_TLS1_2) || defined(OPENSSL_NO_TLS1_2) if (ENABLED(proto, TLS_PROTO_TLS1_2)) { - Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "TLS 1.2 protocol not supported", (char *)NULL); return NULL; } #endif #if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3) if (ENABLED(proto, TLS_PROTO_TLS1_3)) { - Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", (char *) NULL); + Tcl_AppendResult(interp, "TLS 1.3 protocol not supported", (char *)NULL); return NULL; } #endif if (proto == 0) { /* Use full range */ @@ -1865,29 +2110,38 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_algorithms(); /* Load ciphers and digests */ #endif SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */ - SSL_CTX_set_options(ctx, SSL_OP_ALL); /* all SSL bug workarounds */ - SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* disable compression even if supported */ - SSL_CTX_set_options(ctx, off); /* disable protocol versions */ -#if OPENSSL_VERSION_NUMBER < 0x10101000L - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); /* handle new handshakes in background. On by default in OpenSSL 1.1.1. */ -#endif + SSL_CTX_set_options(ctx, SSL_OP_ALL); /* Enable all SSL bug workarounds */ + SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* Disable compression even if supported */ + SSL_CTX_set_options(ctx, off); /* Disable specified protocol versions */ + + /* Allow writes to report success when less than all records have been written */ + SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + + /* Disable attempts to try to process the next record instead of returning after a + non-app record. Avoids hangs in blocking mode, when using SSL_read() and a + non-application record was sent without any application data. */ + /*SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);*/ + SSL_CTX_sess_set_cache_size(ctx, 128); /* Set user defined ciphers, cipher suites, and security level */ if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) { - Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL); + Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *)NULL); SSL_CTX_free(ctx); return NULL; } if ((ciphersuites != NULL) && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { - Tcl_AppendResult(interp, "Set cipher suites failed: No valid ciphers", (char *) NULL); + Tcl_AppendResult(interp, "Set cipher suites failed: No valid ciphers", (char *)NULL); SSL_CTX_free(ctx); return NULL; } + + /* set automatic curve selection */ + SSL_CTX_set_ecdh_auto(ctx, 1); /* Set security level */ if (level > -1 && level < 6) { /* SSL_set_security_level */ SSL_CTX_set_security_level(ctx, level); @@ -1899,11 +2153,11 @@ /* read a Diffie-Hellman parameters file, or use the built-in one */ Tcl_DStringInit(&ds); #ifdef OPENSSL_NO_DH if (DHparams != NULL) { - Tcl_AppendResult(interp, "DH parameter support not available", (char *) NULL); + Tcl_AppendResult(interp, "DH parameter support not available", (char *)NULL); SSL_CTX_free(ctx); return NULL; } #else { @@ -1912,30 +2166,30 @@ BIO *bio; bio = BIO_new_file(F2N(DHparams, &ds), "r"); if (!bio) { Tcl_DStringFree(&ds); - Tcl_AppendResult(interp, "Could not find DH parameters file", (char *) NULL); + Tcl_AppendResult(interp, "Could not find DH parameters file", (char *)NULL); SSL_CTX_free(ctx); return NULL; } dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); BIO_free(bio); Tcl_DStringFree(&ds); if (!dh) { - Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *) NULL); + Tcl_AppendResult(interp, "Could not read DH parameters from file", (char *)NULL); SSL_CTX_free(ctx); return NULL; } SSL_CTX_set_tmp_dh(ctx, dh); DH_free(dh); } else { /* Use well known DH parameters that have built-in support in OpenSSL */ if (!SSL_CTX_set_dh_auto(ctx, 1)) { - Tcl_AppendResult(interp, "Could not enable set DH auto: ", GET_ERR_REASON(), (char *) NULL); + Tcl_AppendResult(interp, "Could not enable set DH auto: ", GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; } } } @@ -1947,31 +2201,31 @@ load_private_key = 1; if (SSL_CTX_use_certificate_file(ctx, F2N(certfile, &ds), SSL_FILETYPE_PEM) <= 0) { Tcl_DStringFree(&ds); Tcl_AppendResult(interp, "unable to set certificate file ", certfile, ": ", - GET_ERR_REASON(), (char *) NULL); + GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; } Tcl_DStringFree(&ds); } else if (cert != NULL) { load_private_key = 1; - if (SSL_CTX_use_certificate_ASN1(ctx, cert_len, cert) <= 0) { + if (SSL_CTX_use_certificate_ASN1(ctx, (int) cert_len, cert) <= 0) { Tcl_AppendResult(interp, "unable to set certificate: ", - GET_ERR_REASON(), (char *) NULL); + GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; } } else { certfile = (char*)X509_get_default_cert_file(); if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM) <= 0) { #if 0 Tcl_AppendResult(interp, "unable to use default certificate file ", certfile, ": ", - GET_ERR_REASON(), (char *) NULL); + GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; #endif } } @@ -1991,38 +2245,41 @@ if (SSL_CTX_use_PrivateKey_file(ctx, F2N(keyfile, &ds), SSL_FILETYPE_PEM) <= 0) { Tcl_DStringFree(&ds); /* flush the passphrase which might be left in the result */ Tcl_SetResult(interp, NULL, TCL_STATIC); Tcl_AppendResult(interp, "unable to set public key file ", keyfile, " ", - GET_ERR_REASON(), (char *) NULL); + GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; } Tcl_DStringFree(&ds); } else if (key != NULL) { - if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key,key_len) <= 0) { + if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key, (int) key_len) <= 0) { /* flush the passphrase which might be left in the result */ Tcl_SetResult(interp, NULL, TCL_STATIC); - Tcl_AppendResult(interp, "unable to set public key: ", GET_ERR_REASON(), (char *) NULL); + Tcl_AppendResult(interp, "unable to set public key: ", GET_ERR_REASON(), (char *)NULL); SSL_CTX_free(ctx); return NULL; } } /* Now we know that a key and cert have been set against * the SSL context */ if (!SSL_CTX_check_private_key(ctx)) { Tcl_AppendResult(interp, "private key does not match the certificate public key", - (char *) NULL); + (char *)NULL); SSL_CTX_free(ctx); return NULL; } } - /* Set to use default location and file for Certificate Authority (CA) certificates. The - * verify path and store can be overridden by the SSL_CERT_DIR env var. The verify file can - * be overridden by the SSL_CERT_FILE env var. */ + /* Set to use the default location and file for Certificate Authority (CA) certificates. + * The default CA certificates directory is called certs in the default OpenSSL + * directory. It contains the CA certificates in PEM format, with one certificate per + * file. The verify path and store can be overridden by the SSL_CERT_DIR env var. The + * default CA certificates file is called cert.pem in the default OpenSSL directory. + * The verify file can be overridden by the SSL_CERT_FILE env var. */ if (!SSL_CTX_set_default_verify_paths(ctx)) { abort++; } /* Overrides for the CA verify path and file */ @@ -2032,10 +2289,11 @@ Tcl_DString ds1; Tcl_DStringInit(&ds1); if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) { abort++; + return NULL; } Tcl_DStringFree(&ds); Tcl_DStringFree(&ds1); /* Set list of CAs to send to client when requesting a client certificate */ @@ -2047,39 +2305,77 @@ } Tcl_DStringFree(&ds); } #else + /* Set directory containing CA certificates in PEM format. */ if (CApath != NULL) { if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) { abort++; } Tcl_DStringFree(&ds); } - if (CAfile != NULL) { - if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) { + + /* Set URI for to a store, which may be a single container or a catalog of containers. */ + if (CAstore != NULL) { + if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) { abort++; } Tcl_DStringFree(&ds); + } - /* Set list of CAs to send to client when requesting a client certificate */ - STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds)); - if (certNames != NULL) { - SSL_CTX_set_client_CA_list(ctx, certNames); + /* Set file of CA certificates in PEM format. */ + if (CAfile != NULL) { + Tcl_Obj *cafileobj = Tcl_NewStringObj(CAfile, -1); + Tcl_IncrRefCount(cafileobj); + + Tcl_Obj *fsinfo = Tcl_FSFileSystemInfo(cafileobj); + if (fsinfo) { + Tcl_IncrRefCount(fsinfo); + + Tcl_Obj *fstype = NULL; + Tcl_ListObjIndex(interp, fsinfo, 0, &fstype); + + if (Tcl_StringMatch("native", Tcl_GetString(fstype))) { + if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) { + abort++; + } + Tcl_DStringFree(&ds); + + /* Set list of CAs to send to client when requesting a client certificate */ + STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds)); + if (certNames != NULL) { + SSL_CTX_set_client_CA_list(ctx, certNames); + } + Tcl_DStringFree(&ds); + + } else { + /* Load certificate into memory */ + if (!TlsLoadClientCAFileFromMemory(interp, ctx, cafileobj)) { + abort++; + } + } + Tcl_DecrRefCount(fsinfo); + + } else { + abort++; /* Path is not recognized */ } - Tcl_DStringFree(&ds); + Tcl_DecrRefCount(cafileobj); } #endif } + if (abort > 0) { + /* return error */ + } return ctx; } /* *------------------------------------------------------------------- * - * StatusObjCmd -- return certificate for connected peer. + * StatusObjCmd -- return certificate for connected peer info. * * Results: * A standard Tcl result. * * Side effects: @@ -2086,21 +2382,25 @@ * None. * *------------------------------------------------------------------- */ static int -StatusObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +StatusObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ State *statePtr; X509 *peer; Tcl_Obj *objPtr; Tcl_Channel chan; char *channelName, *ciphers; int mode; const unsigned char *proto; unsigned int len; int nid, res; - (void) clientData; dprintf("Called"); if (objc < 2 || objc > 3 || (objc == 3 && !strcmp(Tcl_GetString(objv[1]), "-local"))) { Tcl_WrongNumArgs(interp, 1, objv, "?-local? channel"); @@ -2116,12 +2416,12 @@ /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), - "\": not a TLS channel", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "STATUS", "CHANNEL", "INVALID", (char *) NULL); + "\": not a TLS channel", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "STATUS", "CHANNEL", "INVALID", (char *)NULL); return TCL_ERROR; } statePtr = (State *) Tcl_GetChannelInstanceData(chan); /* Get certificate for peer or self */ @@ -2130,11 +2430,11 @@ } else { peer = SSL_get_certificate(statePtr->ssl); } /* Get X509 certificate info */ if (peer) { - objPtr = Tls_NewX509Obj(interp, peer); + objPtr = Tls_NewX509Obj(interp, peer, 1); if (objc == 2) { X509_free(peer); peer = NULL; } } else { @@ -2152,24 +2452,24 @@ LAPPEND_STR(interp, objPtr, "verifyResult", X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)), -1); /* Verify mode */ mode = SSL_get_verify_mode(statePtr->ssl); - if (mode && SSL_VERIFY_NONE) { + if (mode & SSL_VERIFY_NONE) { LAPPEND_STR(interp, objPtr, "verifyMode", "none", -1); } else { Tcl_Obj *listObjPtr = Tcl_NewListObj(0, NULL); - if (mode && SSL_VERIFY_PEER) { + if (mode & SSL_VERIFY_PEER) { Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("peer", -1)); } - if (mode && SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { + if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("fail if no peer cert", -1)); } - if (mode && SSL_VERIFY_CLIENT_ONCE) { + if (mode & SSL_VERIFY_CLIENT_ONCE) { Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("client once", -1)); } - if (mode && SSL_VERIFY_POST_HANDSHAKE) { + if (mode & SSL_VERIFY_POST_HANDSHAKE) { Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("post handshake", -1)); } LAPPEND_OBJ(interp, objPtr, "verifyMode", listObjPtr) } @@ -2188,17 +2488,20 @@ res = SSL_get_signature_nid(statePtr->ssl, &nid); } if (!res) {nid = 0;} LAPPEND_STR(interp, objPtr, "signatureHashAlgorithm", OBJ_nid2ln(nid), -1); + /* Added in OpenSSL 1.1.1a */ +#if OPENSSL_VERSION_NUMBER > 0x10101000L if (objc == 2) { res = SSL_get_peer_signature_type_nid(statePtr->ssl, &nid); } else { res = SSL_get_signature_type_nid(statePtr->ssl, &nid); } if (!res) {nid = 0;} LAPPEND_STR(interp, objPtr, "signatureType", OBJ_nid2ln(nid), -1); +#endif Tcl_SetObjResult(interp, objPtr); return TCL_OK; } @@ -2211,19 +2514,25 @@ * A list of connection info * *------------------------------------------------------------------- */ -static int ConnectionInfoObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +static int ConnectionInfoObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ Tcl_Channel chan; /* The channel to set a mode on */ - State *statePtr; /* client state for ssl socket */ + State *statePtr; /* Client state for TLS socket */ Tcl_Obj *objPtr, *listPtr; const SSL *ssl; const SSL_CIPHER *cipher; const SSL_SESSION *session; const EVP_MD *md; - (void) clientData; + + dprintf("Called"); if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "channel"); return TCL_ERROR; } @@ -2235,27 +2544,37 @@ /* Make sure to operate on the topmost channel */ chan = Tcl_GetTopChannel(chan); if (Tcl_GetChannelType(chan) != Tls_ChannelType()) { Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), - "\": not a TLS channel", (char *) NULL); - Tcl_SetErrorCode(interp, "TLS", "CONNECTION", "CHANNEL", "INVALID", (char *) NULL); + "\": not a TLS channel", (char *)NULL); + Tcl_SetErrorCode(interp, "TLS", "CONNECTION", "CHANNEL", "INVALID", (char *)NULL); return TCL_ERROR; } objPtr = Tcl_NewListObj(0, NULL); /* Connection info */ statePtr = (State *)Tcl_GetChannelInstanceData(chan); ssl = statePtr->ssl; if (ssl != NULL) { + const unsigned char *proto; + unsigned int ulen; + + /* Initialization finished */ + LAPPEND_BOOL(interp, objPtr, "init_finished", SSL_is_init_finished(ssl)); + /* connection state */ LAPPEND_STR(interp, objPtr, "state", SSL_state_string_long(ssl), -1); /* Get SNI requested server name */ LAPPEND_STR(interp, objPtr, "servername", SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name), -1); + /* Report the selected protocol as a result of the negotiation */ + SSL_get0_alpn_selected(statePtr->ssl, &proto, &ulen); + LAPPEND_STR(interp, objPtr, "alpn", (char *)proto, (Tcl_Size) ulen); + /* Get protocol */ LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1); /* Renegotiation allowed */ LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl)); @@ -2269,10 +2588,30 @@ /* Is server info */ LAPPEND_BOOL(interp, objPtr, "is_server", SSL_is_server(ssl)); /* Is DTLS */ LAPPEND_BOOL(interp, objPtr, "is_dtls", SSL_is_dtls(ssl)); + +#if OPENSSL_VERSION_NUMBER >= 0x30200000L + /* Is QUIC */ + LAPPEND_BOOL(interp, objPtr, "is_quic", SSL_is_quic(ssl)); + + /* Is TLS */ + LAPPEND_BOOL(interp, objPtr, "is_tls", SSL_is_tls(ssl)); +#endif + + /* DANE TLS authentication */ + LAPPEND_BOOL(interp, objPtr, "dane_auth", SSL_get0_dane((SSL *)ssl) != NULL); + + /* Waiting for async */ + LAPPEND_BOOL(interp, objPtr, "waiting_for_async", SSL_waiting_for_async((SSL *)ssl)); + + /* Time-out */ + LAPPEND_LONG(interp, objPtr, "time-out", SSL_get_default_timeout(ssl)); + + /* Is Certificate Transparency validation enabled */ + LAPPEND_BOOL(interp, objPtr, "ct_enabled", SSL_ct_is_enabled(ssl)); } /* Cipher info */ cipher = SSL_get_current_cipher(ssl); if (cipher != NULL) { @@ -2449,21 +2788,23 @@ * None. * *------------------------------------------------------------------- */ static int -VersionObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +VersionObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + TCL_UNUSED(int), /* objc - Arg count */ + TCL_UNUSED(Tcl_Obj *const *)) /* objv - Arguments as Tcl objects */ +{ Tcl_Obj *objPtr; - (void) clientData; - (void) objc; - (void) objv; dprintf("Called"); objPtr = Tcl_NewStringObj(OPENSSL_VERSION_TEXT, -1); - Tcl_SetObjResult(interp, objPtr); + Tcl_SetObjResult(interp, objPtr); return TCL_OK; } /* *------------------------------------------------------------------- @@ -2477,17 +2818,20 @@ * None. * *------------------------------------------------------------------- */ static int -MiscObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { +MiscObjCmd( + TCL_UNUSED(ClientData), /* Client data */ + Tcl_Interp *interp, /* Tcl interpreter */ + int objc, /* Arg count */ + Tcl_Obj *const objv[]) /* Arguments as Tcl objects */ +{ static const char *commands [] = { "req", "strreq", NULL }; enum command { C_REQ, C_STRREQ, C_DUMMY }; - Tcl_Size cmd; - int isStr; + int cmd, isStr; char buffer[16384]; - (void) clientData; dprintf("Called"); if (objc < 2) { Tcl_WrongNumArgs(interp, 1, objv, "subcommand ?args?"); @@ -2505,16 +2849,15 @@ case C_STRREQ: { EVP_PKEY *pkey=NULL; X509 *cert=NULL; X509_NAME *name=NULL; Tcl_Obj **listv; - Tcl_Size listc; - int i; + Tcl_Size listc, i; BIO *out=NULL; - char *k_C="",*k_ST="",*k_L="",*k_O="",*k_OU="",*k_CN="",*k_Email=""; + const char *k_C="",*k_ST="",*k_L="",*k_O="",*k_OU="",*k_CN="",*k_Email=""; char *keyout,*pemout,*str; int keysize,serial=0,days=365; #if OPENSSL_VERSION_NUMBER < 0x30000000L BIGNUM *bne = NULL; @@ -2699,11 +3042,13 @@ * Frees all the state * *------------------------------------------------------------------- */ void -Tls_Free(tls_free_type *blockPtr) { +Tls_Free( + tls_free_type *blockPtr) /* Client state for TLS socket */ +{ State *statePtr = (State *)blockPtr; dprintf("Called"); Tls_Clean(statePtr); @@ -2726,11 +3071,13 @@ * Side effects: * Frees all the state * *------------------------------------------------------------------- */ -void Tls_Clean(State *statePtr) { +void Tls_Clean( + State *statePtr) /* Client state for TLS socket */ +{ dprintf("Called"); /* * we're assuming here that we're single-threaded */ @@ -2737,29 +3084,11 @@ if (statePtr->timer != (Tcl_TimerToken) NULL) { Tcl_DeleteTimerHandler(statePtr->timer); statePtr->timer = NULL; } - if (statePtr->protos) { - ckfree(statePtr->protos); - statePtr->protos = NULL; - } - if (statePtr->bio) { - /* This will call SSL_shutdown. Bug 1414045 */ - dprintf("BIO_free_all(%p)", statePtr->bio); - BIO_free_all(statePtr->bio); - statePtr->bio = NULL; - } - if (statePtr->ssl) { - dprintf("SSL_free(%p)", statePtr->ssl); - SSL_free(statePtr->ssl); - statePtr->ssl = NULL; - } - if (statePtr->ctx) { - SSL_CTX_free(statePtr->ctx); - statePtr->ctx = NULL; - } + /* Remove callbacks */ if (statePtr->callback) { Tcl_DecrRefCount(statePtr->callback); statePtr->callback = NULL; } if (statePtr->password) { @@ -2768,10 +3097,33 @@ } if (statePtr->vcmd) { Tcl_DecrRefCount(statePtr->vcmd); statePtr->vcmd = NULL; } + + if (statePtr->protos) { + ckfree(statePtr->protos); + statePtr->protos = NULL; + } + + if (statePtr->bio) { + /* This will call SSL_shutdown. Bug 1414045 */ + dprintf("BIO_free_all(%p)", statePtr->bio); + BIO_free_all(statePtr->bio); + statePtr->bio = NULL; + } + + if (statePtr->ssl) { + dprintf("SSL_free(%p)", statePtr->ssl); + SSL_free(statePtr->ssl); + statePtr->ssl = NULL; + } + + if (statePtr->ctx) { + SSL_CTX_free(statePtr->ctx); + statePtr->ctx = NULL; + } dprintf("Returning"); } /* @@ -2794,11 +3146,13 @@ # define STRINGIFY(x) STRINGIFY1(x) # define STRINGIFY1(x) #x #endif int -BuildInfoCommand(Tcl_Interp* interp) { +BuildInfoCommand( + Tcl_Interp* interp) /* Tcl interpreter */ +{ Tcl_CmdInfo info; if (Tcl_GetCommandInfo(interp, "::tcl::build-info", &info)) { Tcl_CreateObjCommand(interp, "::tls::build-info", info.objProc, (void *)( PACKAGE_VERSION "+" STRINGIFY(TLS_VERSION_UUID) @@ -2855,22 +3209,89 @@ ), NULL); } return TCL_OK; } +/* + *------------------------------------------------------* + * + * TlsLibShutdown -- + * + * Shutdown SSL library once per application + * + * Results: + * A standard TCL result + * + * Side effects: + * Shutdown SSL library + * + *------------------------------------------------------* + */ +void TlsLibShutdown( + ClientData clientData) /* Not used */ +{ + dprintf("Called"); + + BIO_cleanup(); +} + +/* + *------------------------------------------------------* + * + * TlsLibInit -- + * + * Initializes SSL library once per application + * + * Results: + * A standard Tcl result + * + * Side effects: + * Initializes SSL library + * + *------------------------------------------------------* + */ +static int TlsLibInit() { + static int initialized = 0; + + dprintf("Called"); + + if (!initialized) { + /* Initialize BOTH libcrypto and libssl. */ + if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS + | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CONFIG | OPENSSL_INIT_ASYNC, NULL)) { + return TCL_ERROR; + } + + /* Create BIO handlers */ + BIO_new_tcl(NULL, 0); + + /* Create exit handler */ + Tcl_CreateExitHandler(TlsLibShutdown, NULL); + initialized = 1; + } + return TCL_OK; +} + +/* Init script */ +static const char tlsTclInitScript[] = { +#include "tls.tcl.h" +}; + /* *------------------------------------------------------------------- * * Tls_Init -- * * This is a package initialization procedure, which is called - * by Tcl when this package is to be added to an interpreter. + * by TCL when this package is to be added to an interpreter. * - * Results: Ssl configured and loaded + * Results: + * Initializes structures and creates commands. * * Side effects: - * create the ssl command, initialize ssl context + * Create the commands * *------------------------------------------------------------------- */ #if TCL_MAJOR_VERSION > 8 @@ -2877,38 +3298,37 @@ #define MIN_VERSION "9.0" #else #define MIN_VERSION "8.5" #endif -static const char tlsTclInitScript[] = { -#include "tls.tcl.h" - 0x00 - }; - -DLLEXPORT int Tls_Init(Tcl_Interp *interp) { +DLLEXPORT int Tls_Init( + Tcl_Interp *interp) /* Tcl interpreter */ +{ dprintf("Called"); #ifdef USE_TCL_STUBS if (Tcl_InitStubs(interp, MIN_VERSION, 0) == NULL) { return TCL_ERROR; } -#endif - if (Tcl_PkgRequire(interp, "Tcl", MIN_VERSION, 0) == NULL) { +#else + if (Tcl_PkgRequireEx(interp, "Tcl", MIN_VERSION, 0, NULL) == NULL) { return TCL_ERROR; } +#endif - if (TlsLibInit(0) != TCL_OK) { - Tcl_AppendResult(interp, "could not initialize SSL library", (char *) NULL); + if (TlsLibInit() != TCL_OK) { + Tcl_AppendResult(interp, "could not initialize SSL library", (char *)NULL); return TCL_ERROR; } Tcl_CreateObjCommand(interp, "::tls::ciphers", CiphersObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::connection", ConnectionInfoObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::handshake", HandshakeObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::import", ImportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::unimport", UnimportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); + Tcl_CreateObjCommand(interp, "::tls::unstack", UnimportObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::status", StatusObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::version", VersionObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::misc", MiscObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "::tls::protocols", ProtocolsObjCmd, (ClientData) NULL, (Tcl_CmdDeleteProc *) NULL); @@ -2920,134 +3340,25 @@ return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION); } /* - *------------------------------------------------------* + *------------------------------------------------------------------- * * Tls_SafeInit -- * - * ------------------------------------------------* - * Standard procedure required by 'load'. - * Initializes this extension for a safe interpreter. - * ------------------------------------------------* - * - * Side effects: - * As of 'Tls_Init' - * - * Result: - * A standard Tcl error code. - * - *------------------------------------------------------* - */ -DLLEXPORT int Tls_SafeInit(Tcl_Interp *interp) { + * This is a package initialization procedure for safe interps. + * + * Results: + * Same as of 'Tls_Init' + * + * Side effects: + * Same as of 'Tls_Init' + * + *------------------------------------------------------------------- + */ +DLLEXPORT int Tls_SafeInit( + Tcl_Interp *interp) /* Tcl interpreter */ +{ dprintf("Called"); return Tls_Init(interp); } - -/* - *------------------------------------------------------* - * - * TlsLibInit -- - * - * ------------------------------------------------* - * Initializes SSL library once per application - * ------------------------------------------------* - * - * Side effects: - * initializes SSL library - * - * Result: - * none - * - *------------------------------------------------------* - */ -static int TlsLibInit(int uninitialize) { - static int initialized = 0; - int status = TCL_OK; -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - size_t num_locks; -#endif - - if (uninitialize) { - if (!initialized) { - dprintf("Asked to uninitialize, but we are not initialized"); - - return TCL_OK; - } - - dprintf("Asked to uninitialize"); - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexLock(&init_mx); - - if (locks) { - free(locks); - locks = NULL; - locksCount = 0; - } -#endif - initialized = 0; - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexUnlock(&init_mx); -#endif - - return TCL_OK; - } - - if (initialized) { - dprintf("Called, but using cached value"); - return status; - } - - dprintf("Called"); - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexLock(&init_mx); -#endif - initialized = 1; - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - num_locks = 1; - locksCount = (int) num_locks; - locks = malloc(sizeof(*locks) * num_locks); - memset(locks, 0, sizeof(*locks) * num_locks); -#endif - - /* Initialize BOTH libcrypto and libssl. */ - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS - | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); - - BIO_new_tcl(NULL, 0); - -#if 0 - /* - * XXX:TODO: Remove this code and replace it with a check - * for enough entropy and do not try to create our own - * terrible entropy - */ - /* - * Seed the random number generator in the SSL library, - * using the do/while construct because of the bug note in the - * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1 - * - * The crux of the problem is that Solaris 7 does not have a - * /dev/random or /dev/urandom device so it cannot gather enough - * entropy from the RAND_seed() when TLS initializes and refuses - * to go further. Earlier versions of OpenSSL carried on regardless. - */ - srand((unsigned int) time((time_t *) NULL)); - do { - for (i = 0; i < 16; i++) { - rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); - } - RAND_seed(rnd_seed, sizeof(rnd_seed)); - } while (RAND_status() != 1); -#endif - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexUnlock(&init_mx); -#endif - - return status; -} Index: generic/tls.h ================================================================== --- generic/tls.h +++ generic/tls.h @@ -1,12 +1,11 @@ /* - * Copyright (C) 1997-2000 Matt Newman - * - * TLS (aka SSL) Channel - can be layered on any bi-directional - * Tcl_Channel (Note: Requires Trf Core Patch) + * TLS Channel - This extension provides a encrypted communication channel + * using the TLS or SSL protocols. It can be layered on top of any + * bi-directional Tcl_Channel. * - * This was built from scratch based upon observation of OpenSSL 0.9.2B + * Copyright (C) 1997-2000 Matt Newman * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * @@ -13,11 +12,11 @@ * Also work done by the follow people provided the impetus to do this "right":- * tclSSL (Colin McCormack, Shared Technology) * SSLtcl (Peter Antman) * */ - + #ifndef _TLS_H #define _TLS_H #include Index: generic/tlsBIO.c ================================================================== --- generic/tlsBIO.c +++ generic/tlsBIO.c @@ -1,276 +1,504 @@ /* - * Copyright (C) 1997-2000 Matt Newman - * - * Provides BIO layer to interface OpenSSL to TCL. - */ - -#include "tlsInt.h" - -/* Called by SSL_write() */ -static int BioWrite(BIO *bio, const char *buf, int bufLen) { - Tcl_Channel chan; - Tcl_Size ret; - int tclEofChan, tclErrno; - - chan = Tls_GetParent((State *) BIO_get_data(bio), 0); - - dprintf("[chan=%p] BioWrite(%p, , %d)", (void *)chan, (void *) bio, bufLen); - - ret = Tcl_WriteRaw(chan, buf, (Tcl_Size) bufLen); - - tclEofChan = Tcl_Eof(chan); - tclErrno = Tcl_GetErrno(); - - dprintf("[chan=%p] BioWrite(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; tclErrno=%d]", - (void *) chan, bufLen, ret, tclEofChan, tclErrno); - - BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY); - - if (tclEofChan && ret <= 0) { - dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF"); - Tcl_SetErrno(ECONNRESET); - ret = 0; - - } else if (ret == 0) { - dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0"); - dprintf("Setting retry read flag"); - BIO_set_retry_read(bio); - - } else if (ret < 0) { - dprintf("We got some kind of I/O error"); - - if (tclErrno == EAGAIN) { - dprintf("It's EAGAIN"); - } else { - dprintf("It's an unexpected error: %s/%i", Tcl_ErrnoMsg(tclErrno), tclErrno); - } - - } else { - dprintf("Successfully wrote %" TCL_SIZE_MODIFIER "d bytes of data", ret); - } - - if (ret != -1 || (ret == -1 && tclErrno == EAGAIN)) { - if (BIO_should_read(bio)) { - dprintf("Setting should retry read flag"); - - BIO_set_retry_read(bio); - } - } - return (int) ret; -} - -/* Called by SSL_read()*/ -static int BioRead(BIO *bio, char *buf, int bufLen) { - Tcl_Channel chan; - Tcl_Size ret = 0; - int tclEofChan, tclErrno; - - chan = Tls_GetParent((State *) BIO_get_data(bio), 0); - - dprintf("[chan=%p] BioRead(%p, , %d)", (void *) chan, (void *) bio, bufLen); - - if (buf == NULL) { + * Provides Custom BIO layer to interface OpenSSL with TCL. These functions + * directly interface between the TCL IO channel and BIO buffers. + * + * Copyright (C) 1997-2000 Matt Newman + * Copyright (C) 2024 Brian O'Hagan + * + */ + +/* + tlsBIO.c tlsIO.c + +------+ +-----+ +------+ + | |Tcl_WriteRaw <-- BioWrite| SSL |BIO_write <-- TlsOutputProc <-- Write| | + |socket| | BIO | | App | + | |Tcl_ReadRaw --> BioRead| |BIO_Read --> TlsInputProc --> Read| | + +------+ +-----+ +------+ +*/ + +#include "tlsInt.h" +#include + +/* Define BIO methods structure */ +static BIO_METHOD *BioMethods = NULL; + + + +/* + *----------------------------------------------------------------------------- + * + * BIOShouldRetry -- + * + * Determine if should retry operation based on error code. Same + * conditions as BIO_sock_should_retry function. + * + * Results: + * 1 = retry, 0 = no retry + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- + */ + +static int BIOShouldRetry(int code) { + int res = 0; + dprintf("BIOShouldRetry %d=%s", code, Tcl_ErrnoMsg(code)); + + if (code == EAGAIN || code == EWOULDBLOCK || code == ENOTCONN || code == EPROTO || +#ifdef _WIN32 + code == WSAEWOULDBLOCK || +#endif + code == EINTR || code == EINPROGRESS || code == EALREADY) { + res = 1; + } + + dprintf("BIOShouldRetry %d=%s, res=%d", code, Tcl_ErrnoMsg(code), res); + + return res; +} + +/* + *----------------------------------------------------------------------------- + * + * BioWrite -- + * + * This function is used to read encrypted data from the BIO and write it + * into the socket. This function will be called in response to the + * application calling the BIO_write_ex() or BIO_write() functions. + * + * Results: + * Returns the number of bytes written to channel, 0 for EOF, or -1 for + * error. + * + * Side effects: + * Writes BIO data to channel. + * + *----------------------------------------------------------------------------- + */ + +static int BioWrite(BIO *bio, const char *buf, int bufLen) { + Tcl_Size ret; + int is_eof, tclErrno; + State *statePtr = (State *) BIO_get_data(bio); + Tcl_Channel chan = Tls_GetParent(statePtr, 0); + + dprintf("[chan=%p] BioWrite(bio=%p, buf=%p, len=%d)", (void *)chan, (void *) bio, buf, bufLen); + + BIO_clear_retry_flags(bio); + Tcl_SetErrno(0); + + /* Write data to underlying channel */ + ret = Tcl_WriteRaw(chan, buf, (Tcl_Size) bufLen); + is_eof = Tcl_Eof(chan); + tclErrno = Tcl_GetErrno(); + + dprintf("[chan=%p] BioWrite(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; tclErrno=%d: %s]", + (void *) chan, bufLen, ret, is_eof, tclErrno, Tcl_ErrnoMsg(tclErrno)); + + if (ret > 0) { + dprintf("Successfully wrote %" TCL_SIZE_MODIFIER "d bytes of data", ret); + + } else if (ret == 0) { + if (is_eof) { + dprintf("Got EOF while writing, returning a Connection Reset error which maps to Soft EOF"); + Tcl_SetErrno(ECONNRESET); + BIO_set_flags(bio, BIO_FLAGS_IN_EOF); + + } else { + dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0"); + BIO_set_retry_write(bio); + + dprintf("Setting retry read flag"); + BIO_set_retry_read(bio); + } + + } else { + dprintf("We got some kind of I/O error"); + + if (BIOShouldRetry(tclErrno)) { + dprintf("Try again for: %i=%s", tclErrno, Tcl_ErrnoMsg(tclErrno)); + BIO_set_retry_write(bio); + + } else { + dprintf("Unexpected error: %i=%s", tclErrno, Tcl_ErrnoMsg(tclErrno)); + } + } + + dprintf("BioWrite returning %" TCL_SIZE_MODIFIER "d", ret); + return (int) ret; +} + +/* + *----------------------------------------------------------------------------- + * + * BioRead -- + * + * This function is used to read encrypted data from the socket and + * write it into the BIO. This function will be called in response to the + * application calling the BIO_read_ex() or BIO_read() functions. + * + * Results: + * Returns the number of bytes read from channel, 0 for EOF, or -1 for + * error. + * + * Side effects: + * Reads channel data into BIO. + * + * Data is received in whole blocks known as records from the peer. A whole + * record is processed (e.g. decrypted) in one go and is buffered by OpenSSL + * until it is read by the application via a call to SSL_read. SSL_pending() + * returns the number of bytes which have been processed, buffered, and are + * available inside ssl for immediate read. SSL_has_pending() returns 1 if + * data is buffered (whether processed or unprocessed) and 0 otherwise. + * + *----------------------------------------------------------------------------- + */ + +static int BioRead(BIO *bio, char *buf, int bufLen) { + Tcl_Size ret = 0; + int is_eof, tclErrno, is_blocked; + State *statePtr = (State *) BIO_get_data(bio); + Tcl_Channel chan = Tls_GetParent(statePtr, 0); + + dprintf("[chan=%p] BioRead(bio=%p, buf=%p, len=%d)", (void *) chan, (void *) bio, buf, bufLen); + + if (buf == NULL || bufLen <= 0) { return 0; } - ret = Tcl_ReadRaw(chan, buf, (Tcl_Size) bufLen); - - tclEofChan = Tcl_Eof(chan); - tclErrno = Tcl_GetErrno(); - - dprintf("[chan=%p] BioRead(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; tclErrno=%d]", - (void *) chan, bufLen, ret, tclEofChan, tclErrno); - - BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY); - - if (tclEofChan && ret <= 0) { - dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF"); - Tcl_SetErrno(ECONNRESET); - ret = 0; - - } else if (ret == 0) { - dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0"); - dprintf("Setting retry read flag"); - BIO_set_retry_read(bio); - - } else if (ret < 0) { - dprintf("We got some kind of I/O error"); - - if (tclErrno == EAGAIN) { - dprintf("It's EAGAIN"); - } else { - dprintf("It's an unexpected error: %s/%i", Tcl_ErrnoMsg(tclErrno), tclErrno); - } - - } else { - dprintf("Successfully read %" TCL_SIZE_MODIFIER "d bytes of data", ret); - } - - if (ret != -1 || (ret == -1 && tclErrno == EAGAIN)) { - if (BIO_should_write(bio)) { - dprintf("Setting should retry write flag"); - - BIO_set_retry_write(bio); - } - } - - dprintf("BioRead(%p, , %d) [%p] returning %" TCL_SIZE_MODIFIER "d", (void *) bio, - bufLen, (void *) chan, ret); - - return (int) ret; -} - -static int BioPuts(BIO *bio, const char *str) { - dprintf("BioPuts(%p, ) called", bio, str); + BIO_clear_retry_flags(bio); + Tcl_SetErrno(0); + + /* Read data from underlying channel */ + ret = Tcl_ReadRaw(chan, buf, (Tcl_Size) bufLen); + + is_eof = Tcl_Eof(chan); + tclErrno = Tcl_GetErrno(); + is_blocked = Tcl_InputBlocked(chan); + + dprintf("[chan=%p] BioRead(%d) -> %" TCL_SIZE_MODIFIER "d [tclEof=%d; blocked=%d; tclErrno=%d: %s]", + (void *) chan, bufLen, ret, is_eof, is_blocked, tclErrno, Tcl_ErrnoMsg(tclErrno)); + + if (ret > 0) { + dprintf("Successfully read %" TCL_SIZE_MODIFIER "d bytes of data", ret); + + } else if (ret == 0) { + if (is_eof) { + dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF"); + Tcl_SetErrno(ECONNRESET); + BIO_set_flags(bio, BIO_FLAGS_IN_EOF); + + } else if (is_blocked) { + dprintf("Got input blocked from Tcl_ReadRaw. Setting retry read flag"); + BIO_set_retry_read(bio); + } + + } else { + dprintf("We got some kind of I/O error"); + + if (BIOShouldRetry(tclErrno)) { + dprintf("Try again for: %i=%s", tclErrno, Tcl_ErrnoMsg(tclErrno)); + BIO_set_retry_read(bio); + + } else { + dprintf("Unexpected error: %i=%s", tclErrno, Tcl_ErrnoMsg(tclErrno)); + } + } + + dprintf("BioRead returning %" TCL_SIZE_MODIFIER "d", ret); + return (int) ret; +} + +/* + *----------------------------------------------------------------------------- + * + * BioPuts -- + * + * This function is used to read a NULL terminated string from the BIO and + * write it to the channel. This function will be called in response to + * the application calling the BIO_puts() function. + * + * Results: + * Returns the number of bytes written to channel or 0 for error. + * + * Side effects: + * Writes data to channel. + * + *----------------------------------------------------------------------------- + */ + +static int BioPuts(BIO *bio, const char *str) { + dprintf("BioPuts(%p) \"%s\"", bio, str); return BioWrite(bio, str, (int) strlen(str)); } +/* + *----------------------------------------------------------------------------- + * + * BioCtrl -- + * + * This function is used to process control messages in the BIO. This + * function will be called in response to the application calling the + * BIO_ctrl() function. + * + * Results: + * Function dependent + * + * Side effects: + * Function dependent + * + *----------------------------------------------------------------------------- + */ + static long BioCtrl(BIO *bio, int cmd, long num, void *ptr) { - Tcl_Channel chan; long ret = 1; - - chan = Tls_GetParent((State *) BIO_get_data(bio), 0); + State *statePtr = (State *) BIO_get_data(bio); + Tcl_Channel chan = Tls_GetParent(statePtr, 0); dprintf("BioCtrl(%p, 0x%x, 0x%lx, %p)", (void *) bio, cmd, num, ptr); switch (cmd) { case BIO_CTRL_RESET: + /* opt - Resets BIO to initial state. Implements BIO_reset. */ dprintf("Got BIO_CTRL_RESET"); + /* Return 1 for success (0 for file BIOs) and -1 for failure */ ret = 0; break; - case BIO_C_FILE_SEEK: - dprintf("Got BIO_C_FILE_SEEK"); - ret = 0; - break; - case BIO_C_FILE_TELL: - dprintf("Got BIO_C_FILE_TELL"); - ret = 0; + case BIO_CTRL_EOF: + /* opt - Returns whether EOF has been reached. Implements BIO_eof. */ + dprintf("Got BIO_CTRL_EOF"); + /* Returns 1 if EOF has been reached, 0 if not, or <0 for failure */ + ret = ((chan) ? (Tcl_Eof(chan) || BIO_test_flags(bio, BIO_FLAGS_IN_EOF)) : 1); break; case BIO_CTRL_INFO: + /* opt - extra info on BIO. Implements BIO_get_mem_data */ dprintf("Got BIO_CTRL_INFO"); - ret = 1; - break; - case BIO_C_SET_FD: - dprintf("Unsupported call: BIO_C_SET_FD"); - ret = -1; - break; - case BIO_C_GET_FD: - dprintf("Unsupported call: BIO_C_GET_FD"); - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - dprintf("Got BIO_CTRL_CLOSE"); - ret = BIO_get_shutdown(bio); - break; - case BIO_CTRL_SET_CLOSE: - dprintf("Got BIO_SET_CLOSE"); - BIO_set_shutdown(bio, num); - break; - case BIO_CTRL_EOF: - dprintf("Got BIO_CTRL_EOF"); - ret = ((chan) ? Tcl_Eof(chan) : 1); - break; - case BIO_CTRL_PENDING: - dprintf("Got BIO_CTRL_PENDING"); - ret = ((chan) ? ((Tcl_InputBuffered(chan) ? 1 : 0)) : 0); - dprintf("BIO_CTRL_PENDING(%d)", (int) ret); - break; - case BIO_CTRL_WPENDING: - dprintf("Got BIO_CTRL_WPENDING"); + ret = 0; + break; + case BIO_CTRL_SET: + /* man - set the 'IO' parameter */ + dprintf("Got BIO_CTRL_SET"); ret = 0; break; - case BIO_CTRL_DUP: - dprintf("Got BIO_CTRL_DUP"); - break; - case BIO_CTRL_FLUSH: - dprintf("Got BIO_CTRL_FLUSH"); - ret = ((chan) && (Tcl_WriteRaw(chan, "", 0) >= 0) ? 1 : -1); - dprintf("BIO_CTRL_FLUSH returning value %li", ret); + case BIO_CTRL_GET: + /* man - get the 'IO' parameter */ + dprintf("Got BIO_CTRL_GET "); + ret = 0; break; case BIO_CTRL_PUSH: + /* opt - internal, used to signify change. Implements BIO_push */ dprintf("Got BIO_CTRL_PUSH"); ret = 0; break; case BIO_CTRL_POP: + /* opt - internal, used to signify change. Implements BIO_pop */ dprintf("Got BIO_CTRL_POP"); ret = 0; break; - case BIO_CTRL_SET: - dprintf("Got BIO_CTRL_SET"); + case BIO_CTRL_GET_CLOSE: + /* man - Get the close on BIO_free() flag set by BIO_CTRL_SET_CLOSE. Implements BIO_get_close */ + dprintf("Got BIO_CTRL_CLOSE"); + /* Returns BIO_CLOSE, BIO_NOCLOSE, or <0 for failure */ + ret = BIO_get_shutdown(bio); + break; + case BIO_CTRL_SET_CLOSE: + /* man - Set the close on BIO_free() flag. Implements BIO_set_close */ + dprintf("Got BIO_SET_CLOSE"); + BIO_set_shutdown(bio, num); + /* Returns 1 on success or <=0 for failure */ + ret = 1; + break; + case BIO_CTRL_PENDING: + /* opt - Return number of bytes in BIO waiting to be read. Implements BIO_pending. */ + dprintf("Got BIO_CTRL_PENDING"); + /* Return the amount of pending data or 0 for error */ + ret = ((chan) ? Tcl_InputBuffered(chan) : 0); + break; + case BIO_CTRL_FLUSH: + /* opt - Flush any buffered output. Implements BIO_flush. */ + dprintf("Got BIO_CTRL_FLUSH"); + /* Use Tcl_WriteRaw instead of Tcl_Flush to operate on right chan in stack */ + /* Returns 1 for success, <=0 for error/retry. */ + ret = ((chan) && (Tcl_WriteRaw(chan, "", 0) >= 0) ? 1 : -1); + /*ret = BioWrite(bio, NULL, 0);*/ + break; + case BIO_CTRL_DUP: + /* man - extra stuff for 'duped' BIO. Implements BIO_dup_state */ + dprintf("Got BIO_CTRL_DUP"); + ret = 1; + break; + case BIO_CTRL_WPENDING: + /* opt - Return number of bytes in BIO still to be written. Implements BIO_wpending. */ + dprintf("Got BIO_CTRL_WPENDING"); + /* Return the amount of pending data or 0 for error */ + ret = ((chan) ? Tcl_OutputBuffered(chan) : 0); + break; + case BIO_CTRL_SET_CALLBACK: + /* opt - Sets an informational callback. Implements BIO_set_info_callback */ ret = 0; break; - case BIO_CTRL_GET : - dprintf("Got BIO_CTRL_GET "); + case BIO_CTRL_GET_CALLBACK: + /* opt - Get and return the info callback. Implements BIO_get_info_callback */ ret = 0; break; -#ifdef BIO_CTRL_GET_KTLS_SEND + + case BIO_C_FILE_SEEK: + /* Not used for sockets. Tcl_Seek only works on top chan. Implements BIO_seek() */ + dprintf("Got BIO_C_FILE_SEEK"); + ret = 0; /* Return 0 success and -1 for failure */ + break; + case BIO_C_FILE_TELL: + /* Not used for sockets. Tcl_Tell only works on top chan. Implements BIO_tell() */ + dprintf("Got BIO_C_FILE_TELL"); + ret = 0; /* Return 0 success and -1 for failure */ + break; + case BIO_C_SET_FD: + /* Implements BIO_set_fd */ + dprintf("Unsupported call: BIO_C_SET_FD"); + ret = -1; + break; + case BIO_C_GET_FD: + /* Implements BIO_get_fd() */ + dprintf("Unsupported call: BIO_C_GET_FD"); + ret = -1; + break; + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L && defined(BIO_CTRL_GET_KTLS_SEND) case BIO_CTRL_GET_KTLS_SEND: + /* Implements BIO_get_ktls_send */ dprintf("Got BIO_CTRL_GET_KTLS_SEND"); + /* Returns 1 if the BIO is using the Kernel TLS data-path for sending, 0 if not */ ret = 0; break; #endif -#ifdef BIO_CTRL_GET_KTLS_RECV +#if OPENSSL_VERSION_NUMBER >= 0x30000000L && defined(BIO_CTRL_GET_KTLS_RECV) case BIO_CTRL_GET_KTLS_RECV: + /* Implements BIO_get_ktls_recv */ dprintf("Got BIO_CTRL_GET_KTLS_RECV"); + /* Returns 1 if the BIO is using the Kernel TLS data-path for receiving, 0 if not */ ret = 0; break; #endif default: dprintf("Got unknown control command (%i)", cmd); ret = 0; break; } + dprintf("BioCtrl return value %li", ret); return ret; } +/* + *----------------------------------------------------------------------------- + * + * BioNew -- + * + * This function is used to create a new instance of the BIO. This + * function will be called in response to the application calling the + * BIO_new() function. + * + * Results: + * Returns boolean success result (1=success, 0=failure) + * + * Side effects: + * Initializes BIO structure. + * + *----------------------------------------------------------------------------- + */ + static int BioNew(BIO *bio) { dprintf("BioNew(%p) called", bio); - BIO_set_init(bio, 0); + if (bio == NULL) { + return 0; + } + BIO_set_data(bio, NULL); + BIO_set_init(bio, 0); BIO_clear_flags(bio, -1); return 1; } +/* + *----------------------------------------------------------------------------- + * + * BioFree -- + * + * This function is used to destroy an instance of a BIO. This function + * will be called in response to the application calling the BIO_free() + * function. + * + * Results: + * Returns boolean success result + * + * Side effects: + * Initializes BIO structure. + * + *----------------------------------------------------------------------------- + */ + static int BioFree(BIO *bio) { + dprintf("BioFree(%p) called", bio); + if (bio == NULL) { return 0; } - dprintf("BioFree(%p) called", bio); - + /* Clear flags if set to BIO_CLOSE (close I/O stream when the BIO is freed) */ if (BIO_get_shutdown(bio)) { - if (BIO_get_init(bio)) { - /*shutdown(bio->num, 2) */ - /*closesocket(bio->num) */ - } - + BIO_set_data(bio, NULL); BIO_set_init(bio, 0); BIO_clear_flags(bio, -1); } return 1; } +/* + *----------------------------------------------------------------------------- + * + * BIO_new_tcl -- + * + * This function is used to initialize the BIO method handlers. + * + * Results: + * Returns pointer to BIO or NULL for failure + * + * Side effects: + * Initializes BIO Methods. + * + *----------------------------------------------------------------------------- + */ + BIO *BIO_new_tcl(State *statePtr, int flags) { BIO *bio; - static BIO_METHOD *BioMethods = NULL; #ifdef TCLTLS_SSL_USE_FASTPATH Tcl_Channel parentChannel; const Tcl_ChannelType *parentChannelType; - void *parentChannelFdIn_p, *parentChannelFdOut_p; + int parentChannelFdIn, parentChannelFdOut, parentChannelFd; int validParentChannelFd; - int tclGetChannelHandleRet; #endif dprintf("BIO_new_tcl() called"); + /* Create custom BIO method */ if (BioMethods == NULL) { - BioMethods = BIO_meth_new(BIO_TYPE_TCL, "tcl"); + /* BIO_TYPE_BIO = (19|BIO_TYPE_SOURCE_SINK) -- half a BIO pair */ + /* BIO_TYPE_CONNECT = (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) */ + /* BIO_TYPE_ACCEPT = (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) */ + BioMethods = BIO_meth_new(BIO_TYPE_BIO, "tcl"); + if (BioMethods == NULL) { + dprintf("Memory allocation error"); + + return NULL; + } + /* Not used BIO_meth_set_write_ex */ BIO_meth_set_write(BioMethods, BioWrite); + /* Not used BIO_meth_set_read_ex */ BIO_meth_set_read(BioMethods, BioRead); BIO_meth_set_puts(BioMethods, BioPuts); BIO_meth_set_ctrl(BioMethods, BioCtrl); BIO_meth_set_create(BioMethods, BioNew); BIO_meth_set_destroy(BioMethods, BioFree); @@ -290,13 +518,16 @@ parentChannel = Tls_GetParent(statePtr, 0); parentChannelType = Tcl_GetChannelType(parentChannel); validParentChannelFd = 0; if (strcmp(parentChannelType->typeName, "tcp") == 0) { - tclGetChannelHandleRet = Tcl_GetChannelHandle(parentChannel, TCL_READABLE, (ClientData) &parentChannelFdIn_p); + void *parentChannelFdIn_p, *parentChannelFdOut_p; + int tclGetChannelHandleRet; + + tclGetChannelHandleRet = Tcl_GetChannelHandle(parentChannel, TCL_READABLE, &parentChannelFdIn_p); if (tclGetChannelHandleRet == TCL_OK) { - tclGetChannelHandleRet = Tcl_GetChannelHandle(parentChannel, TCL_WRITABLE, (ClientData) &parentChannelFdOut_p); + tclGetChannelHandleRet = Tcl_GetChannelHandle(parentChannel, TCL_WRITABLE, &parentChannelFdOut_p); if (tclGetChannelHandleRet == TCL_OK) { parentChannelFdIn = PTR2INT(parentChannelFdIn_p); parentChannelFdOut = PTR2INT(parentChannelFdOut_p); if (parentChannelFdIn == parentChannelFdOut) { parentChannelFd = parentChannelFdIn; @@ -308,17 +539,47 @@ if (validParentChannelFd) { dprintf("We found a shortcut, this channel is backed by a socket: %i", parentChannelFdIn); bio = BIO_new_socket(parentChannelFd, flags); statePtr->flags |= TLS_TCL_FASTPATH; + BIO_set_data(bio, statePtr); + BIO_set_shutdown(bio, flags); + BIO_set_init(bio, 1); return bio; } +#endif dprintf("Falling back to Tcl I/O for this channel"); -#endif bio = BIO_new(BioMethods); BIO_set_data(bio, statePtr); BIO_set_shutdown(bio, flags); - BIO_set_init(bio, 1); + BIO_set_init(bio, 1); /* Enable read & write */ return bio; } + +/* + *----------------------------------------------------------------------------- + * + * BIO_cleanup -- + * + * This function is used to destroy a BIO_METHOD structure and free up any + * memory associated with it. + * + * Results: + * Standard TCL result + * + * Side effects: + * Destroys BIO Methods. + * + *----------------------------------------------------------------------------- + */ + +int BIO_cleanup () { + dprintf("BIO_cleanup() called"); + + if (BioMethods != NULL) { + BIO_meth_free(BioMethods); + BioMethods = NULL; + } + return TCL_OK; +} Index: generic/tlsIO.c ================================================================== --- generic/tlsIO.c +++ generic/tlsIO.c @@ -1,47 +1,51 @@ /* + * Provides IO functions to interface between the BIO buffers and TCL + * applications when using stacked channels. + * * Copyright (C) 1997-2000 Matt Newman * Copyright (C) 2000 Ajuba Solutions + * Copyright (C) 2024 Brian O'Hagan * - * TLS (aka SSL) Channel - can be layered on any bi-directional - * Tcl_Channel (Note: Requires Trf Core Patch) - * - * This was built from scratch based upon observation of OpenSSL 0.9.2B - * - * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for + * Additional credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * * Also work done by the follow people provided the impetus to do this "right": * tclSSL (Colin McCormack, Shared Technology) * SSLtcl (Peter Antman) * */ + +/* + tlsBIO.c tlsIO.c + +------+ +-----+ +------+ + | |Tcl_WriteRaw <-- BioWrite| SSL |BIO_write <-- TlsOutputProc <-- Write| | + |socket| | BIO | | App | + | |Tcl_ReadRaw --> BioRead| |BIO_Read --> TlsInputProc --> Read| | + +------+ +-----+ +------+ +*/ #include "tlsInt.h" #include /* - * Forward declarations - */ -static void TlsChannelHandlerTimer(ClientData clientData); - -/* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * TlsBlockModeProc -- * - * This procedure is invoked by the generic IO level - * to set blocking and nonblocking modes + * This procedure is invoked by the generic IO level to set channel to + * blocking or nonblocking mode. Called by the generic I/O layer whenever + * the Tcl_SetChannelOption() function is used with option -blocking. * * Results: * 0 if successful or POSIX error code if failed. * * Side effects: * Sets the device into blocking or nonblocking mode. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsBlockModeProc(ClientData instanceData, int mode) { State *statePtr = (State *) instanceData; if (mode == TCL_MODE_NONBLOCKING) { @@ -51,38 +55,56 @@ } return 0; } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * TlsCloseProc -- * - * This procedure is invoked by the generic IO level to perform - * channel-type-specific cleanup when a SSL socket based channel - * is closed. - * - * Note: we leave the underlying socket alone, is this right? + * This procedure is invoked by the generic IO level to perform channel + * type specific cleanup when a SSL socket based channel is closed. + * Called by the generic I/O layer whenever the Tcl_Close() function is + * used. * * Results: * 0 if successful or POSIX error code if failed. * * Side effects: * Closes the socket of the channel. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsCloseProc(ClientData instanceData, Tcl_Interp *interp) { State *statePtr = (State *) instanceData; dprintf("TlsCloseProc(%p)", (void *) statePtr); - Tls_Clean(statePtr); + /* Flush any pending data */ + + /* Send shutdown notification. Will return 0 while in process, then 1 when complete. */ + /* Closes the write direction of the connection; the read direction is closed by the peer. */ + /* Does not affect socket state. Don't call after fatal error. */ + if (statePtr->ssl != NULL && !(statePtr->flags & TLS_TCL_HANDSHAKE_FAILED)) { + SSL_shutdown(statePtr->ssl); + } + + /* Tls_Free calls Tls_Clean */ Tcl_EventuallyFree((ClientData)statePtr, Tls_Free); return 0; } +/* + *----------------------------------------------------------------------------- + * + * TlsClose2Proc -- + * + * Similar to TlsCloseProc, but allows for separate close read and write + * side of channel. + * + *----------------------------------------------------------------------------- + */ static int TlsClose2Proc(ClientData instanceData, /* The socket state. */ Tcl_Interp *interp, /* For errors - can be NULL. */ int flags) /* Flags to close read and/or write side of channel */ { State *statePtr = (State *) instanceData; @@ -94,31 +116,35 @@ } return EINVAL; } /* - *------------------------------------------------------* + *----------------------------------------------------------------------------- * * Tls_WaitForConnect -- + * + * Perform connect (client) or accept (server) function. Also performs + * equivalent of handshake function. * * Result: * 0 if successful, -1 if failed. * * Side effects: * Issues SSL_accept or SSL_connect * - *------------------------------------------------------* + *----------------------------------------------------------------------------- */ int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent) { unsigned long backingError; - int err, rc; + int err, rc = 0; int bioShouldRetry; *errorCodePtr = 0; dprintf("WaitForConnect(%p)", (void *) statePtr); dprintFlags(statePtr); + /* Can also check SSL_is_init_finished(ssl) */ if (!(statePtr->flags & TLS_TCL_INIT)) { dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success"); return 0; } @@ -138,21 +164,23 @@ return -1; } for (;;) { ERR_clear_error(); + BIO_clear_retry_flags(statePtr->bio); - /* Not initialized yet! Also calls SSL_do_handshake. */ + /* Not initialized yet! Also calls SSL_do_handshake(). */ if (statePtr->flags & TLS_TCL_SERVER) { dprintf("Calling SSL_accept()"); err = SSL_accept(statePtr->ssl); } else { dprintf("Calling SSL_connect()"); err = SSL_connect(statePtr->ssl); } + /* 1=successful, 0=not successful and shut down, <0=fatal error */ if (err > 0) { dprintf("Accept or connect was successful"); err = BIO_flush(statePtr->bio); if (err <= 0) { @@ -160,30 +188,35 @@ } } else { dprintf("Accept or connect failed"); } + /* Same as SSL_want, but also checks the error queue */ rc = SSL_get_error(statePtr->ssl, err); backingError = ERR_get_error(); if (rc != SSL_ERROR_NONE) { dprintf("Got error: %i (rc = %i)", err, rc); dprintf("Got error: %s", ERR_reason_error_string(backingError)); } - bioShouldRetry = 0; + /* The retry flag is set by the BIO_set_retry_* functions */ + bioShouldRetry = BIO_should_retry(statePtr->bio); + if (err <= 0) { - if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT || rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) { + if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT) { + bioShouldRetry = 1; + } else if (rc == SSL_ERROR_WANT_READ) { + bioShouldRetry = 1; + statePtr->want |= TCL_READABLE; + } else if (rc == SSL_ERROR_WANT_WRITE) { bioShouldRetry = 1; + statePtr->want |= TCL_WRITABLE; } else if (BIO_should_retry(statePtr->bio)) { bioShouldRetry = 1; } else if (rc == SSL_ERROR_SYSCALL && Tcl_GetErrno() == EAGAIN) { bioShouldRetry = 1; } - } else { - if (!SSL_is_init_finished(statePtr->ssl)) { - bioShouldRetry = 1; - } } if (bioShouldRetry) { dprintf("The I/O did not complete -- but we should try it again"); @@ -202,20 +235,26 @@ break; } switch (rc) { case SSL_ERROR_NONE: - /* The TLS/SSL I/O operation completed */ + /* The TLS/SSL I/O operation completed successfully */ dprintf("The connection is good"); *errorCodePtr = 0; break; - case SSL_ERROR_ZERO_RETURN: - /* The TLS/SSL peer has closed the connection for writing by sending the close_notify alert */ - dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value..."); - *errorCodePtr = EINVAL; - Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); + case SSL_ERROR_SSL: + /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ + dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately"); + if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { + Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); + } + if (backingError != 0) { + Tls_Error(statePtr, ERR_reason_error_string(backingError)); + } + statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; + *errorCodePtr = ECONNABORTED; return -1; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ dprintf("SSL_ERROR_SYSCALL"); @@ -229,45 +268,88 @@ dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } - Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr)); + Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr)); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); + Tls_Error(statePtr, ERR_reason_error_string(backingError)); } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; return -1; - case SSL_ERROR_SSL: - /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ - dprintf("SSL_ERROR_SSL: Got permanent fatal SSL error, aborting immediately"); - if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { - Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); - } - if (backingError != 0) { - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); - } - statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; - *errorCodePtr = ECONNABORTED; + case SSL_ERROR_ZERO_RETURN: + /* Peer has closed the connection by sending the close_notify alert. Can't read, but can write. */ + /* Need to return an EOF, so channel is closed which will send an SSL_shutdown(). */ + dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value..."); + *errorCodePtr = ECONNRESET; + Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); return -1; case SSL_ERROR_WANT_READ: + /* More data must be read from the underlying BIO layer in order to complete the actual SSL_*() operation. */ + dprintf("SSL_ERROR_WANT_READ"); + BIO_set_retry_read(statePtr->bio); + *errorCodePtr = EAGAIN; + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); + statePtr->want |= TCL_READABLE; + return -1; + case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_X509_LOOKUP: + /* There is data in the SSL buffer that must be written to the underlying BIO in order to complete the SSL_*() operation. */ + dprintf("SSL_ERROR_WANT_WRITE"); + BIO_set_retry_write(statePtr->bio); + *errorCodePtr = EAGAIN; + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); + statePtr->want |= TCL_WRITABLE; + return -1; + case SSL_ERROR_WANT_CONNECT: + /* Connect would have blocked. */ + dprintf("SSL_ERROR_WANT_CONNECT"); + BIO_set_retry_special(statePtr->bio); + BIO_set_retry_reason(statePtr->bio, BIO_RR_CONNECT); + *errorCodePtr = EAGAIN; + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); + return -1; + case SSL_ERROR_WANT_ACCEPT: + /* Accept would have blocked */ + dprintf("SSL_ERROR_WANT_ACCEPT"); + BIO_set_retry_special(statePtr->bio); + BIO_set_retry_reason(statePtr->bio, BIO_RR_ACCEPT); + *errorCodePtr = EAGAIN; + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); + return -1; + + case SSL_ERROR_WANT_X509_LOOKUP: + /* App callback set by SSL_CTX_set_client_cert_cb has asked to be called again */ + /* The operation did not complete because an application callback set by SSL_CTX_set_client_cert_cb() has asked to be called again. */ + dprintf("SSL_ERROR_WANT_X509_LOOKUP"); + BIO_set_retry_special(statePtr->bio); + BIO_set_retry_reason(statePtr->bio, BIO_RR_SSL_X509_LOOKUP); + *errorCodePtr = EAGAIN; + dprintf("ERR(%d, %d) ", rc, *errorCodePtr); + return -1; + case SSL_ERROR_WANT_ASYNC: + /* Used with flag SSL_MODE_ASYNC, op didn't complete because an async engine is still processing data */ case SSL_ERROR_WANT_ASYNC_JOB: + /* The asynchronous job could not be started because there were no async jobs available in the pool. */ case SSL_ERROR_WANT_CLIENT_HELLO_CB: + /* The operation did not complete because an application callback set by SSL_CTX_set_client_hello_cb() has asked to be called again. */ +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + case SSL_ERROR_WANT_RETRY_VERIFY: + /* The operation did not complete because a certificate verification callback has asked to be called again via SSL_set_retry_verify(3). */ +#endif default: /* The operation did not complete and should be retried later. */ dprintf("Operation did not complete, call function again later: %i", rc); *errorCodePtr = EAGAIN; dprintf("ERR(%d, %d) ", rc, *errorCodePtr); @@ -282,57 +364,66 @@ *errorCodePtr = 0; return 0; } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * TlsInputProc -- * - * This procedure is invoked by the generic IO level - * to read input from a SSL socket based channel. + * This procedure is invoked by the generic I/O layer to read data from + * the BIO whenever the Tcl_Read(), Tcl_ReadChars, Tcl_Gets, and + * Tcl_GetsObj functions are used. Equivalent to SSL_read_ex and SSL_read. * * Results: - * Returns the number of bytes read or -1 on error. Sets errorCodePtr - * to a POSIX error code if an error occurred, or 0 if none. + * Returns the number of bytes read or -1 on error. Sets errorCodePtr to + * a POSIX error code if an error occurred, or 0 if none. * * Side effects: * Reads input from the input device of the channel. * - *------------------------------------------------------------------- + * Data is received in whole blocks known as records from the peer. A whole + * record is processed (e.g. decrypted) in one go and is buffered by OpenSSL + * until it is read by the application via a call to SSL_read. + * + *----------------------------------------------------------------------------- */ static int TlsInputProc(ClientData instanceData, char *buf, int bufSize, int *errorCodePtr) { unsigned long backingError; State *statePtr = (State *) instanceData; - int bytesRead; - int tlsConnect; - int err; - + int bytesRead, err; *errorCodePtr = 0; - dprintf("BIO_read(%d)", bufSize); + dprintf("Read(%d)", bufSize); + /* Skip if user verify callback is still running */ if (statePtr->flags & TLS_TCL_CALLBACK) { - /* don't process any bytes while verify callback is running */ dprintf("Callback is running, reading 0 bytes"); return 0; } - dprintf("Calling Tls_WaitForConnect"); - tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 0); - if (tlsConnect < 0) { - dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr); - Tls_Error(statePtr, strerror(*errorCodePtr)); - - bytesRead = -1; - if (*errorCodePtr == ECONNRESET) { - dprintf("Got connection reset"); - /* Soft EOF */ - *errorCodePtr = 0; - bytesRead = 0; - } - return bytesRead; + /* If not initialized, do connect */ + /* Can also check SSL_is_init_finished(ssl) */ + if (statePtr->flags & TLS_TCL_INIT) { + int tlsConnect; + + dprintf("Calling Tls_WaitForConnect"); + + tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 0); + if (tlsConnect < 0) { + dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr); + Tls_Error(statePtr, strerror(*errorCodePtr)); + + bytesRead = -1; + if (*errorCodePtr == ECONNRESET) { + dprintf("Got connection reset"); + /* Soft EOF */ + *errorCodePtr = 0; + bytesRead = 0; + } + return bytesRead; + } } /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_read @@ -343,37 +434,59 @@ * BIO_read specially (as advised in the RSA docs). TLS's lower level BIO * functions play with the retry flags though, and this seems to work * correctly. Similar fix in TlsOutputProc. - hobbs */ ERR_clear_error(); + BIO_clear_retry_flags(statePtr->bio); bytesRead = BIO_read(statePtr->bio, buf, bufSize); dprintf("BIO_read -> %d", bytesRead); + /* Same as SSL_want, but also checks the error queue */ err = SSL_get_error(statePtr->ssl, bytesRead); backingError = ERR_get_error(); -#if 0 if (bytesRead <= 0) { + /* The retry flag is set by the BIO_set_retry_* functions */ if (BIO_should_retry(statePtr->bio)) { - dprintf("I/O failed, will retry based on EAGAIN"); - *errorCodePtr = EAGAIN; + dprintf("Read failed with code=%d, bytes read=%d: should retry", err, bytesRead); + /* Some docs imply we should redo the BIO_read now */ + } else { + dprintf("Read failed with code=%d, bytes read=%d: error condition", err, bytesRead); + } + + dprintf("BIO is EOF %d", BIO_eof(statePtr->bio)); + + /* These are the same as BIO_retry_type */ + if (BIO_should_read(statePtr->bio)) { + dprintf("BIO has insufficient data to read and return"); + statePtr->want |= TCL_READABLE; + } + if (BIO_should_write(statePtr->bio)) { + dprintf("BIO has pending data to write"); + statePtr->want |= TCL_WRITABLE; + } + if (BIO_should_io_special(statePtr->bio)) { + int reason = BIO_get_retry_reason(statePtr->bio); + dprintf("BIO has some special condition other than read or write: code=%d", reason); } + dprintf("BIO has pending data to write"); } -#endif switch (err) { case SSL_ERROR_NONE: + /* I/O operation completed */ + dprintf("SSL_ERROR_NONE"); dprintBuffer(buf, bytesRead); break; case SSL_ERROR_SSL: /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ dprintf("SSL error, indicating that the connection has been aborted"); if (backingError != 0) { - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); + Tls_Error(statePtr, ERR_reason_error_string(backingError)); } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { - Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); + Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); } else { Tls_Error(statePtr, "Unknown SSL error"); } *errorCodePtr = ECONNABORTED; bytesRead = -1; @@ -383,16 +496,45 @@ if (ERR_GET_REASON(backingError) == SSL_R_UNEXPECTED_EOF_WHILE_READING) { dprintf("(Unexpected) EOF reached") *errorCodePtr = 0; bytesRead = 0; Tls_Error(statePtr, "EOF reached"); - } + } #endif break; + + case SSL_ERROR_WANT_READ: + /* Op did not complete due to not enough data was available. Retry later. */ + dprintf("Got SSL_ERROR_WANT_READ, mapping this to EAGAIN"); + *errorCodePtr = EAGAIN; + bytesRead = -1; + statePtr->want |= TCL_READABLE; + Tls_Error(statePtr, "SSL_ERROR_WANT_READ"); + BIO_set_retry_read(statePtr->bio); + break; + + case SSL_ERROR_WANT_WRITE: + /* Op did not complete due to unable to send all data to the BIO. Retry later. */ + dprintf("Got SSL_ERROR_WANT_WRITE, mapping this to EAGAIN"); + *errorCodePtr = EAGAIN; + bytesRead = -1; + statePtr->want |= TCL_WRITABLE; + Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE"); + BIO_set_retry_write(statePtr->bio); + break; + + case SSL_ERROR_WANT_X509_LOOKUP: + /* Op didn't complete since callback set by SSL_CTX_set_client_cert_cb() asked to be called again */ + dprintf("Got SSL_ERROR_WANT_X509_LOOKUP, mapping it to EAGAIN"); + *errorCodePtr = EAGAIN; + bytesRead = -1; + Tls_Error(statePtr, "SSL_ERROR_WANT_X509_LOOKUP"); + break; case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ + dprintf("SSL_ERROR_SYSCALL"); if (backingError == 0 && bytesRead == 0) { /* Unexpected EOF from the peer for OpenSSL 1.1 */ dprintf("(Unexpected) EOF reached") *errorCodePtr = 0; @@ -401,32 +543,35 @@ } else if (backingError == 0 && bytesRead == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); bytesRead = -1; - Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr)); + Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr)); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = Tcl_GetErrno(); bytesRead = -1; - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); + Tls_Error(statePtr, ERR_reason_error_string(backingError)); } break; case SSL_ERROR_ZERO_RETURN: + /* Peer has closed the connection by sending the close_notify alert. Can't read, but can write. */ + /* Need to return an EOF, so channel is closed which will send an SSL_shutdown(). */ dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached"); bytesRead = 0; *errorCodePtr = 0; Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); break; - case SSL_ERROR_WANT_READ: - dprintf("Got SSL_ERROR_WANT_READ, mapping this to EAGAIN"); + case SSL_ERROR_WANT_ASYNC: + /* Used with flag SSL_MODE_ASYNC, op didn't complete because an async engine is still processing data */ + dprintf("Got SSL_ERROR_WANT_ASYNC, mapping this to EAGAIN"); bytesRead = -1; *errorCodePtr = EAGAIN; - Tls_Error(statePtr, "SSL_ERROR_WANT_READ"); + Tls_Error(statePtr, "SSL_ERROR_WANT_ASYNC"); break; default: dprintf("Unknown error (err = %i), mapping to EOF", err); *errorCodePtr = 0; @@ -438,58 +583,65 @@ dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr); return bytesRead; } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * TlsOutputProc -- * - * This procedure is invoked by the generic IO level - * to write output to a SSL socket based channel. + * This procedure is invoked by the generic I/O layer to write data to the + * BIO whenever the the Tcl_Write(), Tcl_WriteChars, and Tcl_WriteObj + * functions are used. Equivalent to SSL_write_ex and SSL_write. * * Results: * Returns the number of bytes written or -1 on error. Sets errorCodePtr * to a POSIX error code if an error occurred, or 0 if none. * * Side effects: * Writes output on the output device of the channel. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsOutputProc(ClientData instanceData, const char *buf, int toWrite, int *errorCodePtr) { unsigned long backingError; State *statePtr = (State *) instanceData; int written, err; - int tlsConnect; - *errorCodePtr = 0; - dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite); + dprintf("Write(%p, %d)", (void *) statePtr, toWrite); dprintBuffer(buf, toWrite); + /* Skip if user verify callback is still running */ if (statePtr->flags & TLS_TCL_CALLBACK) { dprintf("Don't process output while callbacks are running"); written = -1; *errorCodePtr = EAGAIN; return -1; } - dprintf("Calling Tls_WaitForConnect"); - tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 1); - if (tlsConnect < 0) { - dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr); - Tls_Error(statePtr, strerror(*errorCodePtr)); - - written = -1; - if (*errorCodePtr == ECONNRESET) { - dprintf("Got connection reset"); - /* Soft EOF */ - *errorCodePtr = 0; - written = 0; - } - return written; + /* If not initialized, do connect */ + /* Can also check SSL_is_init_finished(ssl) */ + if (statePtr->flags & TLS_TCL_INIT) { + int tlsConnect; + + dprintf("Calling Tls_WaitForConnect"); + + tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr, 1); + if (tlsConnect < 0) { + dprintf("Got an error waiting to connect (tlsConnect = %i, *errorCodePtr = %i)", tlsConnect, *errorCodePtr); + Tls_Error(statePtr, strerror(*errorCodePtr)); + + written = -1; + if (*errorCodePtr == ECONNRESET) { + dprintf("Got connection reset"); + /* Soft EOF */ + *errorCodePtr = 0; + written = 0; + } + return written; + } } if (toWrite == 0) { dprintf("zero-write"); err = BIO_flush(statePtr->bio); @@ -518,49 +670,97 @@ * BIO_write specially (as advised in the RSA docs). TLS's lower level * BIO functions play with the retry flags though, and this seems to * work correctly. Similar fix in TlsInputProc. - hobbs */ ERR_clear_error(); + BIO_clear_retry_flags(statePtr->bio); written = BIO_write(statePtr->bio, buf, toWrite); dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written); + /* Same as SSL_want, but also checks the error queue */ err = SSL_get_error(statePtr->ssl, written); backingError = ERR_get_error(); + + if (written <= 0) { + /* The retry flag is set by the BIO_set_retry_* functions */ + if (BIO_should_retry(statePtr->bio)) { + dprintf("Write failed with code %d, bytes written=%d: should retry", err, written); + } else { + dprintf("Write failed with code %d, bytes written=%d: error condition", err, written); + } + + /* These are the same as BIO_retry_type */ + if (BIO_should_read(statePtr->bio)) { + dprintf("BIO has insufficient data to read and return"); + } + if (BIO_should_write(statePtr->bio)) { + dprintf("BIO has pending data to write"); + } + if (BIO_should_io_special(statePtr->bio)) { + int reason = BIO_get_retry_reason(statePtr->bio); + dprintf("BIO has some special condition other than read or write: code=%d", reason); + } + dprintf("BIO has pending data to write"); + + } else { + BIO_flush(statePtr->bio); + } switch (err) { case SSL_ERROR_NONE: + /* I/O operation completed */ + dprintf("SSL_ERROR_NONE"); if (written < 0) { written = 0; } break; - case SSL_ERROR_WANT_WRITE: - dprintf("Got SSL_ERROR_WANT_WRITE, mapping it to EAGAIN"); - *errorCodePtr = EAGAIN; + case SSL_ERROR_SSL: + /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ + dprintf("SSL error, indicating that the connection has been aborted"); + if (backingError != 0) { + Tls_Error(statePtr, ERR_reason_error_string(backingError)); + } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { + Tls_Error(statePtr, X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); + } else { + Tls_Error(statePtr, "Unknown SSL error"); + } + *errorCodePtr = ECONNABORTED; written = -1; - Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE"); break; case SSL_ERROR_WANT_READ: - dprintf(" write R BLOCK"); + /* Op did not complete due to not enough data was available. Retry later. */ + dprintf("Got SSL_ERROR_WANT_READ, mapping it to EAGAIN"); + *errorCodePtr = EAGAIN; + written = -1; + statePtr->want |= TCL_READABLE; Tls_Error(statePtr, "SSL_ERROR_WANT_READ"); + BIO_set_retry_read(statePtr->bio); + break; + + case SSL_ERROR_WANT_WRITE: + /* Op did not complete due to unable to send all data to the BIO. Retry later. */ + dprintf("Got SSL_ERROR_WANT_WRITE, mapping it to EAGAIN"); + *errorCodePtr = EAGAIN; + written = -1; + statePtr->want |= TCL_WRITABLE; + Tls_Error(statePtr, "SSL_ERROR_WANT_WRITE"); + BIO_set_retry_write(statePtr->bio); break; case SSL_ERROR_WANT_X509_LOOKUP: - dprintf(" write X BLOCK"); + /* Op didn't complete since callback set by SSL_CTX_set_client_cert_cb() asked to be called again */ + dprintf("Got SSL_ERROR_WANT_X509_LOOKUP, mapping it to EAGAIN"); + *errorCodePtr = EAGAIN; + written = -1; Tls_Error(statePtr, "SSL_ERROR_WANT_X509_LOOKUP"); break; - case SSL_ERROR_ZERO_RETURN: - dprintf(" closed"); - written = 0; - *errorCodePtr = 0; - Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); - break; - case SSL_ERROR_SYSCALL: /* Some non-recoverable, fatal I/O error occurred */ + dprintf("SSL_ERROR_SYSCALL"); if (backingError == 0 && written == 0) { dprintf("EOF reached") *errorCodePtr = 0; written = 0; @@ -568,32 +768,35 @@ } else if (backingError == 0 && written == -1) { dprintf("I/O error occurred (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); written = -1; - Tls_Error(statePtr, (char *) Tcl_ErrnoMsg(*errorCodePtr)); + Tls_Error(statePtr, Tcl_ErrnoMsg(*errorCodePtr)); } else { dprintf("I/O error occurred (backingError = %lu)", backingError); *errorCodePtr = Tcl_GetErrno(); written = -1; - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); + Tls_Error(statePtr, ERR_reason_error_string(backingError)); } break; - case SSL_ERROR_SSL: - /* A non-recoverable, fatal error in the SSL library occurred, usually a protocol error */ - dprintf("SSL error, indicating that the connection has been aborted"); - if (backingError != 0) { - Tls_Error(statePtr, (char *) ERR_reason_error_string(backingError)); - } else if (SSL_get_verify_result(statePtr->ssl) != X509_V_OK) { - Tls_Error(statePtr, (char *) X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl))); - } else { - Tls_Error(statePtr, "Unknown SSL error"); - } - *errorCodePtr = ECONNABORTED; + case SSL_ERROR_ZERO_RETURN: + /* Peer has closed the connection by sending the close_notify alert. Can't read, but can write. */ + /* Need to return an EOF, so channel is closed which will send an SSL_shutdown(). */ + dprintf("Got SSL_ERROR_ZERO_RETURN, this means an EOF has been reached"); + written = 0; + *errorCodePtr = 0; + Tls_Error(statePtr, "Peer has closed the connection for writing by sending the close_notify alert"); + break; + + case SSL_ERROR_WANT_ASYNC: + /* Used with flag SSL_MODE_ASYNC, op didn't complete because an async engine is still processing data */ + dprintf("Got SSL_ERROR_WANT_ASYNC, mapping this to EAGAIN"); + *errorCodePtr = EAGAIN; written = -1; + Tls_Error(statePtr, "SSL_ERROR_WANT_ASYNC"); break; default: dprintf("unknown error: %d", err); Tls_Error(statePtr, "Unknown error"); @@ -603,45 +806,64 @@ dprintf("Output(%d) -> %d", toWrite, written); return written; } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- + * + * Tls_GetParent -- + * + * Get parent channel for a stacked channel. + * + * Results: + * Tcl_Channel or NULL if none. + * + *----------------------------------------------------------------------------- + */ +Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) { + dprintf("Requested to get parent of channel %p", statePtr->self); + + if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) { + dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL"); + return NULL; + } + return Tcl_GetStackedChannel(statePtr->self); +} + +/* + *----------------------------------------------------------------------------- * * TlsSetOptionProc -- * - * Sets an option value for a SSL socket based channel, or a - * list of all options and their values. + * Sets an option to value for a SSL socket based channel. Called by the + * generic I/O layer whenever the Tcl_SetChannelOption() function is used. * * Results: * TCL_OK if successful or TCL_ERROR if failed. * * Side effects: * Updates channel option to new value. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsSetOptionProc(ClientData instanceData, /* Socket state. */ Tcl_Interp *interp, /* For errors - can be NULL. */ const char *optionName, /* Name of the option to set the value for, or * NULL to get all options and their values. */ const char *optionValue) /* Value for option. */ { State *statePtr = (State *) instanceData; - - Tcl_Channel downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); + Tcl_Channel parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); Tcl_DriverSetOptionProc *setOptionProc; - setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(downChan)); + dprintf("Called"); + + /* Pass to parent */ + setOptionProc = Tcl_ChannelSetOptionProc(Tcl_GetChannelType(parent)); if (setOptionProc != NULL) { - return (*setOptionProc)(Tcl_GetChannelInstanceData(downChan), interp, optionName, optionValue); - } else if (optionName == (char*) NULL) { - /* - * Request is query for all options, this is ok. - */ - return TCL_OK; + return (*setOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue); } /* * Request for a specific option has to fail, we don't have any. */ return Tcl_BadChannelOption(interp, optionName, ""); @@ -650,17 +872,18 @@ /* *------------------------------------------------------------------- * * TlsGetOptionProc -- * - * Gets an option value for a SSL socket based channel, or a - * list of all options and their values. + * Get a option's value for a SSL socket based channel, or a list of all + * options and their values. Called by the generic I/O layer whenever the + * Tcl_GetChannelOption() function is used. + * * * Results: - * A standard Tcl result. The value of the specified option or a - * list of all options and their values is returned in the - * supplied DString. + * A standard Tcl result. The value of the specified option or a list of + * all options and their values is returned in the supplied DString. * * Side effects: * None. * *------------------------------------------------------------------- @@ -671,17 +894,19 @@ const char *optionName, /* Name of the option to retrieve the value for, or * NULL to get all options and their values. */ Tcl_DString *optionValue) /* Where to store the computed value initialized by caller. */ { State *statePtr = (State *) instanceData; - - Tcl_Channel downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); + Tcl_Channel parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); Tcl_DriverGetOptionProc *getOptionProc; - getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(downChan)); + dprintf("Called"); + + /* Pass to parent */ + getOptionProc = Tcl_ChannelGetOptionProc(Tcl_GetChannelType(parent)); if (getOptionProc != NULL) { - return (*getOptionProc)(Tcl_GetChannelInstanceData(downChan), interp, optionName, optionValue); + return (*getOptionProc)(Tcl_GetChannelInstanceData(parent), interp, optionName, optionValue); } else if (optionName == (char*) NULL) { /* * Request is query for all options, this is ok. */ return TCL_OK; @@ -691,53 +916,105 @@ */ return Tcl_BadChannelOption(interp, optionName, ""); } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- + * + * TlsChannelHandlerTimer -- + * + * Called by the notifier via a timer, to flush out data waiting in + * channel buffers. called by the generic I/O layer whenever the + * Tcl_GetChannelHandle() function is used. + * + * Results: + * None. + * + * Side effects: + * Creates notification event. + * + *----------------------------------------------------------------------------- + */ +static void TlsChannelHandlerTimer(ClientData clientData) { + State *statePtr = (State *) clientData; + int mask = statePtr->want; /* Init to SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE */ + + dprintf("Called"); + + statePtr->timer = (Tcl_TimerToken) NULL; + + /* Check for amount of data pending in BIO write buffer */ + if (BIO_wpending(statePtr->bio)) { + dprintf("[chan=%p] BIO writable", statePtr->self); + + mask |= TCL_WRITABLE; + } + + /* Check for amount of data pending in BIO read buffer */ + if (BIO_pending(statePtr->bio)) { + dprintf("[chan=%p] BIO readable", statePtr->self); + + mask |= TCL_READABLE; + } + + /* Notify the generic IO layer that the mask events have occurred on the channel */ + dprintf("Notifying ourselves"); + Tcl_NotifyChannel(statePtr->self, mask); + statePtr->want = 0; + + dprintf("Returning"); + + return; +} + +/* + *----------------------------------------------------------------------------- * * TlsWatchProc -- * - * Initialize the notifier to watch Tcl_Files from this channel. + * Set up the event notifier to watch for events of interest from this + * channel. Called by the generic I/O layer whenever the user (or the + * system) announces its (dis)interest in events on the channel. This is + * called repeatedly. * * Results: * None. * * Side effects: - * Sets up the notifier so that a future event on the channel - * will be seen by Tcl. + * Sets up the time-based notifier so that future events on the channel + * will be seen by TCL. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static void TlsWatchProc(ClientData instanceData, /* The socket state. */ int mask) /* Events of interest; an OR-ed combination of * TCL_READABLE, TCL_WRITABLE and TCL_EXCEPTION. */ { - Tcl_Channel downChan; + Tcl_Channel parent; State *statePtr = (State *) instanceData; Tcl_DriverWatchProc *watchProc; + int pending = 0; dprintf("TlsWatchProc(0x%x)", mask); + dprintFlags(statePtr); /* Pretend to be dead as long as the verify callback is running. * Otherwise that callback could be invoked recursively. */ if (statePtr->flags & TLS_TCL_CALLBACK) { dprintf("Callback is on-going, doing nothing"); return; } - dprintFlags(statePtr); - - downChan = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); + parent = Tls_GetParent(statePtr, TLS_TCL_FASTPATH); if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { dprintf("Asked to watch a socket with a failed handshake -- nothing can happen here"); dprintf("Unregistering interest in the lower channel"); - watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(downChan)); - watchProc(Tcl_GetChannelInstanceData(downChan), 0); + watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent)); + watchProc(Tcl_GetChannelInstanceData(parent), 0); statePtr->watchMask = 0; return; } statePtr->watchMask = mask; @@ -747,50 +1024,51 @@ * 'TransformNotifyProc'. But we have to pass the interest down now. * We are allowed to add additional 'interest' to the mask if we want * to. But this transformation has no such interest. It just passes * the request down, unchanged. */ - dprintf("Registering our interest in the lower channel (chan=%p)", (void *) downChan); - watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(downChan)); - watchProc(Tcl_GetChannelInstanceData(downChan), mask); - - - /* - * Management of the internal timer. - */ - if (statePtr->timer != (Tcl_TimerToken) NULL) { - dprintf("A timer was found, deleting it"); - Tcl_DeleteTimerHandler(statePtr->timer); - statePtr->timer = (Tcl_TimerToken) NULL; - } - - if ((mask & TCL_READABLE) && - ((Tcl_InputBuffered(statePtr->self) > 0) || (BIO_ctrl_pending(statePtr->bio) > 0))) { - /* - * There is interest in readable events and we actually have - * data waiting, so generate a timer to flush that. - */ - dprintf("Creating a new timer since data appears to be waiting"); - statePtr->timer = Tcl_CreateTimerHandler(TLS_TCL_DELAY, TlsChannelHandlerTimer, (ClientData) statePtr); - } -} - -/* - *------------------------------------------------------------------- - * - * TlsGetHandleProc -- - * - * Called from Tcl_GetChannelFile to retrieve o/s file handler - * from the SSL socket based channel. + dprintf("Registering our interest in the lower channel (chan=%p)", (void *) parent); + watchProc = Tcl_ChannelWatchProc(Tcl_GetChannelType(parent)); + watchProc(Tcl_GetChannelInstanceData(parent), mask); + + /* Do we have any pending events */ + pending = (statePtr->want || \ + ((mask & TCL_READABLE) && ((Tcl_InputBuffered(statePtr->self) > 0) || (BIO_ctrl_pending(statePtr->bio) > 0))) || + ((mask & TCL_WRITABLE) && ((Tcl_OutputBuffered(statePtr->self) > 0) || (BIO_ctrl_wpending(statePtr->bio) > 0)))); + + if (!(mask & TCL_READABLE) || pending == 0) { + /* Remove timer, if any */ + if (statePtr->timer != (Tcl_TimerToken) NULL) { + dprintf("A timer was found, deleting it"); + Tcl_DeleteTimerHandler(statePtr->timer); + statePtr->timer = (Tcl_TimerToken) NULL; + } + + } else { + /* Add timer, if none */ + if (statePtr->timer == (Tcl_TimerToken) NULL) { + dprintf("Creating a new timer since data appears to be waiting"); + statePtr->timer = Tcl_CreateTimerHandler(TLS_TCL_DELAY, TlsChannelHandlerTimer, (ClientData) statePtr); + } + } +} + +/* + *----------------------------------------------------------------------------- + * + * TlsGetHandleProc -- + * + * This procedure is invoked by the generic IO level to retrieve an OS + * specific handle associated with the channel. Not used for transforms. * * Results: * The appropriate Tcl_File handle or NULL if none. * * Side effects: * None. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsGetHandleProc(ClientData instanceData, /* Socket state. */ int direction, /* TCL_READABLE or TCL_WRITABLE */ ClientData *handlePtr) /* Handle associated with the channel */ { @@ -798,142 +1076,93 @@ return Tcl_GetChannelHandle(Tls_GetParent(statePtr, TLS_TCL_FASTPATH), direction, handlePtr); } /* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * TlsNotifyProc -- * - * Handler called by Tcl to inform us of activity - * on the underlying channel. + * This procedure is invoked by the generic IO level to notify the channel + * that an event has occurred on the underlying channel. It is used by stacked channel drivers that + * wish to be notified of events that occur on the underlying (stacked) + * channel. * * Results: * Type of event or 0 if failed * * Side effects: * May process the incoming event by itself. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static int TlsNotifyProc(ClientData instanceData, /* Socket state. */ int mask) /* type of event that occurred: * OR-ed combination of TCL_READABLE or TCL_WRITABLE */ { State *statePtr = (State *) instanceData; - int errorCode; + int errorCode = 0; + + dprintf("Called"); + + /* + * Delete an existing timer. It was not fired, yet we are + * here, so the channel below generated such an event and we + * don't have to. The renewal of the interest after the + * execution of channel handlers will eventually cause us to + * recreate the timer (in WatchProc). + */ + if (statePtr->timer != (Tcl_TimerToken) NULL) { + Tcl_DeleteTimerHandler(statePtr->timer); + statePtr->timer = (Tcl_TimerToken) NULL; + } + + /* Skip if user verify callback is still running */ + if (statePtr->flags & TLS_TCL_CALLBACK) { + dprintf("Callback is on-going, returning failed"); + return 0; + } + + /* If not initialized, do connect */ + if (statePtr->flags & TLS_TCL_INIT) { + dprintf("Calling Tls_WaitForConnect"); + if (Tls_WaitForConnect(statePtr, &errorCode, 1) < 0) { + Tls_Error(statePtr, strerror(errorCode)); + if (errorCode == EAGAIN) { + dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN: Returning failed"); + + return 0; + } + + dprintf("Tls_WaitForConnect returned an error"); + } + } + + dprintf("Returning %i", mask); /* * An event occurred in the underlying channel. This * transformation doesn't process such events thus returns the * incoming mask unchanged. */ - if (statePtr->timer != (Tcl_TimerToken) NULL) { - /* - * Delete an existing timer. It was not fired, yet we are - * here, so the channel below generated such an event and we - * don't have to. The renewal of the interest after the - * execution of channel handlers will eventually cause us to - * recreate the timer (in WatchProc). - */ - Tcl_DeleteTimerHandler(statePtr->timer); - statePtr->timer = (Tcl_TimerToken) NULL; - } - - if (statePtr->flags & TLS_TCL_CALLBACK) { - dprintf("Returning 0 due to callback"); - return 0; - } - - dprintf("Calling Tls_WaitForConnect"); - errorCode = 0; - if (Tls_WaitForConnect(statePtr, &errorCode, 1) < 0) { - Tls_Error(statePtr, strerror(errorCode)); - if (errorCode == EAGAIN) { - dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN: Returning 0"); - - return 0; - } - - dprintf("Tls_WaitForConnect returned an error"); - } - - dprintf("Returning %i", mask); - return mask; } /* - *------------------------------------------------------* - * - * TlsChannelHandlerTimer -- - * - * ------------------------------------------------* - * Called by the notifier (-> timer) to flush out - * information waiting in channel buffers. - * ------------------------------------------------* - * - * Side effects: - * As of 'TlsChannelHandler'. - * - * Result: - * None. - * - *------------------------------------------------------* - */ -static void TlsChannelHandlerTimer(ClientData clientData) { - State *statePtr = (State *) clientData; - int mask = 0; - - dprintf("Called"); - - statePtr->timer = (Tcl_TimerToken) NULL; - - if (BIO_wpending(statePtr->bio)) { - dprintf("[chan=%p] BIO writable", statePtr->self); - - mask |= TCL_WRITABLE; - } - - if (BIO_pending(statePtr->bio)) { - dprintf("[chan=%p] BIO readable", statePtr->self); - - mask |= TCL_READABLE; - } - - dprintf("Notifying ourselves"); - Tcl_NotifyChannel(statePtr->self, mask); - - dprintf("Returning"); - - return; -} - -Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) { - dprintf("Requested to get parent of channel %p", statePtr->self); - - if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) { - dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL"); - return NULL; - } - return Tcl_GetStackedChannel(statePtr->self); -} - -/* - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- * * Tls_ChannelType -- * - * Return the correct TLS channel driver info + * Defines the correct TLS channel driver handlers for this channel type. * * Results: - * The correct channel driver for the current version of Tcl. + * Tcl_ChannelType structure. * * Side effects: * None. * - *------------------------------------------------------------------- + *----------------------------------------------------------------------------- */ static const Tcl_ChannelType tlsChannelType = { "tls", /* Type name */ TCL_CHANNEL_VERSION_5, /* v5 channel */ TlsCloseProc, /* Close proc */ Index: generic/tlsInt.h ================================================================== --- generic/tlsInt.h +++ generic/tlsInt.h @@ -1,35 +1,46 @@ /* + * Macro and structure definitions for TLS extension + * * Copyright (C) 1997-2000 Matt Newman * - * TLS (aka SSL) Channel - can be layered on any bi-directional - * Tcl_Channel (Note: Requires Trf Core Patch) - * - * This was built from scratch based upon observation of OpenSSL 0.9.2B - * - * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for + * Additional credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me * to enhance it to support full fileevent semantics. * * Also work done by the follow people provided the impetus to do this "right":- * tclSSL (Colin McCormack, Shared Technology) * SSLtcl (Peter Antman) * */ + #ifndef _TLSINT_H #define _TLSINT_H + +/* Platform unique definitions */ +#if ((defined(_WIN32)) || (defined(__MINGW32__)) || (defined(__MINGW64__))) +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include /* OpenSSL needs this on Windows */ +#endif #include "tls.h" #include #include #include +#include +#include +#include +#include -#ifdef _WIN32 -#define WIN32_LEAN_AND_MEAN -#include -#include /* OpenSSL needs this on Windows */ -#endif +/* Windows needs to know which symbols to export. */ +#ifdef BUILD_tls +#undef TCL_STORAGE_CLASS +#define TCL_STORAGE_CLASS DLLEXPORT +#endif /* BUILD_udp */ /* Handle TCL 8.6 CONST changes */ #ifndef CONST86 # if TCL_MAJOR_VERSION > 8 # define CONST86 const @@ -40,29 +51,50 @@ /* * Backwards compatibility for size type change */ #if TCL_MAJOR_VERSION < 9 && TCL_MINOR_VERSION < 7 - #ifndef Tcl_Size - typedef int Tcl_Size; - #endif +#include +#ifndef TCL_SIZE_MAX +#define TCL_SIZE_MAX INT_MAX +#endif + +#ifndef Tcl_Size + typedef int Tcl_Size; +#endif + +#define TCL_SIZE_MODIFIER "" +#define Tcl_GetSizeIntFromObj Tcl_GetIntFromObj +#define Tcl_NewSizeIntObj Tcl_NewIntObj +#define Tcl_NewSizeIntFromObj Tcl_NewWideIntObj +#endif + +#ifndef JOIN +# define JOIN(a,b) JOIN1(a,b) +# define JOIN1(a,b) a##b +#endif - #define TCL_SIZE_MODIFIER "" +#ifndef TCL_UNUSED +# if defined(__cplusplus) +# define TCL_UNUSED(T) T +# elif defined(__GNUC__) && (__GNUC__ > 2) +# define TCL_UNUSED(T) T JOIN(dummy, __LINE__) __attribute__((unused)) +# else +# define TCL_UNUSED(T) T JOIN(dummy, __LINE__) +# endif #endif -#include -#include -#include -#include +/* Define missing POSIX error codes */ #ifndef ECONNABORTED #define ECONNABORTED 130 /* Software caused connection abort */ #endif #ifndef ECONNRESET #define ECONNRESET 131 /* Connection reset by peer */ #endif +/* Debug and error macros */ #ifdef TCLEXT_TCLTLS_DEBUG #include #define dprintf(...) { \ char dprintfBuffer[8192], *dprintfBuffer_p; \ dprintfBuffer_p = &dprintfBuffer[0]; \ @@ -124,20 +156,15 @@ } #define LAPPEND_BOOL(interp, obj, text, value) {\ if (text != NULL) Tcl_ListObjAppendElement(interp, obj, Tcl_NewStringObj(text, -1)); \ Tcl_ListObjAppendElement(interp, obj, Tcl_NewBooleanObj(value)); \ } -#define LAPPEND_OBJ(interp, obj, text, listObj) {\ +#define LAPPEND_OBJ(interp, obj, text, tclObj) {\ if (text != NULL) Tcl_ListObjAppendElement(interp, obj, Tcl_NewStringObj(text, -1)); \ - Tcl_ListObjAppendElement(interp, obj, listObj); \ + Tcl_ListObjAppendElement(interp, obj, (tclObj != NULL) ? tclObj : Tcl_NewStringObj("", 0)); \ } -/* - * OpenSSL BIO Routines - */ -#define BIO_TYPE_TCL (19|0x0400) - /* * Defines for State.flags */ #define TLS_TCL_ASYNC (1<<0) /* non-blocking mode */ #define TLS_TCL_SERVER (1<<1) /* Server-Side */ @@ -144,11 +171,11 @@ #define TLS_TCL_INIT (1<<2) /* Initializing connection */ #define TLS_TCL_DEBUG (1<<3) /* Show debug tracing */ #define TLS_TCL_CALLBACK (1<<4) /* In a callback, prevent update * looping problem. [Bug 1652380] */ #define TLS_TCL_HANDSHAKE_FAILED (1<<5) /* Set on handshake failures and once set, all - * further I/O will result in ECONNABORTED errors. */ + * further I/O will result in ECONNABORTED errors. */ #define TLS_TCL_FASTPATH (1<<6) /* The parent channel is being used directly by the SSL library */ #define TLS_TCL_DELAY (5) /* * This structure describes the per-instance state of an SSL channel. @@ -159,10 +186,11 @@ Tcl_Channel self; /* this socket channel */ Tcl_TimerToken timer; int flags; /* see State.flags above */ int watchMask; /* current WatchProc mask */ + int want; /* pending wants from OpenSSL */ int mode; /* current mode of parent channel */ Tcl_Interp *interp; /* interpreter in which this resides */ Tcl_Obj *callback; /* script called for tracing, info, and errors */ Tcl_Obj *password; /* script called for certificate password */ @@ -172,14 +200,14 @@ SSL *ssl; /* Struct for SSL processing */ SSL_CTX *ctx; /* SSL Context */ BIO *bio; /* Struct for SSL processing */ BIO *p_bio; /* Parent BIO (that is layered on Tcl_Channel) */ - unsigned char *protos; /* List of supported protocols in protocol format */ unsigned int protos_len; /* Length of protos */ + unsigned char *protos; /* List of supported protocols in protocol format */ - char *err; + const char *err; } State; #ifdef USE_TCL_STUBS #ifndef Tcl_StackChannel #error "Unable to compile on this version of Tcl" @@ -196,17 +224,18 @@ * Forward declarations */ const Tcl_ChannelType *Tls_ChannelType(void); Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags); -Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); +Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert, int all); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); -void Tls_Error(State *statePtr, char *msg); +void Tls_Error(State *statePtr, const char *msg); void Tls_Free(tls_free_type *blockPtr); void Tls_Clean(State *statePtr); int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent); BIO *BIO_new_tcl(State* statePtr, int flags); +int BIO_cleanup(); #define PTR2INT(x) ((int) ((intptr_t) (x))) #endif /* _TLSINT_H */ Index: generic/tlsX509.c ================================================================== --- generic/tlsX509.c +++ generic/tlsX509.c @@ -1,6 +1,8 @@ /* + * Parse X.509 certificates and return contents as a TCL key-value list. + * * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman * Copyright (C) 2023 Brian O'Hagan */ #include @@ -12,133 +14,206 @@ #include #include #include "tlsInt.h" /* Define maximum certificate size. Max PEM size 100kB and DER size is 24kB. */ -#define CERT_STR_SIZE 32768 - - -/* - * Binary string to hex string - */ -int String_to_Hex(unsigned char* input, int ilen, unsigned char *output, int olen) { - int count = 0; - unsigned char *iptr = input; - unsigned char *optr = &output[0]; - const char *hex = "0123456789abcdef"; - - for (int i = 0; i < ilen && count < olen - 1; i++, count += 2) { - *optr++ = hex[(*iptr>>4)&0xF]; - *optr++ = hex[(*iptr++)&0xF]; - } - *optr = 0; - return count; -} - -/* - * BIO to Buffer - */ -int BIO_to_Buffer(int result, BIO *bio, void *buffer, int size) { - int len = 0; - int pending = BIO_pending(bio); - - if (result) { - len = BIO_read(bio, buffer, (pending < size) ? pending : size); +#define CERT_STR_SIZE 24576 + + +/* + *----------------------------------------------------------------------------- + * + * String_to_Hex -- + * + * Format contents of a binary string as a hex string + * + * Results: + * TCL byte array object with x509 identifier as a hex string + * + * Side Effects: + * None + * + *----------------------------------------------------------------------------- + */ +Tcl_Obj *String_to_Hex(unsigned char* input, int ilen) { + unsigned char *iptr = input; + Tcl_Obj *resultObj = Tcl_NewByteArrayObj(NULL, 0); + unsigned char *data = Tcl_SetByteArrayLength(resultObj, (Tcl_Size)ilen*2); + unsigned char *dptr = &data[0]; + const char *hex = "0123456789abcdef"; + + if (resultObj == NULL) { + return NULL; + } + + for (int i = 0; i < ilen; i++) { + *dptr++ = hex[(*iptr>>4)&0xF]; + *dptr++ = hex[(*iptr++)&0xF]; + } + return resultObj; +} + +/* + *----------------------------------------------------------------------------- + * + * BIO_to_Buffer -- + * + * Output contents of a BIO to a buffer + * + * Results: + * Returns length of string in buffer + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- + */ +Tcl_Size BIO_to_Buffer(int result, BIO *bio, void *output, int olen) { + Tcl_Size len = 0; + int pending = BIO_pending(bio); + + if (result) { + len = (Tcl_Size) BIO_read(bio, output, (pending < olen) ? pending : olen); (void)BIO_flush(bio); if (len < 0) { len = 0; } } return len; } /* - * Get X509 Certificate Extensions + *----------------------------------------------------------------------------- + * + * Tls_x509Extensions -- + * + * Get list of X.509 Certificate Extensions + * + * Results: + * TCL list of extensions and boolean critical status + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509Extensions(Tcl_Interp *interp, X509 *cert) { const STACK_OF(X509_EXTENSION) *exts; - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((exts = X509_get0_extensions(cert)) != NULL) { for (int i=0; i < X509_get_ext_count(cert); i++) { X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i); ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); /* ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ex); */ int critical = X509_EXTENSION_get_critical(ex); - LAPPEND_BOOL(interp, listPtr, OBJ_nid2ln(OBJ_obj2nid(obj)), critical); + LAPPEND_BOOL(interp, resultObj, OBJ_nid2ln(OBJ_obj2nid(obj)), critical); } } - return listPtr; + return resultObj; } /* - * Get Authority and Subject Key Identifiers + *----------------------------------------------------------------------------- + * + * Tls_x509Identifier -- + * + * Get X.509 certificate Authority or Subject Key Identifiers + * + * Results: + * TCL byte array object with x509 identifier as a hex string + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509Identifier(const ASN1_OCTET_STRING *astring) { - Tcl_Obj *resultPtr = NULL; - int len = 0; - unsigned char buffer[1024]; + Tcl_Obj *resultObj = NULL; if (astring != NULL) { - len = String_to_Hex((unsigned char *)ASN1_STRING_get0_data(astring), - ASN1_STRING_length(astring), buffer, 1024); + resultObj = String_to_Hex((unsigned char *)ASN1_STRING_get0_data(astring), + ASN1_STRING_length(astring)); } - resultPtr = Tcl_NewStringObj((char *) &buffer[0], (Tcl_Size) len); - return resultPtr; + return resultObj; } /* - * Get Key Usage + *----------------------------------------------------------------------------- + * + * Tls_x509KeyUsage -- + * + * Get X.509 certificate key usage types + * + * Results: + * Tcl list of types + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509KeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) { uint32_t usage = X509_get_key_usage(cert); - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((xflags & EXFLAG_KUSAGE) && usage < UINT32_MAX) { if (usage & KU_DIGITAL_SIGNATURE) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Digital Signature", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Digital Signature", -1)); } if (usage & KU_NON_REPUDIATION) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Non-Repudiation", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Non-Repudiation", -1)); } if (usage & KU_KEY_ENCIPHERMENT) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Key Encipherment", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Key Encipherment", -1)); } if (usage & KU_DATA_ENCIPHERMENT) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Data Encipherment", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Data Encipherment", -1)); } if (usage & KU_KEY_AGREEMENT) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Key Agreement", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Key Agreement", -1)); } if (usage & KU_KEY_CERT_SIGN) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Certificate Signing", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Certificate Signing", -1)); } if (usage & KU_CRL_SIGN) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("CRL Signing", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("CRL Signing", -1)); } if (usage & KU_ENCIPHER_ONLY) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Encipher Only", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Encipher Only", -1)); } if (usage & KU_DECIPHER_ONLY) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Decipher Only", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Decipher Only", -1)); } } else { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("unrestricted", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("unrestricted", -1)); } - return listPtr; + return resultObj; } /* - * Get Certificate Purpose + *----------------------------------------------------------------------------- + * + * Tls_x509Purpose -- + * + * Get X.509 certificate purpose + * + * Results: + * Purpose string + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ char *Tls_x509Purpose(X509 *cert) { char *purpose = NULL; if (X509_check_purpose(cert, X509_PURPOSE_SSL_CLIENT, 0) > 0) { @@ -164,17 +239,29 @@ } return purpose; } /* - * For each purpose, get certificate applicability + *----------------------------------------------------------------------------- + * + * Tls_x509Purposes -- + * + * Get X.509 certificate purpose types + * + * Results: + * Tcl list of each purpose and whether it is CA or non-CA + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509Purposes(Tcl_Interp *interp, X509 *cert) { - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); X509_PURPOSE *ptmp; - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } for (int i = 0; i < X509_PURPOSE_get_count(); i++) { ptmp = X509_PURPOSE_get0(i); @@ -183,95 +270,131 @@ for (int j = 0; j < 2; j++) { int idret = X509_check_purpose(cert, X509_PURPOSE_get_id(ptmp), j); Tcl_ListObjAppendElement(interp, tmpPtr, Tcl_NewStringObj(j ? "CA" : "nonCA", -1)); Tcl_ListObjAppendElement(interp, tmpPtr, Tcl_NewStringObj(idret == 1 ? "Yes" : "No", -1)); } - LAPPEND_OBJ(interp, listPtr, X509_PURPOSE_get0_name(ptmp), tmpPtr); + LAPPEND_OBJ(interp, resultObj, X509_PURPOSE_get0_name(ptmp), tmpPtr); } - return listPtr; + return resultObj; } /* - * Get Subject Alternate Names (SAN) and Issuer Alternate Names + *----------------------------------------------------------------------------- + * + * Tls_x509Names -- + * + * Get a list of Subject Alternate Names (SAN) or Issuer Alternate Names + * + * Results: + * Tcl list of alternate names + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509Names(Tcl_Interp *interp, X509 *cert, int nid, BIO *bio) { STACK_OF(GENERAL_NAME) *names; - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); - int len; + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); + Tcl_Size len; char buffer[1024]; - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((names = X509_get_ext_d2i(cert, nid, NULL, NULL)) != NULL) { for (int i=0; i < sk_GENERAL_NAME_num(names); i++) { const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i); len = BIO_to_Buffer(name && GENERAL_NAME_print(bio, (GENERAL_NAME *) name), bio, buffer, 1024); - LAPPEND_STR(interp, listPtr, NULL, buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, NULL, buffer, len); } sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free); } - return listPtr; + return resultObj; } /* - * Get EXtended Key Usage + *----------------------------------------------------------------------------- + * + * Tls_x509ExtKeyUsage -- + * + * Get a list of Extended Key Usages + * + * Returns: + * Tcl list of usages + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509ExtKeyUsage(Tcl_Interp *interp, X509 *cert, uint32_t xflags) { uint32_t usage = X509_get_key_usage(cert); - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((xflags & EXFLAG_XKUSAGE) && usage < UINT32_MAX) { usage = X509_get_extended_key_usage(cert); if (usage & XKU_SSL_SERVER) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("TLS Web Server Authentication", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("TLS Web Server Authentication", -1)); } if (usage & XKU_SSL_CLIENT) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("TLS Web Client Authentication", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("TLS Web Client Authentication", -1)); } if (usage & XKU_SMIME) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("E-mail Protection", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("E-mail Protection", -1)); } if (usage & XKU_CODE_SIGN) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Code Signing", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Code Signing", -1)); } if (usage & XKU_SGC) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("SGC", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("SGC", -1)); } if (usage & XKU_OCSP_SIGN) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("OCSP Signing", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("OCSP Signing", -1)); } if (usage & XKU_TIMESTAMP) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Time Stamping", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Time Stamping", -1)); } if (usage & XKU_DVCS ) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("DVCS", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("DVCS", -1)); } if (usage & XKU_ANYEKU) { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Any Extended Key Usage", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("Any Extended Key Usage", -1)); } } else { - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("unrestricted", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("unrestricted", -1)); } - return listPtr; + return resultObj; } /* - * Get CRL Distribution Points + *----------------------------------------------------------------------------- + * + * Tls_x509CrlDp -- + * + * Get list of CRL Distribution Points + * + * Returns: + * Tcl list of URIs and relative-names + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509CrlDp(Tcl_Interp *interp, X509 *cert) { STACK_OF(DIST_POINT) *crl; - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) != NULL) { for (int i=0; i < sk_DIST_POINT_num(crl); i++) { @@ -283,108 +406,136 @@ for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) { GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j); int type; ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type); if (type == GEN_URI) { - LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri)); + LAPPEND_STR(interp, resultObj, (char *) NULL, (char *) ASN1_STRING_get0_data(uri), (Tcl_Size) ASN1_STRING_length(uri)); } } } else if (distpoint->type == 1) { /* relative-name X509NAME */ STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename; for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) { X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j); ASN1_STRING *d = X509_NAME_ENTRY_get_data(e); - LAPPEND_STR(interp, listPtr, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d)); + LAPPEND_STR(interp, resultObj, (char *) NULL, (char *) ASN1_STRING_data(d), (Tcl_Size) ASN1_STRING_length(d)); } } } CRL_DIST_POINTS_free(crl); } - return listPtr; + return resultObj; } /* - * Get On-line Certificate Status Protocol (OSCP) URL + *----------------------------------------------------------------------------- + * + * Tls_x509Oscp + * + * Get list of On-line Certificate Status Protocol (OSCP) URIs + * + * Results: + * Tcl list of URIs + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509Oscp(Tcl_Interp *interp, X509 *cert) { STACK_OF(OPENSSL_STRING) *ocsp; - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); - if (listPtr == NULL) { + if (resultObj == NULL) { return NULL; } if ((ocsp = X509_get1_ocsp(cert)) != NULL) { for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) { - LAPPEND_STR(interp, listPtr, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1); + LAPPEND_STR(interp, resultObj, NULL, sk_OPENSSL_STRING_value(ocsp, i), -1); } X509_email_free(ocsp); } - return listPtr; + return resultObj; } /* - * Get Certificate Authority (CA) Issuers URL + *----------------------------------------------------------------------------- + * + * Tls_x509CaIssuers -- + * + * Get list of Certificate Authority (CA) Issuer URIs + * + * Results: + * Tcl list of CA issuer URIs + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- */ Tcl_Obj *Tls_x509CaIssuers(Tcl_Interp *interp, X509 *cert) { STACK_OF(ACCESS_DESCRIPTION) *ads; ACCESS_DESCRIPTION *ad; - Tcl_Obj *listPtr = Tcl_NewListObj(0, NULL); + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); unsigned char *buf; - int len; + + if (resultObj == NULL) { + return NULL; + } if ((ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) != NULL) { for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) { ad = sk_ACCESS_DESCRIPTION_value(ads, i); if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) { if (ad->location->type == GEN_URI) { - len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier); - Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj((char *) buf, (Tcl_Size) len)); + Tcl_Size len = (Tcl_Size) ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj((char *) buf, len)); OPENSSL_free(buf); break; } } } /* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */ AUTHORITY_INFO_ACCESS_free(ads); } - return listPtr; + return resultObj; } /* - *------------------------------------------------------* - * - * Tls_NewX509Obj -- - * - * ------------------------------------------------* - * Converts a X509 certificate into a Tcl_Obj - * ------------------------------------------------* - * - * Side effects: - * None - * - * Result: - * A Tcl List Object representing the provided - * X509 certificate. - * - *------------------------------------------------------* - */ - -Tcl_Obj* -Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) { - Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL); - BIO *bio = BIO_new(BIO_s_mem()); - int mdnid, pknid, bits, len; + *----------------------------------------------------------------------------- + * + * Tls_NewX509Obj -- + * + * Parses a X509 certificate and returns contents as a key-value Tcl list. + * + * Result: + * A Tcl List with the X509 certificate info as a key-value list + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- + */ +Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert, int all) { + Tcl_Obj *resultObj = Tcl_NewListObj(0, NULL); + BIO *bio = BIO_new(BIO_s_mem()); + int mdnid, pknid, bits; + Tcl_Size len; unsigned int ulen; uint32_t xflags; - char buffer[BUFSIZ]; - unsigned char md[EVP_MAX_MD_SIZE]; unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT; flags &= ~ASN1_STRFLGS_ESC_MSB; - if (interp == NULL || cert == NULL || bio == NULL || certPtr == NULL) { + char *buffer = ckalloc(BUFSIZ > EVP_MAX_MD_SIZE ? BUFSIZ : EVP_MAX_MD_SIZE); + + dprintf("Called"); + + if (interp == NULL || cert == NULL || bio == NULL || resultObj == NULL || buffer == NULL) { + Tcl_DecrRefCount(resultObj); + BIO_free(bio); + if (buffer != NULL) ckfree(buffer); return NULL; } /* Signature algorithm and value - RFC 5280 section 4.1.1.2 and 4.1.1.3 */ /* signatureAlgorithm is the id of the cryptographic algorithm used by the @@ -396,138 +547,138 @@ int sig_nid; X509_get0_signature(&sig, &sig_alg, cert); /* sig_nid = X509_get_signature_nid(cert) */ sig_nid = OBJ_obj2nid(sig_alg->algorithm); - LAPPEND_STR(interp, certPtr, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1); - len = (sig_nid != NID_undef) ? String_to_Hex(sig->data, sig->length, (unsigned char *) buffer, BUFSIZ) : 0; - LAPPEND_STR(interp, certPtr, "signatureValue", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "signatureAlgorithm", OBJ_nid2ln(sig_nid), -1); + if (sig_nid != NID_undef) { + LAPPEND_OBJ(interp, resultObj, "signatureValue", String_to_Hex(sig->data, sig->length)); + } else { + LAPPEND_STR(interp, resultObj, "signatureValue", "", 0); + } } /* Version of the encoded certificate - RFC 5280 section 4.1.2.1 */ - LAPPEND_LONG(interp, certPtr, "version", X509_get_version(cert)+1); + LAPPEND_LONG(interp, resultObj, "version", X509_get_version(cert)+1); /* Unique number assigned by CA to certificate - RFC 5280 section 4.1.2.2 */ len = BIO_to_Buffer(i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)), bio, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "serialNumber", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "serialNumber", buffer, len); /* Signature algorithm used by the CA to sign the certificate. Must match signatureAlgorithm. RFC 5280 section 4.1.2.3 */ - LAPPEND_STR(interp, certPtr, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1); + LAPPEND_STR(interp, resultObj, "signature", OBJ_nid2ln(X509_get_signature_nid(cert)), -1); /* Issuer identifies the entity that signed and issued the cert. RFC 5280 section 4.1.2.4 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags), bio, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "issuer", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "issuer", buffer, len); /* Certificate validity period is the interval the CA warrants that it will maintain info on the status of the certificate. RFC 5280 section 4.1.2.5 */ /* Get Validity - Not Before */ len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notBefore(cert)), bio, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "notBefore", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "notBefore", buffer, len); /* Get Validity - Not After */ len = BIO_to_Buffer(ASN1_TIME_print(bio, X509_get0_notAfter(cert)), bio, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "notAfter", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "notAfter", buffer, len); /* Subject identifies the entity associated with the public key stored in the subject public key field. RFC 5280 section 4.1.2.6 */ len = BIO_to_Buffer(X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags), bio, buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "subject", buffer, (Tcl_Size) len); + LAPPEND_STR(interp, resultObj, "subject", buffer, len); /* SHA1 Digest (Fingerprint) of cert - DER representation */ - if (X509_digest(cert, EVP_sha1(), md, &ulen)) { - len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "sha1_hash", buffer, (Tcl_Size) ulen); + if (X509_digest(cert, EVP_sha1(), (unsigned char *)buffer, &ulen)) { + LAPPEND_OBJ(interp, resultObj, "sha1_hash", String_to_Hex((unsigned char *)buffer, (int) ulen)); } /* SHA256 Digest (Fingerprint) of cert - DER representation */ - if (X509_digest(cert, EVP_sha256(), md, &ulen)) { - len = String_to_Hex(md, len, (unsigned char *) buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "sha256_hash", buffer, (Tcl_Size) ulen); + if (X509_digest(cert, EVP_sha256(), (unsigned char *)buffer, &ulen)) { + LAPPEND_OBJ(interp, resultObj, "sha256_hash", String_to_Hex((unsigned char *)buffer, (int) ulen)); } /* Subject Public Key Info specifies the public key and identifies the algorithm with which the key is used. RFC 5280 section 4.1.2.7 */ if (X509_get_signature_info(cert, &mdnid, &pknid, &bits, &xflags)) { ASN1_BIT_STRING *key; unsigned int n; - LAPPEND_STR(interp, certPtr, "signingDigest", OBJ_nid2ln(mdnid), -1); - LAPPEND_STR(interp, certPtr, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1); - LAPPEND_INT(interp, certPtr, "bits", bits); /* Effective security bits */ + LAPPEND_STR(interp, resultObj, "signingDigest", OBJ_nid2ln(mdnid), -1); + LAPPEND_STR(interp, resultObj, "publicKeyAlgorithm", OBJ_nid2ln(pknid), -1); + LAPPEND_INT(interp, resultObj, "bits", bits); /* Effective security bits */ key = X509_get0_pubkey_bitstr(cert); - len = String_to_Hex(key->data, key->length, (unsigned char *) buffer, BUFSIZ); - LAPPEND_STR(interp, certPtr, "publicKey", buffer, (Tcl_Size) len); - - len = 0; - if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), md, &n)) { - len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ); - } - LAPPEND_STR(interp, certPtr, "publicKeyHash", buffer, (Tcl_Size) len); + LAPPEND_OBJ(interp, resultObj, "publicKey", String_to_Hex(key->data, key->length)); + + if (X509_pubkey_digest(cert, EVP_get_digestbynid(pknid), (unsigned char *)buffer, &n)) { + LAPPEND_OBJ(interp, resultObj, "publicKeyHash", String_to_Hex((unsigned char *)buffer, (int) n)); + } else { + LAPPEND_STR(interp, resultObj, "publicKeyHash", "", 0); + } /* digest of the DER representation of the certificate */ - len = 0; - if (X509_digest(cert, EVP_get_digestbynid(mdnid), md, &n)) { - len = String_to_Hex(md, (int) n, (unsigned char *) buffer, BUFSIZ); + if (X509_digest(cert, EVP_get_digestbynid(mdnid), (unsigned char *)buffer, &n)) { + LAPPEND_OBJ(interp, resultObj, "signatureHash", String_to_Hex((unsigned char *)buffer, (int) n)); + } else { + LAPPEND_STR(interp, resultObj, "signatureHash", "", 0); } - LAPPEND_STR(interp, certPtr, "signatureHash", buffer, (Tcl_Size) len); } /* Certificate Purpose. Call before checking for extensions. */ - LAPPEND_STR(interp, certPtr, "purpose", Tls_x509Purpose(cert), -1); - LAPPEND_OBJ(interp, certPtr, "certificatePurpose", Tls_x509Purposes(interp, cert)); + LAPPEND_STR(interp, resultObj, "purpose", Tls_x509Purpose(cert), -1); + LAPPEND_OBJ(interp, resultObj, "certificatePurpose", Tls_x509Purposes(interp, cert)); /* Get extensions flags */ xflags = X509_get_extension_flags(cert); - LAPPEND_INT(interp, certPtr, "extFlags", xflags); + LAPPEND_INT(interp, resultObj, "extFlags", xflags); /* Check if cert was issued by CA cert issuer or self signed */ - LAPPEND_BOOL(interp, certPtr, "selfIssued", xflags & EXFLAG_SI); - LAPPEND_BOOL(interp, certPtr, "selfSigned", xflags & EXFLAG_SS); - LAPPEND_BOOL(interp, certPtr, "isProxyCert", xflags & EXFLAG_PROXY); - LAPPEND_BOOL(interp, certPtr, "extInvalid", xflags & EXFLAG_INVALID); - LAPPEND_BOOL(interp, certPtr, "isCACert", X509_check_ca(cert)); + LAPPEND_BOOL(interp, resultObj, "selfIssued", xflags & EXFLAG_SI); + LAPPEND_BOOL(interp, resultObj, "selfSigned", xflags & EXFLAG_SS); + LAPPEND_BOOL(interp, resultObj, "isProxyCert", xflags & EXFLAG_PROXY); + LAPPEND_BOOL(interp, resultObj, "extInvalid", xflags & EXFLAG_INVALID); + LAPPEND_BOOL(interp, resultObj, "isCACert", X509_check_ca(cert)); /* The Unique Ids are used to handle the possibility of reuse of subject and/or issuer names over time. RFC 5280 section 4.1.2.8 */ { const ASN1_BIT_STRING *iuid, *suid; - X509_get0_uids(cert, &iuid, &suid); + X509_get0_uids(cert, &iuid, &suid); - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewByteArrayObj((const unsigned char *)iuid->data, (Tcl_Size) iuid->length)); } else { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("", -1)); } - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("subjectUniqueId", -1)); if (suid != NULL) { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewByteArrayObj((const unsigned char *)suid->data, (Tcl_Size) suid->length)); } else { - Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); + Tcl_ListObjAppendElement(interp, resultObj, Tcl_NewStringObj("", -1)); } } /* X509 v3 Extensions - RFC 5280 section 4.1.2.9 */ - LAPPEND_INT(interp, certPtr, "extCount", X509_get_ext_count(cert)); - LAPPEND_OBJ(interp, certPtr, "extensions", Tls_x509Extensions(interp, cert)); + LAPPEND_INT(interp, resultObj, "extCount", X509_get_ext_count(cert)); + LAPPEND_OBJ(interp, resultObj, "extensions", Tls_x509Extensions(interp, cert)); /* Authority Key Identifier (AKI) is the Subject Key Identifier (SKI) of its signer (the CA). RFC 5280 section 4.2.1.1, NID_authority_key_identifier */ - LAPPEND_OBJ(interp, certPtr, "authorityKeyIdentifier", + LAPPEND_OBJ(interp, resultObj, "authorityKeyIdentifier", Tls_x509Identifier(X509_get0_authority_key_id(cert))); /* Subject Key Identifier (SKI) is used to identify certificates that contain a particular public key. RFC 5280 section 4.2.1.2, NID_subject_key_identifier */ - LAPPEND_OBJ(interp, certPtr, "subjectKeyIdentifier", + LAPPEND_OBJ(interp, resultObj, "subjectKeyIdentifier", Tls_x509Identifier(X509_get0_subject_key_id(cert))); /* Key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key in the certificate. RFC 5280 section 4.2.1.3, NID_key_usage */ - LAPPEND_OBJ(interp, certPtr, "keyUsage", Tls_x509KeyUsage(interp, cert, xflags)); + LAPPEND_OBJ(interp, resultObj, "keyUsage", Tls_x509KeyUsage(interp, cert, xflags)); /* Certificate Policies - indicates the issuing CA considers its issuerDomainPolicy equivalent to the subject CA's subjectDomainPolicy. RFC 5280 section 4.2.1.4, NID_certificate_policies */ if (xflags & EXFLAG_INVALID_POLICY) { /* Reject cert */ @@ -535,27 +686,27 @@ /* Policy Mappings - RFC 5280 section 4.2.1.5, NID_policy_mappings */ /* Subject Alternative Name (SAN) contains additional URLs, DNS names, or IP addresses bound to certificate. RFC 5280 section 4.2.1.6, NID_subject_alt_name */ - LAPPEND_OBJ(interp, certPtr, "subjectAltName", Tls_x509Names(interp, cert, NID_subject_alt_name, bio)); + LAPPEND_OBJ(interp, resultObj, "subjectAltName", Tls_x509Names(interp, cert, NID_subject_alt_name, bio)); /* Issuer Alternative Name is used to associate Internet style identities with the certificate issuer. RFC 5280 section 4.2.1.7, NID_issuer_alt_name */ - LAPPEND_OBJ(interp, certPtr, "issuerAltName", Tls_x509Names(interp, cert, NID_issuer_alt_name, bio)); + LAPPEND_OBJ(interp, resultObj, "issuerAltName", Tls_x509Names(interp, cert, NID_issuer_alt_name, bio)); /* Subject Directory Attributes provides identification attributes (e.g., nationality) of the subject. RFC 5280 section 4.2.1.8 (subjectDirectoryAttributes) */ /* Basic Constraints identifies whether the subject of the cert is a CA and the max depth of valid cert paths for this cert. RFC 5280 section 4.2.1.9, NID_basic_constraints */ if (!(xflags & EXFLAG_PROXY)) { - LAPPEND_LONG(interp, certPtr, "pathLen", X509_get_pathlen(cert)); + LAPPEND_LONG(interp, resultObj, "pathLen", X509_get_pathlen(cert)); } else { - LAPPEND_LONG(interp, certPtr, "pathLen", X509_get_proxy_pathlen(cert)); + LAPPEND_LONG(interp, resultObj, "pathLen", X509_get_proxy_pathlen(cert)); } - LAPPEND_BOOL(interp, certPtr, "basicConstraintsCA", xflags & EXFLAG_CA); + LAPPEND_BOOL(interp, resultObj, "basicConstraintsCA", xflags & EXFLAG_CA); /* Name Constraints is only used in CA certs to indicate the name space for all subject names in subsequent certificates in a certification path MUST be located. RFC 5280 section 4.2.1.10, NID_name_constraints */ @@ -562,52 +713,66 @@ /* Policy Constraints is only used in CA certs to limit the length of a cert chain for that CA. RFC 5280 section 4.2.1.11, NID_policy_constraints */ /* Extended Key Usage indicates the purposes the certified public key may be used, beyond the basic purposes. RFC 5280 section 4.2.1.12, NID_ext_key_usage */ - LAPPEND_OBJ(interp, certPtr, "extendedKeyUsage", Tls_x509ExtKeyUsage(interp, cert, xflags)); + LAPPEND_OBJ(interp, resultObj, "extendedKeyUsage", Tls_x509ExtKeyUsage(interp, cert, xflags)); /* CRL Distribution Points identifies where CRL information can be obtained. RFC 5280 section 4.2.1.13*/ - LAPPEND_OBJ(interp, certPtr, "crlDistributionPoints", Tls_x509CrlDp(interp, cert)); + LAPPEND_OBJ(interp, resultObj, "crlDistributionPoints", Tls_x509CrlDp(interp, cert)); /* Freshest CRL extension */ if (xflags & EXFLAG_FRESHEST) { } /* Authority Information Access indicates how to access info and services for the certificate issuer. RFC 5280 section 4.2.2.1, NID_info_access */ - /* Get On-line Certificate Status Protocol (OSCP) Responders URL */ - LAPPEND_OBJ(interp, certPtr, "ocspResponders", Tls_x509Oscp(interp, cert)); + /* On-line Certificate Status Protocol (OSCP) Responders URL */ + LAPPEND_OBJ(interp, resultObj, "ocspResponders", Tls_x509Oscp(interp, cert)); - /* Get Certificate Authority (CA) Issuers URL */ - LAPPEND_OBJ(interp, certPtr, "caIssuers", Tls_x509CaIssuers(interp, cert)); + /* Certificate Authority (CA) Issuers URL */ + LAPPEND_OBJ(interp, resultObj, "caIssuers", Tls_x509CaIssuers(interp, cert)); /* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */ /* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the friendlyName attribute (RFC 2985). */ { - len = 0; - unsigned char *string = X509_alias_get0(cert, &len); - LAPPEND_STR(interp, certPtr, "alias", (char *) string, (Tcl_Size) len); - string = X509_keyid_get0(cert, &len); - LAPPEND_STR(interp, certPtr, "keyId", (char *) string, (Tcl_Size) len); + int ilen = 0; + unsigned char *string = X509_alias_get0(cert, &ilen); + LAPPEND_STR(interp, resultObj, "alias", (char *) string, (Tcl_Size) ilen); + string = X509_keyid_get0(cert, &ilen); + LAPPEND_STR(interp, resultObj, "keyId", (char *) string, (Tcl_Size) ilen); } /* Certificate and dump all data */ - { - char certStr[CERT_STR_SIZE]; + if (all) { + Tcl_Obj *allObj = Tcl_NewByteArrayObj(NULL, 0); + Tcl_Obj *certObj = Tcl_NewByteArrayObj(NULL, 0); + unsigned char *allStr, *certStr; + + if (allObj == NULL || certObj == NULL) { + Tcl_DecrRefCount(allObj); + BIO_free(bio); + ckfree(buffer); + return resultObj; + } /* Get certificate */ + certStr = Tcl_SetByteArrayLength(certObj, CERT_STR_SIZE); len = BIO_to_Buffer(PEM_write_bio_X509(bio, cert), bio, certStr, CERT_STR_SIZE); - LAPPEND_STR(interp, certPtr, "certificate", certStr, (Tcl_Size) len); + Tcl_SetByteArrayLength(certObj, len); + LAPPEND_OBJ(interp, resultObj, "certificate", certObj) - /* Get all cert info */ - len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, certStr, CERT_STR_SIZE); - LAPPEND_STR(interp, certPtr, "all", certStr, (Tcl_Size) len); + /* Get all info on certificate */ + allStr = Tcl_SetByteArrayLength(allObj, CERT_STR_SIZE * 2); + len = BIO_to_Buffer(X509_print_ex(bio, cert, flags, 0), bio, allStr, CERT_STR_SIZE * 2); + Tcl_SetByteArrayLength(allObj, len); + LAPPEND_OBJ(interp, resultObj, "all", allObj) } BIO_free(bio); - return certPtr; + ckfree(buffer); + return resultObj; } Index: library/tls.tcl ================================================================== --- library/tls.tcl +++ library/tls.tcl @@ -1,5 +1,7 @@ +# +# Support functions for the TLS extension # # Copyright (C) 1997-2000 Matt Newman # namespace eval tls { variable logcmd tclLog @@ -13,11 +15,11 @@ variable srvuid 0 # Over-ride this if you are using a different socket command variable socketCmd if {![info exists socketCmd]} { - set socketCmd [info command ::socket] + set socketCmd [info command ::socket] } # This is the possible arguments to tls::socket and tls::init # The format of this is a list of lists ## Each inner list contains the following elements @@ -26,42 +28,43 @@ ### Variable to add the option to: #### sopts: [socket] option #### iopts: [tls::import] option ### How many arguments the following the option to consume variable socketOptionRules { - {0 -async sopts 0} - {* -myaddr sopts 1} - {0 -myport sopts 1} - {* -type sopts 1} - {* -alpn iopts 1} - {* -cadir iopts 1} - {* -cafile iopts 1} - {* -cert iopts 1} - {* -certfile iopts 1} - {* -cipher iopts 1} - {* -ciphersuites iopts 1} - {* -command iopts 1} - {* -dhparams iopts 1} - {* -key iopts 1} - {* -keyfile iopts 1} - {* -password iopts 1} - {* -post_handshake iopts 1} - {* -request iopts 1} - {* -require iopts 1} - {* -securitylevel iopts 1} - {* -autoservername discardOpts 1} - {* -server iopts 1} - {* -servername iopts 1} - {* -session_id iopts 1} - {* -ssl2 iopts 1} - {* -ssl3 iopts 1} - {* -tls1 iopts 1} - {* -tls1.1 iopts 1} - {* -tls1.2 iopts 1} - {* -tls1.3 iopts 1} - {* -validatecommand iopts 1} - {* -vcmd iopts 1} + {0 -async sopts 0} + {* -myaddr sopts 1} + {0 -myport sopts 1} + {* -type sopts 1} + {* -alpn iopts 1} + {* -cadir iopts 1} + {* -cafile iopts 1} + {* -castore iopts 1} + {* -cert iopts 1} + {* -certfile iopts 1} + {* -cipher iopts 1} + {* -ciphersuites iopts 1} + {* -command iopts 1} + {* -dhparams iopts 1} + {* -key iopts 1} + {* -keyfile iopts 1} + {* -password iopts 1} + {* -post_handshake iopts 1} + {* -request iopts 1} + {* -require iopts 1} + {* -securitylevel iopts 1} + {* -autoservername discardOpts 1} + {* -server iopts 1} + {* -servername iopts 1} + {* -session_id iopts 1} + {* -ssl2 iopts 1} + {* -ssl3 iopts 1} + {* -tls1 iopts 1} + {* -tls1.1 iopts 1} + {* -tls1.2 iopts 1} + {* -tls1.3 iopts 1} + {* -validatecommand iopts 1} + {* -vcmd iopts 1} } # tls::socket and tls::init options as a humane readable string variable socketOptionsNoServer variable socketOptionsServer @@ -76,11 +79,11 @@ variable socketOptionsServer variable socketOptionsSwitchBody # Do not re-run if we have already been initialized if {[info exists socketOptionsSwitchBody]} { - return + return } # Create several structures from our list of options ## 1. options: a text representation of the valid options for the current ## server type @@ -87,47 +90,47 @@ ## 2. argSwitchBody: Switch body for processing arguments set options(0) [list] set options(1) [list] set argSwitchBody [list] foreach optionRule $socketOptionRules { - set ruleServer [lindex $optionRule 0] - set ruleOption [lindex $optionRule 1] - set ruleVarToUpdate [lindex $optionRule 2] - set ruleVarArgsToConsume [lindex $optionRule 3] - - foreach server [list 0 1] { - if {![string match $ruleServer $server]} { - continue - } - - lappend options($server) $ruleOption - } - - switch -- $ruleVarArgsToConsume { - 0 { - set argToExecute { - lappend @VAR@ $arg - set argsArray($arg) true - } - } - 1 { - set argToExecute { - incr idx - if {$idx >= [llength $args]} { - return -code error "\"$arg\" option must be followed by value" - } - set argValue [lindex $args $idx] - lappend @VAR@ $arg $argValue - set argsArray($arg) $argValue - } - } - default { - return -code error "Internal argument construction error" - } - } - - lappend argSwitchBody $ruleServer,$ruleOption [string map [list @VAR@ $ruleVarToUpdate] $argToExecute] + set ruleServer [lindex $optionRule 0] + set ruleOption [lindex $optionRule 1] + set ruleVarToUpdate [lindex $optionRule 2] + set ruleVarArgsToConsume [lindex $optionRule 3] + + foreach server [list 0 1] { + if {![string match $ruleServer $server]} { + continue + } + + lappend options($server) $ruleOption + } + + switch -- $ruleVarArgsToConsume { + 0 { + set argToExecute { + lappend @VAR@ $arg + set argsArray($arg) true + } + } + 1 { + set argToExecute { + incr idx + if {$idx >= [llength $args]} { + return -code error "\"$arg\" option must be followed by value" + } + set argValue [lindex $args $idx] + lappend @VAR@ $arg $argValue + set argsArray($arg) $argValue + } + } + default { + return -code error "Internal argument construction error" + } + } + + lappend argSwitchBody $ruleServer,$ruleOption [string map [list @VAR@ $ruleVarToUpdate] $argToExecute] } # Add in the final options lappend argSwitchBody {*,-*} {return -code error "bad option \"$arg\": must be one of $options"} lappend argSwitchBody default break @@ -213,16 +216,16 @@ set server 1 set callback [lindex $args [expr {$idx+1}]] set args [lreplace $args $idx [expr {$idx+1}]] set usage "wrong # args: should be \"tls::socket -server command ?options? port\"" - set options $socketOptionsServer + set options $socketOptionsServer } else { set server 0 set usage "wrong # args: should be \"tls::socket ?options? host port\"" - set options $socketOptionsNoServer + set options $socketOptionsNoServer } # Combine defaults with current options set args [concat $defaults $args] @@ -253,17 +256,17 @@ } set host [lindex $args [expr {$argc-2}]] set port [lindex $args [expr {$argc-1}]] - # If an "-autoservername" option is found, honor it - if {[info exists argsArray(-autoservername)] && $argsArray(-autoservername)} { - if {![info exists argsArray(-servername)]} { - set argsArray(-servername) $host - lappend iopts -servername $host - } - } + # If an "-autoservername" option is found, honor it + if {[info exists argsArray(-autoservername)] && $argsArray(-autoservername)} { + if {![info exists argsArray(-servername)]} { + set argsArray(-servername) $host + lappend iopts -servername $host + } + } lappend sopts $host $port } # # Create TCP/IP socket @@ -313,89 +316,83 @@ log 2 "tls::_accept - called \"$callback\" succeeded" } } # -# Sample callback for hooking: - -# -# error -# verify -# info -# -proc tls::callback {option args} { - variable debug - - #log 2 [concat $option $args] +# Sample callback for status data from OpenSSL +# +proc tls::callback {option chan args} { + variable debug switch -- $option { "error" { - foreach {chan msg} $args break + lassign $args msg log 0 "TLS/$chan: error: $msg" } "info" { - # poor man's lassign - foreach {chan major minor msg type} $args break + set type "" + lassign $args major minor msg type - if {$msg != ""} { + if {$msg ne ""} { append state ": $msg" } # For tracing upvar #0 tls::$chan cb set cb($major) $minor log 2 "TLS/$chan: $major/$minor: $state" } "message" { - # poor man's lassign - foreach {chan direction version content_type msg} $args break - - log 0 "TLS/$chan: info: $direction $msg" - } - "session" { - foreach {chan session_id ticket lifetime} $args break - - log 0 "TLS/$chan: session: lifetime $lifetime" - } - default { - return -code error "bad option \"$option\":\ - must be one of error, info, or session" - } - } -} - -# -# Sample callback when return value is needed -# -proc tls::validate_command {option args} { - variable debug - - #log 2 [concat $option $args] - - switch -- $option { - "alpn" { - foreach {chan protocol match} $args break - - log 0 "TLS/$chan: alpn: $protocol $match" - } - "hello" { - foreach {chan servername} $args break - - log 0 "TLS/$chan: hello: $servername" - } - "sni" { - foreach {chan servername} $args break - - log 0 "TLS/$chan: sni: $servername" - } - "verify" { - # poor man's lassign - foreach {chan depth cert rc err} $args break - - array set c $cert - - if {$rc != "1"} { + lassign $args direction version content_type msg + + log 0 "TLS/$chan: info: $direction $msg" + } + "session" { + lassign $args session_id ticket lifetime + + log 0 "TLS/$chan: session: lifetime $lifetime" + } + "verify" { + # Backwards compatible for v1.7 + return [tls::validate_command $option $chan {*}$args] + } + default { + return -code error "bad option \"$option\":\ + must be one of error, info, message, or session" + } + } +} + +# +# Sample callback when return value is needed. New for TLS 1.8+. +# +proc tls::validate_command {option chan args} { + variable debug + + switch -- $option { + "alpn" { + lassign $args protocol match + + log 0 "TLS/$chan: alpn: $protocol $match" + } + "hello" { + lassign $args servername + + log 0 "TLS/$chan: hello: $servername" + } + "sni" { + lassign $args servername + + log 0 "TLS/$chan: sni: $servername" + } + "verify" { + lassign $args depth cert rc err + + array set c $cert + + if {$rc ne "1"} { log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)" } else { log 2 "TLS/$chan: verify/$depth: $c(subject)" } if {$debug > 0} { @@ -404,21 +401,21 @@ return $rc } } default { return -code error "bad option \"$option\":\ - must be one of alpn, info, or verify" + must be one of alpn, hello, sni, or verify" } } return 1 } proc tls::xhandshake {chan} { upvar #0 tls::$chan cb if {[info exists cb(handshake)] && \ - $cb(handshake) == "done"} { + $cb(handshake) eq "done"} { return 1 } while {1} { vwait tls::${chan}(handshake) if {![info exists cb(handshake)]} { @@ -428,23 +425,26 @@ return 1 } } } -proc tls::password {rwflag size} { +# +# Sample callback to get password when needed. Args are new for TLS 1.8+. +# +proc tls::password {{option password} {rwflag 0} {size 0}} { log 0 "TLS/Password: did you forget to set your passwd!" # Return the worlds best kept secret password. return "secret" } proc tls::log {level msg} { variable debug variable logcmd - if {$level > $debug || $logcmd == ""} { + if {$level > $debug || $logcmd eq ""} { return } set cmd $logcmd lappend cmd $msg uplevel #0 $cmd } Index: license.terms ================================================================== --- license.terms +++ license.terms @@ -25,14 +25,14 @@ NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. GOVERNMENT USE: If you are acquiring this software on behalf of the U.S. government, the Government shall have only "Restricted Rights" -in the software and related documentation as defined in the Federal +in the software and related documentation as defined in the Federal Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2). If you are acquiring the software on behalf of the Department of Defense, the software shall be classified as "Commercial Computer Software" and the Government shall have only "Restricted Rights" as defined in Clause 252.227-7013 (c) (1) of DFARs. Notwithstanding the foregoing, the authors grant the U.S. Government and others acting in its behalf permission to use and distribute the software in accordance with the -terms specified in this license. +terms specified in this license. Index: pkgIndex.tcl.in ================================================================== --- pkgIndex.tcl.in +++ pkgIndex.tcl.in @@ -1,25 +1,32 @@ # -*- tcl -*- # Tcl package index file, version 1.1 # if {[package vsatisfies [package provide Tcl] 9.0-]} { - package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ \ - [list load [file join $dir @PKG_LIB_FILE9@] [string totitle @PACKAGE_NAME@]] - set initScript [file join $dir @PACKAGE_NAME@.tcl] - if {[file exists $initScript]} { - source -encoding utf-8 $initScript - } + package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} { + # Load library + load [file join $dir @PKG_LIB_FILE9@] [string totitle @PACKAGE_NAME@] + + # Source init file + set initScript [file join $dir @PACKAGE_NAME@.tcl] + if {[file exists $initScript]} { + source -encoding utf-8 $initScript + } + }} $dir] } else { if {![package vsatisfies [package provide Tcl] 8.5]} {return} package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} { + # Load library if {[string tolower [file extension @PKG_LIB_FILE8@]] in [list .dll .dylib .so]} { # Load dynamic library load [file join $dir @PKG_LIB_FILE8@] [string totitle @PACKAGE_NAME@] } else { # Static library load {} [string totitle @PACKAGE_NAME@] } + + # Source init file set initScript [file join $dir @PACKAGE_NAME@.tcl] if {[file exists $initScript]} { source -encoding utf-8 $initScript } }} $dir] Index: tclconfig/tcl.m4 ================================================================== --- tclconfig/tcl.m4 +++ tclconfig/tcl.m4 @@ -140,14 +140,20 @@ `ls -d /usr/local/lib 2>/dev/null` \ `ls -d /usr/contrib/lib 2>/dev/null` \ `ls -d /usr/pkg/lib 2>/dev/null` \ `ls -d /usr/lib 2>/dev/null` \ `ls -d /usr/lib64 2>/dev/null` \ + `ls -d /usr/lib/tcl9.0 2>/dev/null` \ + `ls -d /usr/lib/tcl8.7 2>/dev/null` \ `ls -d /usr/lib/tcl8.6 2>/dev/null` \ `ls -d /usr/lib/tcl8.5 2>/dev/null` \ + `ls -d /usr/local/lib/tcl9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tcl8.7 2>/dev/null` \ `ls -d /usr/local/lib/tcl8.6 2>/dev/null` \ `ls -d /usr/local/lib/tcl8.5 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tcl9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tcl8.7 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tcl8.6 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tcl8.5 2>/dev/null` \ ; do if test -f "$i/tclConfig.sh" ; then ac_cv_c_tclconfig="`(cd $i; pwd)`" @@ -217,10 +223,14 @@ no_tk=true AC_ARG_WITH(tk, AS_HELP_STRING([--with-tk], [directory containing tk configuration (tkConfig.sh)]), [with_tkconfig="${withval}"]) + AC_ARG_WITH(tk8, + AS_HELP_STRING([--with-tk8], + [Compile for Tk8 in Tk9 environment]), + [with_tk8="${withval}"]) AC_MSG_CHECKING([for Tk configuration]) AC_CACHE_VAL(ac_cv_c_tkconfig,[ # First check to see if --with-tkconfig was specified. if test x"${with_tkconfig}" != x ; then @@ -284,16 +294,22 @@ `ls -d ${exec_prefix}/lib 2>/dev/null` \ `ls -d ${prefix}/lib 2>/dev/null` \ `ls -d /usr/local/lib 2>/dev/null` \ `ls -d /usr/contrib/lib 2>/dev/null` \ `ls -d /usr/pkg/lib 2>/dev/null` \ + `ls -d /usr/lib/tk9.0 2>/dev/null` \ + `ls -d /usr/lib/tk8.7 2>/dev/null` \ `ls -d /usr/lib/tk8.6 2>/dev/null` \ `ls -d /usr/lib/tk8.5 2>/dev/null` \ `ls -d /usr/lib 2>/dev/null` \ `ls -d /usr/lib64 2>/dev/null` \ + `ls -d /usr/local/lib/tk9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tk8.7 2>/dev/null` \ `ls -d /usr/local/lib/tk8.6 2>/dev/null` \ `ls -d /usr/local/lib/tk8.5 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tk9.0 2>/dev/null` \ + `ls -d /usr/local/lib/tcl/tk8.7 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tk8.6 2>/dev/null` \ `ls -d /usr/local/lib/tcl/tk8.5 2>/dev/null` \ ; do if test -f "$i/tkConfig.sh" ; then ac_cv_c_tkconfig="`(cd $i; pwd)`" @@ -368,26 +384,26 @@ AC_DEFUN([TEA_LOAD_TCLCONFIG], [ AC_MSG_CHECKING([for existence of ${TCL_BIN_DIR}/tclConfig.sh]) if test -f "${TCL_BIN_DIR}/tclConfig.sh" ; then - AC_MSG_RESULT([loading]) + AC_MSG_RESULT([loading]) . "${TCL_BIN_DIR}/tclConfig.sh" else - AC_MSG_RESULT([could not find ${TCL_BIN_DIR}/tclConfig.sh]) + AC_MSG_RESULT([could not find ${TCL_BIN_DIR}/tclConfig.sh]) fi # If the TCL_BIN_DIR is the build directory (not the install directory), # then set the common variable name to the value of the build variables. # For example, the variable TCL_LIB_SPEC will be set to the value # of TCL_BUILD_LIB_SPEC. An extension should make use of TCL_LIB_SPEC # instead of TCL_BUILD_LIB_SPEC since it will work with both an # installed and uninstalled version of Tcl. if test -f "${TCL_BIN_DIR}/Makefile" ; then - TCL_LIB_SPEC="${TCL_BUILD_LIB_SPEC}" - TCL_STUB_LIB_SPEC="${TCL_BUILD_STUB_LIB_SPEC}" - TCL_STUB_LIB_PATH="${TCL_BUILD_STUB_LIB_PATH}" + TCL_LIB_SPEC="${TCL_BUILD_LIB_SPEC}" + TCL_STUB_LIB_SPEC="${TCL_BUILD_STUB_LIB_SPEC}" + TCL_STUB_LIB_PATH="${TCL_BUILD_STUB_LIB_PATH}" elif test "`uname -s`" = "Darwin"; then # If Tcl was built as a framework, attempt to use the libraries # from the framework at the given location so that linking works # against Tcl.framework installed in an arbitrary location. case ${TCL_DEFS} in @@ -476,26 +492,26 @@ AC_DEFUN([TEA_LOAD_TKCONFIG], [ AC_MSG_CHECKING([for existence of ${TK_BIN_DIR}/tkConfig.sh]) if test -f "${TK_BIN_DIR}/tkConfig.sh" ; then - AC_MSG_RESULT([loading]) + AC_MSG_RESULT([loading]) . "${TK_BIN_DIR}/tkConfig.sh" else - AC_MSG_RESULT([could not find ${TK_BIN_DIR}/tkConfig.sh]) + AC_MSG_RESULT([could not find ${TK_BIN_DIR}/tkConfig.sh]) fi # If the TK_BIN_DIR is the build directory (not the install directory), # then set the common variable name to the value of the build variables. # For example, the variable TK_LIB_SPEC will be set to the value # of TK_BUILD_LIB_SPEC. An extension should make use of TK_LIB_SPEC # instead of TK_BUILD_LIB_SPEC since it will work with both an # installed and uninstalled version of Tcl. if test -f "${TK_BIN_DIR}/Makefile" ; then - TK_LIB_SPEC="${TK_BUILD_LIB_SPEC}" - TK_STUB_LIB_SPEC="${TK_BUILD_STUB_LIB_SPEC}" - TK_STUB_LIB_PATH="${TK_BUILD_STUB_LIB_PATH}" + TK_LIB_SPEC="${TK_BUILD_LIB_SPEC}" + TK_STUB_LIB_SPEC="${TK_BUILD_STUB_LIB_SPEC}" + TK_STUB_LIB_PATH="${TK_BUILD_STUB_LIB_PATH}" elif test "`uname -s`" = "Darwin"; then # If Tk was built as a framework, attempt to use the libraries # from the framework at the given location so that linking works # against Tk.framework installed in an arbitrary location. case ${TK_DEFS} in @@ -569,41 +585,41 @@ #------------------------------------------------------------------------ AC_DEFUN([TEA_PROG_TCLSH], [ AC_MSG_CHECKING([for tclsh]) if test -f "${TCL_BIN_DIR}/Makefile" ; then - # tclConfig.sh is in Tcl build directory - if test "${TEA_PLATFORM}" = "windows"; then - if test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" - elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" ; then - TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" - fi - else - TCLSH_PROG="${TCL_BIN_DIR}/tclsh" - fi - else - # tclConfig.sh is in install location - if test "${TEA_PLATFORM}" = "windows"; then - TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" - else - TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}.${TCL_MINOR_VERSION}" - fi - list="`ls -d ${TCL_BIN_DIR}/../bin 2>/dev/null` \ - `ls -d ${TCL_BIN_DIR}/.. 2>/dev/null` \ - `ls -d ${TCL_PREFIX}/bin 2>/dev/null`" - for i in $list ; do - if test -f "$i/${TCLSH_PROG}" ; then - REAL_TCL_BIN_DIR="`cd "$i"; pwd`/" - break - fi - done - TCLSH_PROG="${REAL_TCL_BIN_DIR}${TCLSH_PROG}" + # tclConfig.sh is in Tcl build directory + if test "${TEA_PLATFORM}" = "windows"; then + if test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}s${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}t${EXEEXT}" + elif test -f "${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" ; then + TCLSH_PROG="${TCL_BIN_DIR}/tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}st${EXEEXT}" + fi + else + TCLSH_PROG="${TCL_BIN_DIR}/tclsh" + fi + else + # tclConfig.sh is in install location + if test "${TEA_PLATFORM}" = "windows"; then + TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}${TCL_MINOR_VERSION}${EXEEXT}" + else + TCLSH_PROG="tclsh${TCL_MAJOR_VERSION}.${TCL_MINOR_VERSION}" + fi + list="`ls -d ${TCL_BIN_DIR}/../bin 2>/dev/null` \ + `ls -d ${TCL_BIN_DIR}/.. 2>/dev/null` \ + `ls -d ${TCL_PREFIX}/bin 2>/dev/null`" + for i in $list ; do + if test -f "$i/${TCLSH_PROG}" ; then + REAL_TCL_BIN_DIR="`cd "$i"; pwd`/" + break + fi + done + TCLSH_PROG="${REAL_TCL_BIN_DIR}${TCLSH_PROG}" fi AC_MSG_RESULT([${TCLSH_PROG}]) AC_SUBST(TCLSH_PROG) ]) @@ -627,41 +643,41 @@ #------------------------------------------------------------------------ AC_DEFUN([TEA_PROG_WISH], [ AC_MSG_CHECKING([for wish]) if test -f "${TK_BIN_DIR}/Makefile" ; then - # tkConfig.sh is in Tk build directory - if test "${TEA_PLATFORM}" = "windows"; then - if test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" ; then - WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" - elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}s${EXEEXT}" ; then - WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}$s{EXEEXT}" - elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}t${EXEEXT}" ; then - WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}t${EXEEXT}" - elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}st${EXEEXT}" ; then - WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}st${EXEEXT}" - fi - else - WISH_PROG="${TK_BIN_DIR}/wish" - fi - else - # tkConfig.sh is in install location - if test "${TEA_PLATFORM}" = "windows"; then - WISH_PROG="wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" - else - WISH_PROG="wish${TK_MAJOR_VERSION}.${TK_MINOR_VERSION}" - fi - list="`ls -d ${TK_BIN_DIR}/../bin 2>/dev/null` \ - `ls -d ${TK_BIN_DIR}/.. 2>/dev/null` \ - `ls -d ${TK_PREFIX}/bin 2>/dev/null`" - for i in $list ; do - if test -f "$i/${WISH_PROG}" ; then - REAL_TK_BIN_DIR="`cd "$i"; pwd`/" - break - fi - done - WISH_PROG="${REAL_TK_BIN_DIR}${WISH_PROG}" + # tkConfig.sh is in Tk build directory + if test "${TEA_PLATFORM}" = "windows"; then + if test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" ; then + WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" + elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}s${EXEEXT}" ; then + WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}$s{EXEEXT}" + elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}t${EXEEXT}" ; then + WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}t${EXEEXT}" + elif test -f "${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}st${EXEEXT}" ; then + WISH_PROG="${TK_BIN_DIR}/wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}st${EXEEXT}" + fi + else + WISH_PROG="${TK_BIN_DIR}/wish" + fi + else + # tkConfig.sh is in install location + if test "${TEA_PLATFORM}" = "windows"; then + WISH_PROG="wish${TK_MAJOR_VERSION}${TK_MINOR_VERSION}${EXEEXT}" + else + WISH_PROG="wish${TK_MAJOR_VERSION}.${TK_MINOR_VERSION}" + fi + list="`ls -d ${TK_BIN_DIR}/../bin 2>/dev/null` \ + `ls -d ${TK_BIN_DIR}/.. 2>/dev/null` \ + `ls -d ${TK_PREFIX}/bin 2>/dev/null`" + for i in $list ; do + if test -f "$i/${WISH_PROG}" ; then + REAL_TK_BIN_DIR="`cd "$i"; pwd`/" + break + fi + done + WISH_PROG="${REAL_TK_BIN_DIR}${WISH_PROG}" fi AC_MSG_RESULT([${WISH_PROG}]) AC_SUBST(WISH_PROG) ]) @@ -719,26 +735,26 @@ # Stubs are always enabled for shared builds if test "$shared_ok" = "yes" ; then AC_MSG_RESULT([shared]) SHARED_BUILD=1 - STUBS_BUILD=1 + STUBS_BUILD=1 else AC_MSG_RESULT([static]) SHARED_BUILD=0 AC_DEFINE(STATIC_BUILD, 1, [This a static build]) - if test "$stubs_ok" = "yes" ; then - STUBS_BUILD=1 - else - STUBS_BUILD=0 - fi + if test "$stubs_ok" = "yes" ; then + STUBS_BUILD=1 + else + STUBS_BUILD=0 + fi fi if test "${STUBS_BUILD}" = "1" ; then AC_DEFINE(USE_TCL_STUBS, 1, [Use Tcl stubs]) AC_DEFINE(USE_TCLOO_STUBS, 1, [Use TclOO stubs]) if test "${TEA_WINDOWINGSYSTEM}" != ""; then - AC_DEFINE(USE_TK_STUBS, 1, [Use Tk stubs]) + AC_DEFINE(USE_TK_STUBS, 1, [Use Tk stubs]) fi fi AC_SUBST(SHARED_BUILD) AC_SUBST(STUBS_BUILD) @@ -1179,25 +1195,25 @@ ;; esac fi if test "$GCC" != "yes" ; then - if test "${SHARED_BUILD}" = "0" ; then + if test "${SHARED_BUILD}" = "0" ; then runtime=-MT - else + else runtime=-MD - fi - case "x`echo \${VisualStudioVersion}`" in - x1[[4-9]]*) - lflags="${lflags} -nodefaultlib:libucrt.lib" - TEA_ADD_LIBS([ucrt.lib]) - ;; - *) - ;; - esac - - if test "$do64bit" != "no" ; then + fi + case "x`echo \${VisualStudioVersion}`" in + x1[[4-9]]*) + lflags="${lflags} -nodefaultlib:libucrt.lib" + TEA_ADD_LIBS([ucrt.lib]) + ;; + *) + ;; + esac + + if test "$do64bit" != "no" ; then CC="cl.exe" RC="rc.exe" lflags="${lflags} -nologo -MACHINE:${MACHINE} " LINKBIN="link.exe" CFLAGS_DEBUG="-nologo -Zi -Od -W3 ${runtime}d" @@ -1279,21 +1295,21 @@ SHLIB_SUFFIX=".dll" SHARED_LIB_SUFFIX='${TCL_TRIM_DOTS}.dll' TCL_LIB_VERSIONS_OK=nodots - ;; + ;; AIX-*) AS_IF([test "$GCC" != "yes"], [ # AIX requires the _r compiler when gcc isn't being used case "${CC}" in *_r|*_r\ *) # ok ... ;; *) # Make sure only first arg gets _r - CC=`echo "$CC" | sed -e 's/^\([[^ ]]*\)/\1_r/'` + CC=`echo "$CC" | sed -e 's/^\([[^ ]]*\)/\1_r/'` ;; esac AC_MSG_RESULT([Using $CC for compiling with threads]) ]) LIBS="$LIBS -lc" @@ -1492,18 +1508,18 @@ LD_SEARCH_FLAGS='-rpath "${LIB_RUNTIME_DIR}"']) # Check to enable 64-bit flags for compiler/linker AS_IF([test "$do64bit" = yes], [ - AS_IF([test "$GCC" = yes], [ - AC_MSG_WARN([64bit mode not supported by gcc]) - ], [ - do64bit_ok=yes - SHLIB_LD="ld -64 -shared -rdata_shared" - CFLAGS="$CFLAGS -64" - LDFLAGS_ARCH="-64" - ]) + AS_IF([test "$GCC" = yes], [ + AC_MSG_WARN([64bit mode not supported by gcc]) + ], [ + do64bit_ok=yes + SHLIB_LD="ld -64 -shared -rdata_shared" + CFLAGS="$CFLAGS -64" + LDFLAGS_ARCH="-64" + ]) ]) ;; Linux*|GNU*|NetBSD-Debian|DragonFly-*|FreeBSD-*) SHLIB_CFLAGS="-fPIC" SHLIB_SUFFIX=".so" @@ -1521,11 +1537,11 @@ # The -pthread needs to go in the LDFLAGS, not LIBS LIBS=`echo $LIBS | sed s/-pthread//` CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $PTHREAD_LIBS"]) ;; - esac + esac AS_IF([test $doRpath = yes], [ CC_SEARCH_FLAGS='"-Wl,-rpath,${LIB_RUNTIME_DIR}"']) LD_SEARCH_FLAGS=${CC_SEARCH_FLAGS} AS_IF([test "`uname -m`" = "alpha"], [CFLAGS="$CFLAGS -mieee"]) @@ -1647,19 +1663,10 @@ && echo "$CFLAGS " |grep -E -q -- '-arch (ppc|i386) '], [ fat_32_64=yes]) ]) # TEA specific: use LDFLAGS_DEFAULT instead of LDFLAGS SHLIB_LD='${CC} -dynamiclib ${CFLAGS} ${LDFLAGS_DEFAULT}' - AC_CACHE_CHECK([if ld accepts -single_module flag], tcl_cv_ld_single_module, [ - hold_ldflags=$LDFLAGS - LDFLAGS="$LDFLAGS -dynamiclib -Wl,-single_module" - AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[int i;]])], - [tcl_cv_ld_single_module=yes],[tcl_cv_ld_single_module=no]) - LDFLAGS=$hold_ldflags]) - AS_IF([test $tcl_cv_ld_single_module = yes], [ - SHLIB_LD="${SHLIB_LD} -Wl,-single_module" - ]) # TEA specific: link shlib with current and compatibility version flags vers=`echo ${PACKAGE_VERSION} | sed -e 's/^\([[0-9]]\{1,5\}\)\(\(\.[[0-9]]\{1,3\}\)\{0,2\}\).*$/\1\2/p' -e d` SHLIB_LD="${SHLIB_LD} -current_version ${vers:-0} -compatibility_version ${vers:-0}" SHLIB_SUFFIX=".dylib" LDFLAGS="$LDFLAGS -headerpad_max_install_names" @@ -1726,13 +1733,13 @@ ;; OSF1-V*) # Digital OSF/1 SHLIB_CFLAGS="" AS_IF([test "$SHARED_BUILD" = 1], [ - SHLIB_LD='ld -shared -expect_unresolved "*"' + SHLIB_LD='ld -shared -expect_unresolved "*"' ], [ - SHLIB_LD='ld -non_shared -expect_unresolved "*"' + SHLIB_LD='ld -non_shared -expect_unresolved "*"' ]) SHLIB_SUFFIX=".so" AS_IF([test $doRpath = yes], [ CC_SEARCH_FLAGS='"-Wl,-rpath,${LIB_RUNTIME_DIR}"' LD_SEARCH_FLAGS='-rpath ${LIB_RUNTIME_DIR}']) @@ -1898,11 +1905,11 @@ AC_CACHE_CHECK([for ld accepts -Bexport flag], tcl_cv_ld_Bexport, [ hold_ldflags=$LDFLAGS LDFLAGS="$LDFLAGS -Wl,-Bexport" AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[int i;]])], [tcl_cv_ld_Bexport=yes],[tcl_cv_ld_Bexport=no]) - LDFLAGS=$hold_ldflags]) + LDFLAGS=$hold_ldflags]) AS_IF([test $tcl_cv_ld_Bexport = yes], [ LDFLAGS="$LDFLAGS -Wl,-Bexport" ]) CC_SEARCH_FLAGS="" LD_SEARCH_FLAGS="" @@ -2017,12 +2024,12 @@ ]], [[ CHAR c; SHORT s; LONG l; ]])], - [tcl_cv_winnt_ignore_void=yes], - [tcl_cv_winnt_ignore_void=no]) + [tcl_cv_winnt_ignore_void=yes], + [tcl_cv_winnt_ignore_void=no]) ) if test "$tcl_cv_winnt_ignore_void" = "yes" ; then AC_DEFINE(HAVE_WINNT_IGNORE_VOID, 1, [Defined when cygwin/mingw ignores VOID define in winnt.h]) fi @@ -2594,13 +2601,13 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[__int64 value = (__int64) 0;]])], [tcl_type_64bit=__int64],[tcl_type_64bit="long long"]) # See if we could use long anyway Note that we substitute in the # type that is our current guess for a 64-bit type inside this check # program, so it should be modified only carefully... - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[switch (0) { - case 1: case (sizeof(${tcl_type_64bit})==sizeof(long)): ; - }]])],[tcl_cv_type_64bit=${tcl_type_64bit}],[])]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[switch (0) { + case 1: case (sizeof(${tcl_type_64bit})==sizeof(long)): ; + }]])],[tcl_cv_type_64bit=${tcl_type_64bit}],[])]) if test "${tcl_cv_type_64bit}" = none ; then AC_DEFINE(TCL_WIDE_INT_IS_LONG, 1, [Do 'long' and 'long long' have the same size (64-bit)?]) AC_MSG_RESULT([yes]) elif test "${tcl_cv_type_64bit}" = "__int64" \ -a "${TEA_PLATFORM}" = "windows" ; then @@ -2641,11 +2648,11 @@ fi AC_CACHE_CHECK([for DIR64], tcl_cv_DIR64,[ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include #include ]], [[struct dirent64 *p; DIR64 d = opendir64("."); - p = readdir64(d); rewinddir64(d); closedir64(d);]])], + p = readdir64(d); rewinddir64(d); closedir64(d);]])], [tcl_cv_DIR64=yes], [tcl_cv_DIR64=no])]) if test "x${tcl_cv_DIR64}" = "xyes" ; then AC_DEFINE(HAVE_DIR64, 1, [Is 'DIR64' in ?]) fi @@ -2664,12 +2671,12 @@ ]])], [tcl_cv_type_off64_t=yes], [tcl_cv_type_off64_t=no])]) dnl Define HAVE_TYPE_OFF64_T only when the off64_t type and the dnl functions lseek64 and open64 are defined. if test "x${tcl_cv_type_off64_t}" = "xyes" && \ - test "x${ac_cv_func_lseek64}" = "xyes" && \ - test "x${ac_cv_func_open64}" = "xyes" ; then + test "x${ac_cv_func_lseek64}" = "xyes" && \ + test "x${ac_cv_func_open64}" = "xyes" ; then AC_DEFINE(HAVE_TYPE_OFF64_T, 1, [Is off64_t in ?]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi @@ -3197,15 +3204,18 @@ # substituted. (@@@ Might not be necessary anymore) #-------------------------------------------------------------------- PACKAGE_LIB_PREFIX8="${PACKAGE_LIB_PREFIX}" PACKAGE_LIB_PREFIX9="${PACKAGE_LIB_PREFIX}tcl9" - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then PACKAGE_LIB_PREFIX="${PACKAGE_LIB_PREFIX9}" else PACKAGE_LIB_PREFIX="${PACKAGE_LIB_PREFIX8}" AC_DEFINE(TCL_MAJOR_VERSION, 8, [Compile for Tcl8?]) + fi + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tk8}" != x; then + AC_DEFINE(TK_MAJOR_VERSION, 8, [Compile for Tk8?]) fi if test "${TEA_PLATFORM}" = "windows" ; then if test "${SHARED_BUILD}" = "1" ; then # We force the unresolved linking of symbols that are really in # the private libraries of Tcl and Tk. @@ -3226,11 +3236,11 @@ eval eval "PKG_LIB_FILE8=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else eval eval "PKG_STUB_LIB_FILE=${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi if test "$GCC" = "yes"; then @@ -3254,11 +3264,11 @@ eval eval "PKG_LIB_FILE8=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE9=lib${PACKAGE_LIB_PREFIX9}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" eval eval "PKG_LIB_FILE=lib${PACKAGE_LIB_PREFIX}${PACKAGE_NAME}${UNSHARED_LIB_SUFFIX}" fi # Some packages build their own stubs libraries - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub.a" else eval eval "PKG_STUB_LIB_FILE=lib${PACKAGE_LIB_PREFIX8}${PACKAGE_NAME}stub${UNSHARED_LIB_SUFFIX}" fi fi @@ -3400,21 +3410,21 @@ # public and private headers in the same set. # We want to ensure these are substituted so as not to require # any *_NATIVE vars be defined in the Makefile TCL_INCLUDES="-I${TCL_GENERIC_DIR_NATIVE} -I${TCL_PLATFORM_DIR_NATIVE}" if test "`uname -s`" = "Darwin"; then - # If Tcl was built as a framework, attempt to use - # the framework's Headers and PrivateHeaders directories - case ${TCL_DEFS} in - *TCL_FRAMEWORK*) + # If Tcl was built as a framework, attempt to use + # the framework's Headers and PrivateHeaders directories + case ${TCL_DEFS} in + *TCL_FRAMEWORK*) if test -d "${TCL_BIN_DIR}/Headers" -a \ -d "${TCL_BIN_DIR}/PrivateHeaders"; then TCL_INCLUDES="-I\"${TCL_BIN_DIR}/Headers\" -I\"${TCL_BIN_DIR}/PrivateHeaders\" ${TCL_INCLUDES}" else TCL_INCLUDES="${TCL_INCLUDES} ${TCL_INCLUDE_SPEC} `echo "${TCL_INCLUDE_SPEC}" | sed -e 's/Headers/PrivateHeaders/'`" fi - ;; + ;; esac result="Using ${TCL_INCLUDES}" else if test ! -f "${TCL_SRC_DIR}/generic/tclInt.h" ; then AC_MSG_ERROR([Cannot find private header tclInt.h in ${TCL_SRC_DIR}]) @@ -3851,14 +3861,14 @@ AC_DEFUN([TEA_LOAD_CONFIG], [ AC_MSG_CHECKING([for existence of ${$1_BIN_DIR}/$1Config.sh]) if test -f "${$1_BIN_DIR}/$1Config.sh" ; then - AC_MSG_RESULT([loading]) + AC_MSG_RESULT([loading]) . "${$1_BIN_DIR}/$1Config.sh" else - AC_MSG_RESULT([file not found]) + AC_MSG_RESULT([file not found]) fi # # If the $1_BIN_DIR is the build directory (not the install directory), # then set the common variable name to the value of the build variables. @@ -3868,15 +3878,15 @@ # installed and uninstalled version of Tcl. # if test -f "${$1_BIN_DIR}/Makefile" ; then AC_MSG_WARN([Found Makefile - using build library specs for $1]) - $1_LIB_SPEC=${$1_BUILD_LIB_SPEC} - $1_STUB_LIB_SPEC=${$1_BUILD_STUB_LIB_SPEC} - $1_STUB_LIB_PATH=${$1_BUILD_STUB_LIB_PATH} - $1_INCLUDE_SPEC=${$1_BUILD_INCLUDE_SPEC} - $1_LIBRARY_PATH=${$1_LIBRARY_PATH} + $1_LIB_SPEC=${$1_BUILD_LIB_SPEC} + $1_STUB_LIB_SPEC=${$1_BUILD_STUB_LIB_SPEC} + $1_STUB_LIB_PATH=${$1_BUILD_STUB_LIB_PATH} + $1_INCLUDE_SPEC=${$1_BUILD_INCLUDE_SPEC} + $1_LIBRARY_PATH=${$1_LIBRARY_PATH} fi AC_SUBST($1_VERSION) AC_SUBST($1_BIN_DIR) AC_SUBST($1_SRC_DIR) @@ -3953,11 +3963,11 @@ eval $1_STUB_LIB_FLAG="-l$1stub${PACKAGE_VERSION}" else eval $1_LIB_FLAG="-l$1`echo ${PACKAGE_VERSION} | tr -d .`" eval $1_STUB_LIB_FLAG="-l$1stub`echo ${PACKAGE_VERSION} | tr -d .`" fi - if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" == x; then + if test "${TCL_MAJOR_VERSION}" -gt 8 -a x"${with_tcl8}" = x; then eval $1_STUB_LIB_FLAG="-l$1stub" fi $1_BUILD_LIB_SPEC="-L`$CYGPATH $(pwd)` ${$1_LIB_FLAG}" $1_LIB_SPEC="-L`$CYGPATH ${pkglibdir}` ${$1_LIB_FLAG}" @@ -4046,56 +4056,56 @@ AC_MSG_CHECKING([for macher]) AC_CACHE_VAL(ac_cv_path_macher, [ search_path=`echo ${PATH} | sed -e 's/:/ /g'` for dir in $search_path ; do - for j in `ls -r $dir/macher 2> /dev/null` \ - `ls -r $dir/macher 2> /dev/null` ; do - if test x"$ac_cv_path_macher" = x ; then - if test -f "$j" ; then - ac_cv_path_macher=$j - break - fi - fi - done + for j in `ls -r $dir/macher 2> /dev/null` \ + `ls -r $dir/macher 2> /dev/null` ; do + if test x"$ac_cv_path_macher" = x ; then + if test -f "$j" ; then + ac_cv_path_macher=$j + break + fi + fi + done done ]) if test -f "$ac_cv_path_macher" ; then - MACHER_PROG="$ac_cv_path_macher" - AC_MSG_RESULT([$MACHER_PROG]) - AC_MSG_RESULT([Found macher in environment]) + MACHER_PROG="$ac_cv_path_macher" + AC_MSG_RESULT([$MACHER_PROG]) + AC_MSG_RESULT([Found macher in environment]) fi AC_MSG_CHECKING([for zip]) AC_CACHE_VAL(ac_cv_path_zip, [ search_path=`echo ${PATH} | sed -e 's/:/ /g'` for dir in $search_path ; do - for j in `ls -r $dir/zip 2> /dev/null` \ - `ls -r $dir/zip 2> /dev/null` ; do - if test x"$ac_cv_path_zip" = x ; then - if test -f "$j" ; then - ac_cv_path_zip=$j - break - fi - fi - done + for j in `ls -r $dir/zip 2> /dev/null` \ + `ls -r $dir/zip 2> /dev/null` ; do + if test x"$ac_cv_path_zip" = x ; then + if test -f "$j" ; then + ac_cv_path_zip=$j + break + fi + fi + done done ]) if test -f "$ac_cv_path_zip" ; then - ZIP_PROG="$ac_cv_path_zip" - AC_MSG_RESULT([$ZIP_PROG]) - ZIP_PROG_OPTIONS="-rq" - ZIP_PROG_VFSSEARCH="*" - AC_MSG_RESULT([Found INFO Zip in environment]) - # Use standard arguments for zip + ZIP_PROG="$ac_cv_path_zip" + AC_MSG_RESULT([$ZIP_PROG]) + ZIP_PROG_OPTIONS="-rq" + ZIP_PROG_VFSSEARCH="*" + AC_MSG_RESULT([Found INFO Zip in environment]) + # Use standard arguments for zip else - # It is not an error if an installed version of Zip can't be located. - # We can use the locally distributed minizip instead - ZIP_PROG="./minizip${EXEEXT_FOR_BUILD}" - ZIP_PROG_OPTIONS="-o -r" - ZIP_PROG_VFSSEARCH="*" - ZIP_INSTALL_OBJS="minizip${EXEEXT_FOR_BUILD}" - AC_MSG_RESULT([No zip found on PATH. Building minizip]) + # It is not an error if an installed version of Zip can't be located. + # We can use the locally distributed minizip instead + ZIP_PROG="./minizip${EXEEXT_FOR_BUILD}" + ZIP_PROG_OPTIONS="-o -r" + ZIP_PROG_VFSSEARCH="*" + ZIP_INSTALL_OBJS="minizip${EXEEXT_FOR_BUILD}" + AC_MSG_RESULT([No zip found on PATH. Building minizip]) fi AC_SUBST(MACHER_PROG) AC_SUBST(ZIP_PROG) AC_SUBST(ZIP_PROG_OPTIONS) AC_SUBST(ZIP_PROG_VFSSEARCH) Index: tests/all.tcl ================================================================== --- tests/all.tcl +++ tests/all.tcl @@ -5,11 +5,10 @@ # in this directory. # # Copyright (c) 1998-2000 by Ajuba Solutions. # All rights reserved. # -# RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $ set path [file normalize [file dirname [file join [pwd] [info script]]]] #set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]] set auto_path [linsert $auto_path 0 [file dirname $path] [file normalize [pwd]]] Index: tests/badssl.csv ================================================================== --- tests/badssl.csv +++ tests/badssl.csv @@ -38,11 +38,11 @@ BadSSL,invalid-expected-sct,,,badssl invalid-expected-sct.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1 BadSSL,long-extended-subdomain-name-containing-many-letters-and-dashes,,,badssl long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.com,,,,,, BadSSL,longextendedsubdomainnamewithoutdashesinordertotestwordwrapping,,,badssl longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com,,,,,, BadSSL,mitm-software,,,badssl mitm-software.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1 BadSSL,no-common-name,,,badssl no-common-name.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1 -BadSSL,no-sct,,,badssl no-sct.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1 +BadSSL,no-sct,,,badssl no-sct.badssl.com,,,,,, BadSSL,no-subject,,,badssl no-subject.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1 BadSSL,null,,,badssl null.badssl.com,,glob,handshake failed: * alert handshake failure,,,1 BadSSL,pinning-test,,,badssl pinning-test.badssl.com,,,,,, BadSSL,preact-cli,,,badssl preact-cli.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1 BadSSL,preloaded-hsts,,,badssl preloaded-hsts.badssl.com,,,,,, @@ -49,11 +49,11 @@ BadSSL,rc4-md5,,,badssl rc4-md5.badssl.com,,glob,handshake failed: * alert handshake failure,,,1 BadSSL,rc4,,,badssl rc4.badssl.com,,glob,handshake failed: * alert handshake failure,,,1 BadSSL,revoked,,,badssl revoked.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1 BadSSL,rsa2048,,,badssl rsa2048.badssl.com,,,,,, BadSSL,rsa4096,,,badssl rsa4096.badssl.com,,,,,, -BadSSL,rsa8192,,,badssl rsa8192.badssl.com,,,,,, +BadSSL,rsa8192,,,badssl rsa8192.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1 BadSSL,self-signed,old_api,,badssl self-signed.badssl.com,,,"handshake failed: certificate verify failed due to ""self signed certificate""",,,1 BadSSL,self-signed,new_api,,badssl self-signed.badssl.com,,,"handshake failed: certificate verify failed due to ""self-signed certificate""",,,1 BadSSL,sha1-2016,,,badssl sha1-2016.badssl.com,,,"handshake failed: certificate verify failed due to ""unable to get local issuer certificate""",,,1 BadSSL,sha1-2017,old_api,,badssl sha1-2017.badssl.com,,,"handshake failed: certificate verify failed due to ""certificate has expired""",,,1 BadSSL,sha1-2017,new_api,,badssl sha1-2017.badssl.com,,,"handshake failed: certificate verify failed due to ""CA signature digest algorithm too weak""",,,1 Index: tests/badssl.test ================================================================== --- tests/badssl.test +++ tests/badssl.test @@ -147,11 +147,11 @@ badssl no-common-name.badssl.com } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1} test BadSSL-1.33 {no-sct} -body { badssl no-sct.badssl.com - } -result {handshake failed: certificate verify failed due to "unable to get local issuer certificate"} -returnCodes {1} + } test BadSSL-1.34 {no-subject} -body { badssl no-subject.badssl.com } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1} @@ -179,11 +179,11 @@ badssl rc4.badssl.com } -match {glob} -result {handshake failed: * alert handshake failure} -returnCodes {1} test BadSSL-1.41 {revoked} -body { badssl revoked.badssl.com - } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1} + } test BadSSL-1.42 {rsa2048} -body { badssl rsa2048.badssl.com } @@ -191,11 +191,11 @@ badssl rsa4096.badssl.com } test BadSSL-1.44 {rsa8192} -body { badssl rsa8192.badssl.com - } + } -result {handshake failed: certificate verify failed due to "certificate has expired"} -returnCodes {1} test BadSSL-1.45 {self-signed} -constraints {old_api} -body { badssl self-signed.badssl.com } -result {handshake failed: certificate verify failed due to "self signed certificate"} -returnCodes {1} Index: tests/certs/README.txt ================================================================== --- tests/certs/README.txt +++ tests/certs/README.txt Index: tests/ciphers.csv ================================================================== --- tests/ciphers.csv +++ tests/ciphers.csv @@ -1,10 +1,10 @@ # Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes command,package require tls,,,,,,,,, command,,,,,,,,,, command,# Make sure path includes location of OpenSSL executable,,,,,,,,, -command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] "";"" $::env(path)}",,,,,,,,, +command,"if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin "";""] $::env(path)]}",,,,,,,,, command,,,,,,,,,, command,# Constraints,,,,,,,,, command,set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3],,,,,,,,, command,foreach protocol $protocols {::tcltest::testConstraint $protocol 0},,,,,,,,, command,foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1},,,,,,,,, Index: tests/ciphers.test ================================================================== --- tests/ciphers.test +++ tests/ciphers.test @@ -9,20 +9,35 @@ set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path] package require tls # Make sure path includes location of OpenSSL executable -if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin] ";" $::env(path)} +if {[info exists ::env(OPENSSL)]} {set ::env(path) [string cat [file join $::env(OPENSSL) bin ";"] $::env(path)]} # Constraints set protocols [list ssl2 ssl3 tls1 tls1.1 tls1.2 tls1.3] foreach protocol $protocols {::tcltest::testConstraint $protocol 0} foreach protocol [::tls::protocols] {::tcltest::testConstraint $protocol 1} ::tcltest::testConstraint OpenSSL [string match "OpenSSL*" [::tls::version]] # Helper functions -proc lcompare {list1 list2} {set m "";set u "";foreach i $list1 {if {$i ni $list2} {lappend m $i}};foreach i $list2 {if {$i ni $list1} {lappend u $i}};return [list "missing" $m "unexpected" $u]} +proc lcompare {list1 list2} { + set m "" + set u "" + foreach i $list1 { + if {$i ni $list2} { + lappend m $i + } + } + foreach i $list2 { + if {$i ni $list1} { + lappend u $i + } + } + return [list "missing" $m "unexpected" $u] +} + proc exec_get {delim args} {return [split [exec openssl {*}$args] $delim]} # Test protocols @@ -31,85 +46,85 @@ } -result {missing {ssl2 ssl3} unexpected {}} # Test ciphers -test CiphersAll-2.1 {SSL2} -constraints {ssl2} -body { +test Ciphers_By_Protocol-2.1 {SSL2} -constraints {ssl2} -body { lcompare [exec_get ":" ciphers -ssl2] [::tls::ciphers ssl2] } -result {missing {} unexpected {}} -test CiphersAll-2.2 {SSL3} -constraints {ssl3} -body { +test Ciphers_By_Protocol-2.2 {SSL3} -constraints {ssl3} -body { lcompare [exec_get ":" ciphers -ssl3] [::tls::ciphers ssl3] } -result {missing {} unexpected {}} -test CiphersAll-2.3 {TLS1} -constraints {tls1} -body { +test Ciphers_By_Protocol-2.3 {TLS1.0} -constraints {tls1} -body { lcompare [exec_get ":" ciphers -tls1] [::tls::ciphers tls1] } -result {missing {} unexpected {}} -test CiphersAll-2.4 {TLS1.1} -constraints {tls1.1} -body { +test Ciphers_By_Protocol-2.4 {TLS1.1} -constraints {tls1.1} -body { lcompare [exec_get ":" ciphers -tls1_1] [::tls::ciphers tls1.1] } -result {missing {} unexpected {}} -test CiphersAll-2.5 {TLS1.2} -constraints {tls1.2} -body { +test Ciphers_By_Protocol-2.5 {TLS1.2} -constraints {tls1.2} -body { lcompare [exec_get ":" ciphers -tls1_2] [::tls::ciphers tls1.2] } -result {missing {} unexpected {}} -test CiphersAll-2.6 {TLS1.3} -constraints {tls1.3} -body { +test Ciphers_By_Protocol-2.6 {TLS1.3} -constraints {tls1.3} -body { lcompare [exec_get ":" ciphers -tls1_3] [::tls::ciphers tls1.3] } -result {missing {} unexpected {}} # Test cipher descriptions -test CiphersDesc-3.1 {SSL2} -constraints {ssl2} -body { +test Ciphers_With_Descriptions-3.1 {SSL2} -constraints {ssl2} -body { lcompare [exec_get "\r\n" ciphers -ssl2 -v] [split [string trim [::tls::ciphers ssl2 1]] \n] } -result {missing {} unexpected {}} -test CiphersDesc-3.2 {SSL3} -constraints {ssl3} -body { +test Ciphers_With_Descriptions-3.2 {SSL3} -constraints {ssl3} -body { lcompare [exec_get "\r\n" ciphers -ssl3 -v] [split [string trim [::tls::ciphers ssl3 1]] \n] } -result {missing {} unexpected {}} -test CiphersDesc-3.3 {TLS1} -constraints {tls1} -body { +test Ciphers_With_Descriptions-3.3 {TLS1.0} -constraints {tls1} -body { lcompare [exec_get "\r\n" ciphers -tls1 -v] [split [string trim [::tls::ciphers tls1 1]] \n] } -result {missing {} unexpected {}} -test CiphersDesc-3.4 {TLS1.1} -constraints {tls1.1} -body { +test Ciphers_With_Descriptions-3.4 {TLS1.1} -constraints {tls1.1} -body { lcompare [exec_get "\r\n" ciphers -tls1_1 -v] [split [string trim [::tls::ciphers tls1.1 1]] \n] } -result {missing {} unexpected {}} -test CiphersDesc-3.5 {TLS1.2} -constraints {tls1.2} -body { +test Ciphers_With_Descriptions-3.5 {TLS1.2} -constraints {tls1.2} -body { lcompare [exec_get "\r\n" ciphers -tls1_2 -v] [split [string trim [::tls::ciphers tls1.2 1]] \n] } -result {missing {} unexpected {}} -test CiphersDesc-3.6 {TLS1.3} -constraints {tls1.3} -body { +test Ciphers_With_Descriptions-3.6 {TLS1.3} -constraints {tls1.3} -body { lcompare [exec_get "\r\n" ciphers -tls1_3 -v] [split [string trim [::tls::ciphers tls1.3 1]] \n] } -result {missing {} unexpected {}} # Test protocol specific ciphers -test CiphersSpecific-4.1 {SSL2} -constraints {ssl2} -body { +test Ciphers_Protocol_Specific-4.1 {SSL2} -constraints {ssl2} -body { lcompare [exec_get ":" ciphers -ssl2 -s] [::tls::ciphers ssl2 0 1] } -result {missing {} unexpected {}} -test CiphersSpecific-4.2 {SSL3} -constraints {ssl3} -body { +test Ciphers_Protocol_Specific-4.2 {SSL3} -constraints {ssl3} -body { lcompare [exec_get ":" ciphers -ssl3 -s] [::tls::ciphers ssl3 0 1] } -result {missing {} unexpected {}} -test CiphersSpecific-4.3 {TLS1} -constraints {tls1} -body { +test Ciphers_Protocol_Specific-4.3 {TLS1.0} -constraints {tls1} -body { lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1] } -result {missing {} unexpected {}} -test CiphersSpecific-4.4 {TLS1.1} -constraints {tls1.1} -body { +test Ciphers_Protocol_Specific-4.4 {TLS1.1} -constraints {tls1.1} -body { lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1] } -result {missing {} unexpected {}} -test CiphersSpecific-4.5 {TLS1.2} -constraints {tls1.2} -body { +test Ciphers_Protocol_Specific-4.5 {TLS1.2} -constraints {tls1.2} -body { lcompare [exec_get ":" ciphers -tls1_2 -s] [::tls::ciphers tls1.2 0 1] } -result {missing {} unexpected {}} -test CiphersSpecific-4.6 {TLS1.3} -constraints {tls1.3} -body { +test Ciphers_Protocol_Specific-4.6 {TLS1.3} -constraints {tls1.3} -body { lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1] } -result {missing {} unexpected {}} # Test version Index: tests/common.tcl ================================================================== --- tests/common.tcl +++ tests/common.tcl @@ -1,5 +1,6 @@ +#!/usr/bin/env tclsh # Common Constraints package require tls # Supported protocols Index: tests/keytest2.tcl ================================================================== --- tests/keytest2.tcl +++ tests/keytest2.tcl @@ -1,6 +1,6 @@ -#! /usr/bin/env tclsh +#!/usr/bin/env tclsh set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]] package require tls set s [tls::socket 127.0.0.1 12300] Index: tests/make_test_files.tcl ================================================================== --- tests/make_test_files.tcl +++ tests/make_test_files.tcl @@ -72,10 +72,11 @@ set in [open $filename r] array set cases [list] # Open output test file set out [open [format %s.test [file rootname $filename]] w] + fconfigure $out -encoding utf-8 -translation {auto lf} array set cases [list] # Add setup commands to test file puts $out [format "# Auto generated test cases for %s" [file tail $filename]] #puts $out [format "# Auto generated test cases for %s created on %s" [file tail $filename] [clock format [clock seconds]]] Index: tests/oldTests/client.pem ================================================================== --- tests/oldTests/client.pem +++ tests/oldTests/client.pem Index: tests/oldTests/server.pem ================================================================== --- tests/oldTests/server.pem +++ tests/oldTests/server.pem @@ -269,11 +269,11 @@ cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA -TfdbFZtAAD2Hx9jUtY3tfdrJOb8= +TfdbFZtAAD2Hx9jUtY3tfdrJOb8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5 Index: tests/oldTests/tls.tcl ================================================================== --- tests/oldTests/tls.tcl +++ tests/oldTests/tls.tcl @@ -1,11 +1,11 @@ # # Copyright (C) 1997-2000 Matt Newman # set dir [file dirname [info script]] regsub {\.} [info tclversion] {} vshort -if {$tcl_platform(platform) == "windows"} { +if {$tcl_platform(platform) eq "windows"} { if {[info exists tcl_platform(debug)]} { load $dir/../win/Debug$vshort/tls.dll } else { load $dir/../win/Release$vshort/tls.dll } Index: tests/oldTests/tlsAuto.tcl ================================================================== --- tests/oldTests/tlsAuto.tcl +++ tests/oldTests/tlsAuto.tcl @@ -15,11 +15,11 @@ } if {[eof $chan]} { close $chan set ::/Exit 1 } - if {$data != ""} { + if {$data ne ""} { puts -nonewline stderr "$data" } } proc doit {chan count {delay 1000}} { if {$count == 0} { Index: tests/oldTests/tlsBlocking.tcl ================================================================== --- tests/oldTests/tlsBlocking.tcl +++ tests/oldTests/tlsBlocking.tcl Index: tests/oldTests/tlsCiphers.tcl ================================================================== --- tests/oldTests/tlsCiphers.tcl +++ tests/oldTests/tlsCiphers.tcl Index: tests/oldTests/tlsHttp.tcl ================================================================== --- tests/oldTests/tlsHttp.tcl +++ tests/oldTests/tlsHttp.tcl @@ -10,11 +10,11 @@ # # Initialize context # #tls::init -certfile client.pem -cafile server.pem -ssl2 1 -ssl3 1 -tls1 0 ;#-cipher RC4-MD5 -tls::init -cafile server.pem +tls::init -cafile server.pem # # Register with http module # http::register https 443 [list ::tls::socket -require 1] Index: tests/oldTests/tlsSrv.tcl ================================================================== --- tests/oldTests/tlsSrv.tcl +++ tests/oldTests/tlsSrv.tcl @@ -17,12 +17,12 @@ if {[catch {read $chan 1024} data]} { puts stderr "EOF ($data)" catch {close $chan} return } - - if {$verbose && $data != ""} { + + if {$verbose && $data ne ""} { puts -nonewline stderr $data } if {[eof $chan]} { ;# client gone or finished puts stderr "EOF" close $chan ;# release the servers client channel @@ -42,13 +42,13 @@ puts [tls::status $chan] fconfigure $chan -buffering none -blocking 0 fileevent $chan readable [list reflectCB $chan 1] } -#tls::init -cafile server.pem -certfile server.pem +#tls::init -cafile server.pem -certfile server.pem tls::init -cafile server.pem -#tls::init +#tls::init set chan [tls::socket -server acceptCB \ -request 1 -require 0 1234] # -require 1 -command tls::callback 1234] Index: tests/oldTests/tlsSrv2.tcl ================================================================== --- tests/oldTests/tlsSrv2.tcl +++ tests/oldTests/tlsSrv2.tcl @@ -16,12 +16,12 @@ if {[catch {read $chan 1024} data]} { puts stderr "EOF ($data)" catch {close $chan} return } - - if {$verbose && $data != ""} { + + if {$verbose && $data ne ""} { puts -nonewline stderr $data } if {[eof $chan]} { ;# client gone or finished puts stderr "EOF" close $chan ;# release the servers client channel Index: tests/oldTests/tlsUpload.tcl ================================================================== --- tests/oldTests/tlsUpload.tcl +++ tests/oldTests/tlsUpload.tcl @@ -15,11 +15,11 @@ } if {[eof $chan]} { close $chan set ::/Exit 1 } - if {$data != ""} { + if {$data ne ""} { puts -nonewline stderr "$data" } } proc doit {chan count {delay 1000}} { if {$count == 0} { Index: tests/remote.tcl ================================================================== --- tests/remote.tcl +++ tests/remote.tcl @@ -1,5 +1,7 @@ +#!/usr/bin/env tclsh +# # This file contains Tcl code to implement a remote server that can be # used during testing of Tcl socket code. This server is used by some # of the tests in socket.test. # # Source this file in the remote server you are using to test Tcl against. @@ -7,11 +9,10 @@ # Copyright (c) 1995-1996 Sun Microsystems, Inc. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: remote.tcl,v 1.6 2004/02/11 22:41:25 razzell Exp $ # load tls package package require tls # Initialize message delimitor @@ -58,18 +59,18 @@ proc __readAndExecute__ {s} { global command VERBOSE set l [gets $s] - if {[string compare $l "--Marker--Marker--Marker--"] == 0} { + if {$l eq "--Marker--Marker--Marker--"} { if {[info exists command($s)]} { puts $s [list error incomplete_command] } puts $s "--Marker--Marker--Marker--" return } - if {[string compare $l ""] == 0} { + if {$l eq ""} { if {[eof $s]} { if {$VERBOSE} { puts "Server closing $s, eof from client" } close $s @@ -101,11 +102,11 @@ fconfigure $s -buffering line -translation crlf } set serverIsSilent 0 for {set i 0} {$i < $argc} {incr i} { - if {[string compare -serverIsSilent [lindex $argv $i]] == 0} { + if {[lindex $argv $i] eq "-serverIsSilent"} { set serverIsSilent 1 break } } if {![info exists serverPort]} { @@ -113,11 +114,11 @@ set serverPort $env(serverPort) } } if {![info exists serverPort]} { for {set i 0} {$i < $argc} {incr i} { - if {[string compare -port [lindex $argv $i]] == 0} { + if {[lindex $argv $i] eq "-port"} { if {$i < [expr $argc - 1]} { set serverPort [lindex $argv [expr $i + 1]] } break } @@ -132,11 +133,11 @@ set serverAddress $env(serverAddress) } } if {![info exists serverAddress]} { for {set i 0} {$i < $argc} {incr i} { - if {[string compare -address [lindex $argv $i]] == 0} { + if {[lindex $argv $i] eq "-address"} { if {$i < [expr $argc - 1]} { set serverAddress [lindex $argv [expr $i + 1]] } break } Index: tests/simpleClient.tcl ================================================================== --- tests/simpleClient.tcl +++ tests/simpleClient.tcl @@ -61,11 +61,11 @@ #dputs "EOF $chan ([shortstr $data])" incr OPTS(openports) -1 catch {close $chan} return } - #if {$data != ""} { dputs "got $chan ([shortstr $data])" } + #if {$data ne ""} { dputs "got $chan ([shortstr $data])" } if {[string match *CLOSE\n $data]} { dputs "CLOSE $chan" incr OPTS(openports) -1 close $chan return Index: tests/simpleServer.tcl ================================================================== --- tests/simpleServer.tcl +++ tests/simpleServer.tcl @@ -40,11 +40,11 @@ if {[catch {read $chan} data]} { #dputs "EOF $chan ([shortstr $data)" catch {close $chan} return } - #if {$data != ""} { dputs "got $chan ([shortstr $data])" } + #if {$data ne ""} { dputs "got $chan ([shortstr $data])" } if {[eof $chan]} { # client gone or finished dputs "EOF $chan" close $chan ;# release the port return Index: tests/tlsIO.test ================================================================== --- tests/tlsIO.test +++ tests/tlsIO.test @@ -3,59 +3,58 @@ # This file contains a collection of tests for one or more of the Tcl # built-in commands. Sourcing this file into Tcl runs the tests and # generates output for errors. No output means no errors were found. # # Copyright (c) 1994-1996 Sun Microsystems, Inc. -# Copyright (c) 1998-2000 Ajuba Solutions. +# Copyright (c) 1998-2000 Ajuba Solutions. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: tlsIO.test,v 1.24 2015/06/06 09:07:08 apnadkarni Exp $ # Running socket tests with a remote server: # ------------------------------------------ -# +# # Some tests in socket.test depend on the existence of a remote server to # which they connect. The remote server must be an instance of tcltest and it # must run the script found in the file "remote.tcl" in this directory. You # can start the remote server on any machine reachable from the machine on # which you want to run the socket tests, by issuing: -# +# # tcltest remote.tcl -port 8048 # Or choose another port number. -# +# # If the machine you are running the remote server on has several IP # interfaces, you can choose which interface the server listens on for # connections by specifying the -address command line flag, so: -# +# # tcltest remote.tcl -address your.machine.com -# +# # These options can also be set by environment variables. On Unix, you can # type these commands to the shell from which the remote server is started: -# +# # shell% setenv serverPort 8048 # shell% setenv serverAddress your.machine.com -# +# # and subsequently you can start the remote server with: -# +# # tcltest remote.tcl -# +# # to have it listen on port 8048 on the interface your.machine.com. -# +# # When the server starts, it prints out a detailed message containing its # configuration information, and it will block until killed with a Ctrl-C. # Once the remote server exists, you can run the tests in socket.test with # the server by setting two Tcl variables: -# +# # % set remoteServerIP # % set remoteServerPort 8048 -# +# # These variables are also settable from the environment. On Unix, you can: -# +# # shell% setenv remoteServerIP machine.where.server.runs # shell% setenv remoteServerPort 8048 -# +# # The preamble of the socket.test file checks to see if the variables are set # either in Tcl or in the environment; if they are, it attempts to connect to # the server. If the connection is successful, the tests using the remote # server will be performed; otherwise, it will attempt to start the remote # server (via exec) on platforms that support this, on the local host, @@ -85,12 +84,12 @@ set clientKey [file join $certsDir client.key] # Some tests require the testthread and exec commands set ::tcltest::testConstraints(testthread) \ - [expr {[info commands testthread] != {}}] -set ::tcltest::testConstraints(exec) [expr {[info commands exec] != {}}] + [expr {[info commands testthread] ne {}}] +set ::tcltest::testConstraints(exec) [expr {[info commands exec] ne {}}] # # If remoteServerIP or remoteServerPort are not set, check in the # environment variables for externally set values. # @@ -119,11 +118,11 @@ # Some errors are normal. dputs "handshake: $result" } elseif {$result == 1} { # Handshake complete if {[llength $args]} { eval [list fconfigure $s] $args } - if {$cmd == ""} { + if {$cmd eq ""} { fileevent $s $type "" } else { fileevent $s $type "$cmd [list $s]" } dputs "handshake: complete" @@ -136,11 +135,11 @@ # # Check if we're supposed to do tests against the remote server # set doTestsWithRemoteServer 1 -if {![info exists remoteServerIP] && ($tcl_platform(platform) != "macintosh")} { +if {![info exists remoteServerIP] && ($tcl_platform(platform) ne "macintosh")} { set remoteServerIP 127.0.0.1 } if {($doTestsWithRemoteServer == 1) && (![info exists remoteServerPort])} { set remoteServerPort $tlsServerPort } @@ -157,11 +156,11 @@ if {$doTestsWithRemoteServer} { catch {close $commandSocket} if {[catch {set commandSocket [tls::socket \ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ $remoteServerIP $remoteServerPort]}] != 0} { - if {[info commands exec] == ""} { + if {[info commands exec] eq ""} { set noRemoteTestReason "can't exec" set doTestsWithRemoteServer 0 } else { set remoteServerIP 127.0.0.1 set remoteFile [file join [pwd] remote.tcl] @@ -222,12 +221,12 @@ while {1} { set line [gets $commandSocket] if {[eof $commandSocket]} { error "remote server disappeared" } - if {[string compare $line "--Marker--Marker--Marker--"] == 0} { - if {[string compare [lindex $resp 0] error] == 0} { + if {$line eq "--Marker--Marker--Marker--"} { + if {[lindex $resp 0] eq "error"} { error [lindex $resp 1] } else { return [lindex $resp 1] } } else { @@ -566,11 +565,11 @@ set l [gets $s] if {[eof $s]} { global x close $s set x done - } else { + } else { incr i puts $s $l } } set i 0 @@ -1229,11 +1228,11 @@ proc timerproc {} { global done count c set done true set count {timer went off, eof is not sticky} close $c - } + } set count 0 set done false proc write_then_close {s} { puts $s bye close $s @@ -1388,21 +1387,21 @@ -certfile $clientCert -cafile $caCert -keyfile $clientKey \ $remoteServerIP 8836] fconfigure $f -translation crlf -buffering line for {set cnt 0} {$cnt < 50} {incr cnt} { puts $f "hello, $cnt" - if {[string compare [gets $f] "hello, $cnt"] != 0} { + if {[gets $f] ne "hello, $cnt"} { break } } close $f sendCommand {close $socket10_7_test_server} set cnt } 50 # Macintosh sockets can have more than one server per port -if {$tcl_platform(platform) == "macintosh"} { +if {$tcl_platform(platform) eq "macintosh"} { set conflictResult {0 8836} } else { set conflictResult {1 {couldn't open socket: address already in use}} } @@ -1464,11 +1463,11 @@ close $s1 close $s2 close $s3 sendCommand {close $socket10_9_test_server} set i -} 100 +} 100 test tlsIO-11.8 {client with several servers} {socket doTestsWithRemoteServer} { sendCertValues sendCommand { tls::init -certfile $serverCert -cafile $caCert -keyfile $serverKey @@ -1722,11 +1721,11 @@ global failed set status [catch {read $file} data] if {$status != 0} { set x "read failed, error was $data" catch { close $file } - } elseif {[string compare {} $data]} { + } elseif {$data ne {}} { } elseif {[fblocked $file]} { } elseif {[eof $file]} { if {$failed} { set x "$type socket was inherited" } else { @@ -1941,11 +1940,11 @@ set l [gets $s] if {[eof $s]} { global x close $s set x done - } else { + } else { incr i puts $s $l } } set i 0 @@ -1953,15 +1952,15 @@ close $f # thread cleans itself up. testthread exit } script - + # create a thread set serverthread [testthread create { source script } ] update - + after 1000 set s [tls::socket 127.0.0.1 8828] fconfigure $s -buffering line catch { @@ -1971,11 +1970,11 @@ close $s update after 2000 lappend result [threadReap] - + set result } {hello 1} test tlsIO-14.1 {test tls::unimport} {socket} { @@ -1988,11 +1987,11 @@ list [catch {tls::unimport bogus} msg] $msg } {1 {can not find channel named "bogus"}} test tlsIO-14.4 {test tls::unimport} {socket} { # stdin can take different names as the "top" channel list [catch {tls::unimport stdin} msg] \ - [string match {bad channel "*": not a TLS channel} $msg] + [string match {bad channel "*": not a stacked channel} $msg] } {1 1} test tlsIO-14.5 {test tls::unimport} {socket} { set len 0 set spurious 0 set done 0 @@ -2029,16 +2028,16 @@ # Following code is based on what was reported in bug #58. Prior # to fix the program would crash with a segfault. proc Accept {sock args} { fconfigure $sock -blocking 0; fileevent $sock readable [list Handshake $sock] - } + } proc Handshake {sock} { set ::done HAND catch {tls::handshake $sock} msg set ::done $msg - } + } # NOTE: when doing an in-process client/server test, both sides need # to be non-blocking for the TLS handshake # Server - Only accept TLS 1.2 set s [tls::socket \ Index: win/README.txt ================================================================== --- win/README.txt +++ win/README.txt @@ -67,18 +67,11 @@ set INSTALLDIR=%TCLINSTALL%\lib set SSLINSTALL=\path\to\openssl\dir 2a) Unzip distribution to %BUILDDIR% -2b) Start BASH shell (MinGW62 Git shell) - - cd %BUILDDIR% - od -A n -v -t xC < 'library/tls.tcl' > tls.tcl.h.new.1 - sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > generic/tls.tcl.h - rm -f tls.tcl.h.new.1 - -2c) Start Visual Studio shell +2b) Start Visual Studio shell At Visual Studio x64 native prompt: cd %BUILDDIR%\win Index: win/makefile.vc ================================================================== --- win/makefile.vc +++ win/makefile.vc @@ -1,22 +1,26 @@ #------------------------------------------------------------- -*- makefile -*- # -# Makefile for TclTLS extensions. +# Makefile for TCL TLS extension # # Basic build, test and install -# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl -# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl test -# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl install +# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources +# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources test +# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl TCLDIR=c:\path\to\tcl\sources install # # For other build options (debug, static etc.), # See TIP 477 (https://core.tcl-lang.org/tips/doc/main/tip/477.md) for # detailed documentation. # # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # #------------------------------------------------------------------------------ + +#------------------------------------------------------------------------- +# Project specific information +#------------------------------------------------------------------------- # The name of the package PROJECT=tls !include "rules-ext.vc" @@ -30,14 +34,15 @@ $(TMP_DIR)\tlsIO.obj \ $(TMP_DIR)\tlsX509.obj # Define any additional project include flags # SSL_INSTALL_FOLDER = with the OpenSSL installation folder following. -PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" +PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" -I"$(TMP_DIR)" # Define any additional compiler flags that might be required for the project -PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS +PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /D__STDC_WANT_SECURE_LIB__=1 +# /DTCLEXT_TCLTLS_DEBUG # # SSL Libs: # 1. ${LIBCRYPTO}.dll # 2. ${LIBSSL}.dll @@ -47,50 +52,81 @@ # On *nix libcrypto.so.* and libssl.so.* (where suffix is a version indicator). # PRJ_LIBS = \ "$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \ "$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \ - WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB + User32.Lib WS2_32.Lib Gdi32.Lib AdvAPI32.Lib Crypt32.Lib -# Define the standard targets +# Define the standard targets which calls rules.vc !include "targets.vc" +.SUFFIXES: .c .obj .res .man + +#--------------------------------------------------------------------- # Project specific targets +#--------------------------------------------------------------------- -all: default-target +all: setup default-target clean: default-clean - @if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h realclean: default-hose - @if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h + +# Explicit dependency rules +$(PRJ_OBJS): $(TMP_DIR)\tls.tcl.h $(TMP_DIR)\tlsUuid.h # We must define a pkgindex target that will create a pkgIndex.tcl # file in the $(OUT_DIR) directory. We can just redirect to the # default-pkgindex target for our sample extension. pkgindex: default-pkgindex-tea -$(ROOT)\manifest.uuid: - copy $(WIN_DIR)\gitmanifest.in $(ROOT)\manifest.uuid - git rev-parse HEAD >>$(ROOT)\manifest.uuid +# Create a C source file version of the script resources for inclusion in the +# build so that only the compiled library file is needed for this extension to +# load and operate. +$(TMP_DIR)\tls.tcl.h: $(LIBDIR)\tls.tcl + "$(TCLSH)" << $(LIBDIR)\tls.tcl >$(TMP_DIR)\tls.tcl.h + set in [open [lindex $$argv 0] r] + while {[gets $$in line] != -1} { + switch -regexp -- $$line "^$$" - {^\s*#} continue + regsub -all {\\} $$line {\\\\} line + regsub -all {"} $$line {\"} line + puts "\"$$line\\n\"" + } +<< + +# Use manifest file which defines fossil/git commit id for build-info command +$(TMP_DIR)\manifest.uuid: +!if exist($(ROOT)\manifest.uuid) + @copy "$(ROOT)\manifest.uuid" "$(TMP_DIR)\manifest.uuid" +!else +!if exist($(ROOT)\.git) + @copy "$(WIN_DIR)\gitmanifest.in" "$(TMP_DIR)\manifest.uuid" + @for /f "delims=" %i in ('where git') do (set GIT_PATH=%i) + @if [%GIT_PATH%] NEQ [] ( + @git rev-parse HEAD >>$(TMP_DIR)\manifest.uuid + ) else ( + @echo unknown >>$(TMP_DIR)\manifest.uuid + ) +!else + @echo unknown >$(TMP_DIR)\manifest.uuid +!endif +!endif -$(WIN_DIR)\tlsUuid.h: $(ROOT)\manifest.uuid - copy $(WIN_DIR)\tlsUuid.h.in+$(ROOT)\manifest.uuid $(WIN_DIR)\tlsUuid.h - +$(TMP_DIR)\tlsUuid.h: $(TMP_DIR)\manifest.uuid + @copy $(WIN_DIR)\tlsUuid.h.in+$(TMP_DIR)\manifest.uuid $(TMP_DIR)\tlsUuid.h + @echo: >>$(TMP_DIR)\tlsUuid.h # The default install target only installs binaries and scripts so add # an additional target for our documentation. Note this *adds* a target # since no commands are listed after it. The original targets for # install (from targets.vc) will remain. -install: default-pkgindex-tea default-install default-install-docs-html - if exist "$(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll" ( - xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll" "$(PRJ_INSTALL_DIR)" - ) - if exist "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" ( - xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" "$(PRJ_INSTALL_DIR)" - ) - -# Explicit dependency rules -$(GENERICDIR)\tls.c: $(WIN_DIR)\tlsUuid.h +install: pkgindex default-install default-install-docs-html +!if exist($(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll) + xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libcrypto-*-x64.dll" "$(PRJ_INSTALL_DIR)" +!endif +!if exist($(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll) + xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" "$(PRJ_INSTALL_DIR)" +!endif # Test package test: default-test + Index: win/rules.vc ================================================================== --- win/rules.vc +++ win/rules.vc @@ -22,11 +22,11 @@ # The following macros define the version of the rules.vc nmake build system # For modifications that are not backward-compatible, you *must* change # the major version. RULES_VERSION_MAJOR = 1 -RULES_VERSION_MINOR = 11 +RULES_VERSION_MINOR = 13 # The PROJECT macro must be defined by parent makefile. !if "$(PROJECT)" == "" !error *** Error: Macro PROJECT not defined! Please define it before including rules.vc !endif @@ -762,13 +762,13 @@ # If parent makefile has not defined DOTVERSION, try to get it from TEA # first from a configure.in file, and then from configure.ac !ifndef DOTVERSION !if [echo DOTVERSION = \> versions.vc] \ - || [nmakehlp -V $(ROOT)\configure.in AC_INIT >> versions.vc] + || [nmakehlp -V $(ROOT)\configure.in ^[$(PROJECT)^] >> versions.vc] !if [echo DOTVERSION = \> versions.vc] \ - || [nmakehlp -V $(ROOT)\configure.ac AC_INIT >> versions.vc] + || [nmakehlp -V $(ROOT)\configure.ac ^[$(PROJECT)^] >> versions.vc] !error *** Could not figure out extension version. Please define DOTVERSION in parent makefile before including rules.vc. !endif !endif !include versions.vc !endif # DOTVERSION @@ -878,10 +878,14 @@ !endif !if [nmakehlp -f $(OPTS) "tcl8"] !message *** Build for Tcl8 TCL_BUILD_FOR = 8 +!endif +!if [nmakehlp -f $(OPTS) "tk8"] +!message *** Build for Tk8 +TK_BUILD_FOR = 8 !endif !if $(TCL_MAJOR_VERSION) == 8 !if [nmakehlp -f $(OPTS) "time64bit"] !message *** Force 64-bit time_t @@ -1133,20 +1137,20 @@ # # Set up paths to various Tcl executables and libraries needed by extensions # # TIP 430. Unused for 8.6 but no harm defining it to allow a common rules.vc -TCLSCRIPTZIPNAME = libtcl$(TCL_MAJOR_VERSION).$(TCL_MINOR_VERSION)$(TCL_PATCH_LETTER)$(TCL_RELEASE_SERIAL).zip -TKSCRIPTZIPNAME = libtk$(TK_MAJOR_VERSION).$(TK_MINOR_VERSION)$(TK_PATCH_LETTER)$(TK_RELEASE_SERIAL).zip +TCL_ZIP_FILE = libtcl$(TCL_MAJOR_VERSION).$(TCL_MINOR_VERSION)$(TCL_PATCH_LETTER)$(TCL_RELEASE_SERIAL).zip +TK_ZIP_FILE = libtk$(TK_MAJOR_VERSION).$(TK_MINOR_VERSION)$(TK_PATCH_LETTER)$(TK_RELEASE_SERIAL).zip !if $(DOING_TCL) TCLSHNAME = $(PROJECT)sh$(VERSION)$(SUFX).exe TCLSH = $(OUT_DIR)\$(TCLSHNAME) TCLIMPLIB = $(OUT_DIR)\$(PROJECT)$(VERSION)$(SUFX).lib TCLLIBNAME = $(PROJECT)$(VERSION)$(SUFX).$(EXT) TCLLIB = $(OUT_DIR)\$(TCLLIBNAME) -TCLSCRIPTZIP = $(OUT_DIR)\$(TCLSCRIPTZIPNAME) +TCLSCRIPTZIP = $(OUT_DIR)\$(TCL_ZIP_FILE) !if $(TCL_MAJOR_VERSION) == 8 TCLSTUBLIBNAME = $(STUBPREFIX)$(VERSION).lib !else TCLSTUBLIBNAME = $(STUBPREFIX).lib @@ -1178,11 +1182,11 @@ TCLIMPLIB = $(_TCLDIR)\lib\tcl$(TCL_VERSION)t$(SUFX:t=).lib !endif TCL_LIBRARY = $(_TCLDIR)\lib TCLREGLIB = $(_TCLDIR)\lib\tclreg13$(SUFX:t=).lib TCLDDELIB = $(_TCLDIR)\lib\tcldde14$(SUFX:t=).lib -TCLSCRIPTZIP = $(_TCLDIR)\lib\$(TCLSCRIPTZIPNAME) +TCLSCRIPTZIP = $(_TCLDIR)\lib\$(TCL_ZIP_FILE) TCLTOOLSDIR = \must\have\tcl\sources\to\build\this\target TCL_INCLUDES = -I"$(_TCLDIR)\include" !else # Building against Tcl sources @@ -1202,11 +1206,11 @@ TCLIMPLIB = $(_TCLDIR)\win\$(BUILDDIRTOP)\tcl$(TCL_VERSION)t$(SUFX:t=).lib !endif TCL_LIBRARY = $(_TCLDIR)\library TCLREGLIB = $(_TCLDIR)\win\$(BUILDDIRTOP)\tclreg13$(SUFX:t=).lib TCLDDELIB = $(_TCLDIR)\win\$(BUILDDIRTOP)\tcldde14$(SUFX:t=).lib -TCLSCRIPTZIP = $(_TCLDIR)\win\$(BUILDDIRTOP)\$(TCLSCRIPTZIPNAME) +TCLSCRIPTZIP = $(_TCLDIR)\win\$(BUILDDIRTOP)\$(TCL_ZIP_FILE) TCLTOOLSDIR = $(_TCLDIR)\tools TCL_INCLUDES = -I"$(_TCLDIR)\generic" -I"$(_TCLDIR)\win" !endif # TCLINSTALL @@ -1246,16 +1250,16 @@ !else TKSTUBLIBNAME = tkstub.lib !endif !if $(DOING_TK) -WISH = $(OUT_DIR)\$(WISHNAME) +WISH = $(OUT_DIR)\$(WISHNAME) TKSTUBLIB = $(OUT_DIR)\$(TKSTUBLIBNAME) TKIMPLIB = $(OUT_DIR)\$(TKIMPLIBNAME) TKLIB = $(OUT_DIR)\$(TKLIBNAME) TK_INCLUDES = -I"$(WIN_DIR)" -I"$(GENERICDIR)" -TKSCRIPTZIP = $(OUT_DIR)\$(TKSCRIPTZIPNAME) +TKSCRIPTZIP = $(OUT_DIR)\$(TK_ZIP_FILE) !else # effectively NEED_TK !if $(TKINSTALL) # Building against installed Tk WISH = $(_TKDIR)\bin\$(WISHNAME) @@ -1266,11 +1270,11 @@ !if !exist("$(TKIMPLIB)") TKIMPLIBNAME = tk$(TK_VERSION)$(SUFX:t=).lib TKIMPLIB = $(_TKDIR)\lib\$(TKIMPLIBNAME) !endif TK_INCLUDES = -I"$(_TKDIR)\include" -TKSCRIPTZIP = $(_TKDIR)\lib\$(TKSCRIPTZIPNAME) +TKSCRIPTZIP = $(_TKDIR)\lib\$(TK_ZIP_FILE) !else # Building against Tk sources WISH = $(_TKDIR)\win\$(BUILDDIRTOP)\$(WISHNAME) TKSTUBLIB = $(_TKDIR)\win\$(BUILDDIRTOP)\$(TKSTUBLIBNAME) @@ -1280,11 +1284,11 @@ !if !exist("$(TKIMPLIB)") TKIMPLIBNAME = tk$(TK_VERSION)$(SUFX:t=).lib TKIMPLIB = $(_TKDIR)\win\$(BUILDDIRTOP)\$(TKIMPLIBNAME) !endif TK_INCLUDES = -I"$(_TKDIR)\generic" -I"$(_TKDIR)\win" -I"$(_TKDIR)\xlib" -TKSCRIPTZIP = $(_TKDIR)\win\$(BUILDDIRTOP)\$(TKSCRIPTZIPNAME) +TKSCRIPTZIP = $(_TKDIR)\win\$(BUILDDIRTOP)\$(TK_ZIP_FILE) !endif # TKINSTALL tklibs = "$(TKSTUBLIB)" "$(TKIMPLIB)" @@ -1292,11 +1296,12 @@ !endif # $(DOING_TK) || $(NEED_TK) # Various output paths PRJIMPLIB = $(OUT_DIR)\$(PROJECT)$(VERSION)$(SUFX).lib PRJLIBNAME8 = $(PROJECT)$(VERSION)$(SUFX).$(EXT) -PRJLIBNAME9 = tcl9$(PROJECT)$(VERSION)$(SUFX).$(EXT) +# Even when building against Tcl 8, PRJLIBNAME9 must not have "t" +PRJLIBNAME9 = tcl9$(PROJECT)$(VERSION)$(SUFX:t=).$(EXT) !if $(TCL_MAJOR_VERSION) == 8 || "$(TCL_BUILD_FOR)" == "8" PRJLIBNAME = $(PRJLIBNAME8) !else PRJLIBNAME = $(PRJLIBNAME9) !endif @@ -1444,26 +1449,26 @@ !if $(TCL_MAJOR_VERSION) == 8 !if "$(_USE_64BIT_TIME_T)" == "1" OPTDEFINES = $(OPTDEFINES) /D_USE_64BIT_TIME_T=1 !endif - -# _ATL_XP_TARGETING - Newer SDK's need this to build for XP -COMPILERFLAGS = /D_ATL_XP_TARGETING !endif !if "$(TCL_BUILD_FOR)" == "8" OPTDEFINES = $(OPTDEFINES) /DTCL_MAJOR_VERSION=8 !endif +!if "$(TK_BUILD_FOR)" == "8" +OPTDEFINES = $(OPTDEFINES) /DTK_MAJOR_VERSION=8 +!endif # Like the TEA system only set this non empty for non-Tk extensions # Note: some extensions use PACKAGE_NAME and others use PACKAGE_TCLNAME # so we pass both !if !$(DOING_TCL) && !$(DOING_TK) PKGNAMEFLAGS = /DPACKAGE_NAME="\"$(PRJ_PACKAGE_TCLNAME)\"" \ - /DPACKAGE_TCLNAME="\"$(PRJ_PACKAGE_TCLNAME)\"" \ - /DPACKAGE_VERSION="\"$(DOTVERSION)\"" \ - /DMODULE_SCOPE=extern + /DPACKAGE_TCLNAME="\"$(PRJ_PACKAGE_TCLNAME)\"" \ + /DPACKAGE_VERSION="\"$(DOTVERSION)\"" \ + /DMODULE_SCOPE=extern !endif # crt picks the C run time based on selected OPTS !if $(MSVCRT) !if $(DEBUG) && !$(UNCHECKED) @@ -1796,22 +1801,22 @@ FILETYPE VFT_DLL FILESUBTYPE 0x0L BEGIN BLOCK "StringFileInfo" BEGIN - BLOCK "040904b0" - BEGIN - VALUE "FileDescription", "Tcl extension " PROJECT - VALUE "OriginalFilename", PRJLIBNAME - VALUE "FileVersion", DOTVERSION - VALUE "ProductName", "Package " PROJECT " for Tcl" - VALUE "ProductVersion", DOTVERSION - END + BLOCK "040904b0" + BEGIN + VALUE "FileDescription", "Tcl extension " PROJECT + VALUE "OriginalFilename", PRJLIBNAME + VALUE "FileVersion", DOTVERSION + VALUE "ProductName", "Package " PROJECT " for Tcl" + VALUE "ProductVersion", DOTVERSION + END END BLOCK "VarFileInfo" BEGIN - VALUE "Translation", 0x409, 1200 + VALUE "Translation", 0x409, 1200 END END <<