Index: ChangeLog
==================================================================
--- ChangeLog
+++ ChangeLog
@@ -1,5 +1,12 @@
+TclTLS 1.7.22
+==========
+
+Release Date: Mon Oct 12 15:40:16 CDT 2020
+
+https://tcltls.rkeene.org/
+
2015-05-01 Andreas Kupries
* configure.in: Bump to version 1.6.5.
* win/makefile.vc:
* configure: regen with ac-2.59
Index: Makefile.in
==================================================================
--- Makefile.in
+++ Makefile.in
@@ -214,11 +214,11 @@
@echo "If you have documentation to create, place the commands to"
@echo "build the docs in the 'doc:' target. For example:"
@echo " xml2nroff sample.xml > sample.n"
@echo " xml2html sample.xml > sample.html"
-install: all install-binaries install-libraries install-doc
+install: all install-binaries install-libraries install-doc-n install-doc-html
install-binaries: binaries install-lib-binaries install-bin-binaries
#========================================================================
# This rule installs platform-independent files, such as header files.
@@ -229,23 +229,34 @@
@$(INSTALL_DATA_DIR) "$(DESTDIR)$(includedir)"
@echo "Installing header files in $(DESTDIR)$(includedir)"
@list='$(PKG_HEADERS)'; for i in $$list; do \
echo "Installing $(srcdir)/$$i" ; \
$(INSTALL_DATA) $(srcdir)/$$i "$(DESTDIR)$(includedir)" ; \
- done;
+ done
#========================================================================
# Install documentation. Unix manpages should go in the $(mandir)
# directory.
#========================================================================
+
+install-doc-html: doc
+ @$(INSTALL_DATA_DIR) "$(DESTDIR)$(pkglibdir)/html"
+ @list='$(srcdir)/doc/*.html'; for i in $$list; do \
+ if test -f $$i ; then \
+ echo "Installing $$i"; \
+ $(INSTALL_DATA) $$i "$(DESTDIR)$(pkglibdir)/html"; \
+ fi; \
+ done
-install-doc: doc
+install-doc-n: doc
@$(INSTALL_DATA_DIR) "$(DESTDIR)$(mandir)/mann"
@echo "Installing documentation in $(DESTDIR)$(mandir)"
@list='$(srcdir)/doc/*.n'; for i in $$list; do \
- echo "Installing $$i"; \
- $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \
+ if test -f $$i ; then \
+ echo "Installing $$i"; \
+ $(INSTALL_DATA) $$i "$(DESTDIR)$(mandir)/mann" ; \
+ fi; \
done
test: binaries libraries
$(TCLSH) `@CYGPATH@ $(srcdir)/tests/all.tcl` $(TESTFLAGS) \
-load "package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \
@@ -308,24 +319,19 @@
# As necessary, add $(srcdir):$(srcdir)/compat:....
#========================================================================
VPATH = $(srcdir):$(srcdir)/generic:$(srcdir)/unix:$(srcdir)/win:$(srcdir)/macosx
-.c.@OBJEXT@:
- $(COMPILE) -c `@CYGPATH@ $<` -o $@
-
# Create a C-source-ified version of the script resources
# for TclTLS so that we only need a single file to enable
# this extension
tls.tcl.h: @srcdir@/library/tls.tcl Makefile
od -A n -v -t xC < '@srcdir@/library/tls.tcl' > tls.tcl.h.new.1
sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2
rm -f tls.tcl.h.new.1
mv tls.tcl.h.new.2 @srcdir@/generic/tls.tcl.h
-tls.o: tlsUuid.h
-
$(srcdir)/manifest.uuid:
printf "git-" >$(srcdir)/manifest.uuid
(cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid || \
(printf "svn-r" >$(srcdir)/manifest.uuid ; \
svn info --show-item last-changed-revision >>$(srcdir)/manifest.uuid) || \
@@ -334,10 +340,15 @@
tlsUuid.h: $(srcdir)/manifest.uuid
echo "#define TLS_VERSION_UUID \\" >$@
cat $(srcdir)/manifest.uuid >>$@
echo "" >>$@
+tls.@OBJEXT@: tlsUuid.h tls.tcl.h
+
+.c.@OBJEXT@:
+ $(COMPILE) -c `@CYGPATH@ $<` -o $@
+
#========================================================================
# Create the pkgIndex.tcl file.
# It is usually easiest to let Tcl do this for you with pkg_mkIndex, but
# you may find that you need to customize the package. If so, either
# modify the -hand version, or create a pkgIndex.tcl.in file and have
@@ -361,13 +372,13 @@
DIST_INSTALL_DATA = CPPROG='cp -p' $(INSTALL) -m 644
DIST_INSTALL_DATA_RECUR = CPPROG='cp -p -R' $(INSTALL)
DIST_INSTALL_SCRIPT = CPPROG='cp -p' $(INSTALL) -m 755
dist-clean:
- rm -rf $(DIST_DIR) $(DIST_ROOT)/$(PKG_DIR).tar.*
+ rm -rf $(DIST_DIR) $(top_builddir)/$(PKG_DIR).tar.*
-dist: dist-clean
+dist: dist-clean $(srcdir)/manifest.uuid
# TEA files
$(INSTALL_DATA_DIR) $(DIST_DIR)
$(DIST_INSTALL_DATA) $(srcdir)/Makefile.in \
$(srcdir)/acinclude.m4 $(srcdir)/aclocal.m4 \
$(srcdir)/configure.ac $(DIST_DIR)/
@@ -396,12 +407,12 @@
$(DIST_INSTALL_DATA_RECUR) $(srcdir)/$$p/* $(DIST_DIR)/$$p/; \
fi; \
done
(cd $(DIST_ROOT); $(COMPRESS);)
+ mv $(PKG_DIR).tar.gz $(top_builddir)
cd $(top_builddir)
- mv $(DIST_ROOT)/$(PKG_DIR).tar.gz $(top_builddir)
#========================================================================
# End of user-definable section
#========================================================================
Index: configure.ac
==================================================================
--- configure.ac
+++ configure.ac
@@ -1,19 +1,16 @@
#!/bin/bash -norc
dnl This file is an input file used by the GNU "autoconf" program to
dnl generate the file "configure", which is run during Tcl installation
dnl to configure the system for the local environment.
-#
#-----------------------------------------------------------------------
# This is the configure.ac for the TclTLS extension. The only places you
# should need to modify this file are marked by the string __CHANGE__.
#-----------------------------------------------------------------------
#-----------------------------------------------------------------------
-# Set your package name and version numbers here.
-#
# This initializes the environment with PACKAGE_NAME and PACKAGE_VERSION
# set as provided. These will also be added as -D defs in your Makefile
# so you can encode the package version directly into the source files.
# This will also define a special symbol for Windows (BUILD_
# so that we create the export library with the dll.
@@ -60,11 +57,10 @@
#-----------------------------------------------------------------------
TEA_SETUP_COMPILER
#-----------------------------------------------------------------------
-# __CHANGE__
# Specify the C source files to compile in TEA_ADD_SOURCES,
# public headers that need to be installed in TEA_ADD_HEADERS,
# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
@@ -75,30 +71,29 @@
TEA_ADD_HEADERS([generic/tls.h])
TEA_ADD_INCLUDES([])
TEA_ADD_LIBS([])
TEA_ADD_CFLAGS([])
TEA_ADD_STUB_SOURCES([])
-TEA_ADD_TCL_SOURCES([library/tls.tcl])
+TEA_ADD_TCL_SOURCES([library/tls.tcl license.terms README.txt])
#--------------------------------------------------------------------
-#
# You can add more files to clean if your extension creates any extra
# files by extending CLEANFILES.
# Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure
# and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var.
#
# A few miscellaneous platform-specific items:
# TEA_ADD_* any platform specific compiler/build info here.
#--------------------------------------------------------------------
-CONFIG_CLEAN_FILES="$CONFIG_CLEAN_FILES tls.tcl.h.* config.log config.status Makefile pkgIndex.tcl tcltls.a.linkadd tcltls.syms"
+TEA_ADD_CLEANFILES([pkgIndex.tcl tls.tcl.h.*])
+
if test "${TEA_PLATFORM}" = "windows" ; then
AC_DEFINE(BUILD_tls)
- AC_DEFINE(WINDOWS)
- CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch"
+ TEA_ADD_CLEANFILES([*.lib *.dll *.exp *.ilk *.pdb vc*.pch])
else
- CLEANFILES="pkgIndex.tcl *.so"
+ TEA_ADD_CLEANFILES([*.so])
fi
AC_SUBST(CLEANFILES)
#--------------------------------------------------------------------
# Choose which headers you need. Extension authors should try very
Index: doc/tls.html
==================================================================
--- doc/tls.html
+++ doc/tls.html
@@ -30,10 +30,11 @@
tls::status ?-local? channel
tls::connection channel
tls::import channel ?options?
tls::unimport channel
+ tls::ciphers ?protocol? ?verbose? ?supported?
tls::protocols
tls::version
COMMANDS
@@ -62,10 +63,11 @@
tls::connection channel
tls::handshake channel
tls::import channel ?options?
tls::unimport channel
+tls::ciphers ?protocol? ?verbose? ?supported?
tls::protocols
tls::version
@@ -420,10 +422,21 @@
Unique session master key.
session_cache_mode mode
Server cache mode (client, server, or both).
+
+ tls::ciphers
+ ?protocol? ?verbose? ?supported?
+ Without any args, returns a list of all symmetric ciphers for use with
+ the -cipher option. With protocol,
+ only the ciphers supported for that protocol are returned. See
+ tls::protocols command for the supported protocols. If
+ verbose is specified as true then a verbose, human readable
+ list is returned with additional information on the cipher. If
+ supported is specified as true, then only the ciphers
+ supported for protocol will be listed.
tls::protocols
Returns a list of the supported protocols. Valid values are:
ssl2, ssl3, tls1, tls1.1, tls1.2,
and tls1.3. Exact list depends on OpenSSL version and
Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -158,11 +158,11 @@
static void
InfoCallback(const SSL *ssl, int where, int ret) {
State *statePtr = (State*)SSL_get_app_data((SSL *)ssl);
Tcl_Interp *interp = statePtr->interp;
Tcl_Obj *cmdPtr;
- char *major; char *minor;
+ char *major, *minor;
dprintf("Called");
if (statePtr->callback == (Tcl_Obj*)NULL)
return;
@@ -2188,17 +2188,20 @@
res = SSL_get_signature_nid(statePtr->ssl, &nid);
}
if (!res) {nid = 0;}
LAPPEND_STR(interp, objPtr, "signatureHashAlgorithm", OBJ_nid2ln(nid), -1);
+ /* Added in OpenSSL 1.1.1a */
+#if OPENSSL_VERSION_NUMBER > 0x10101000L
if (objc == 2) {
res = SSL_get_peer_signature_type_nid(statePtr->ssl, &nid);
} else {
res = SSL_get_signature_type_nid(statePtr->ssl, &nid);
}
if (!res) {nid = 0;}
LAPPEND_STR(interp, objPtr, "signatureType", OBJ_nid2ln(nid), -1);
+#endif
Tcl_SetObjResult(interp, objPtr);
return TCL_OK;
}
@@ -3018,36 +3021,11 @@
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
| OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
BIO_new_tcl(NULL, 0);
-#if 0
- /*
- * XXX:TODO: Remove this code and replace it with a check
- * for enough entropy and do not try to create our own
- * terrible entropy
- */
- /*
- * Seed the random number generator in the SSL library,
- * using the do/while construct because of the bug note in the
- * OpenSSL FAQ at http://www.openssl.org/support/faq.html#USER1
- *
- * The crux of the problem is that Solaris 7 does not have a
- * /dev/random or /dev/urandom device so it cannot gather enough
- * entropy from the RAND_seed() when TLS initializes and refuses
- * to go further. Earlier versions of OpenSSL carried on regardless.
- */
- srand((unsigned int) time((time_t *) NULL));
- do {
- for (i = 0; i < 16; i++) {
- rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
- }
- RAND_seed(rnd_seed, sizeof(rnd_seed));
- } while (RAND_status() != 1);
-#endif
-
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
Tcl_MutexUnlock(&init_mx);
#endif
return status;
}
Index: generic/tlsInt.h
==================================================================
--- generic/tlsInt.h
+++ generic/tlsInt.h
@@ -40,15 +40,21 @@
/*
* Backwards compatibility for size type change
*/
#if TCL_MAJOR_VERSION < 9 && TCL_MINOR_VERSION < 7
+ #include
+ #define TCL_SIZE_MAX INT_MAX
+
#ifndef Tcl_Size
typedef int Tcl_Size;
#endif
#define TCL_SIZE_MODIFIER ""
+ #define Tcl_GetSizeIntFromObj Tcl_GetIntFromObj
+ #define Tcl_NewSizeIntObj Tcl_NewIntObj
+ #define Tcl_NewSizeIntFromObj Tcl_NewWideIntObj
#endif
#include
#include
#include
Index: win/makefile.vc
==================================================================
--- win/makefile.vc
+++ win/makefile.vc
@@ -1,8 +1,8 @@
#------------------------------------------------------------- -*- makefile -*-
#
-# Makefile for TclTLS extensions.
+# Makefile for TCL TLS extension
#
# Basic build, test and install
# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl
# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl test
# nmake /f makefile.vc INSTALLDIR=c:\path\to\tcl install
@@ -30,11 +30,11 @@
$(TMP_DIR)\tlsIO.obj \
$(TMP_DIR)\tlsX509.obj
# Define any additional project include flags
# SSL_INSTALL_FOLDER = with the OpenSSL installation folder following.
-PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include"
+PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include" -I"$(TMP_DIR)"
# Define any additional compiler flags that might be required for the project
PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS
#
@@ -57,26 +57,32 @@
# Project specific targets
all: default-target
clean: default-clean
- @if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h
realclean: default-hose
- @if exist $(WIN_DIR)\tlsUuid.h del $(WIN_DIR)\tlsUuid.h
# We must define a pkgindex target that will create a pkgIndex.tcl
# file in the $(OUT_DIR) directory. We can just redirect to the
# default-pkgindex target for our sample extension.
pkgindex: default-pkgindex-tea
$(ROOT)\manifest.uuid:
- copy $(WIN_DIR)\gitmanifest.in $(ROOT)\manifest.uuid
- git rev-parse HEAD >>$(ROOT)\manifest.uuid
+ if not exist $(ROOT)\manifest.uuid (
+ copy $(WIN_DIR)\gitmanifest.in $(ROOT)\manifest.uuid
+ where git
+ if ERRORLEVEL 0 (
+ git rev-parse HEAD >>$(ROOT)\manifest.uuid
+ ) else (
+ echo unknown >>$(ROOT)\manifest.uuid
+ )
+ )
-$(WIN_DIR)\tlsUuid.h: $(ROOT)\manifest.uuid
- copy $(WIN_DIR)\tlsUuid.h.in+$(ROOT)\manifest.uuid $(WIN_DIR)\tlsUuid.h
+$(TMP_DIR)\tlsUuid.h: $(ROOT)\manifest.uuid
+ copy $(WIN_DIR)\tlsUuid.h.in+$(ROOT)\manifest.uuid $(TMP_DIR)\tlsUuid.h
+ echo: >>$(TMP_DIR)\tlsUuid.h
# The default install target only installs binaries and scripts so add
# an additional target for our documentation. Note this *adds* a target
# since no commands are listed after it. The original targets for
@@ -88,9 +94,9 @@
if exist "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" (
xcopy /c /y "$(SSL_INSTALL_FOLDER)\bin\libssl-*-x64.dll" "$(PRJ_INSTALL_DIR)"
)
# Explicit dependency rules
-$(GENERICDIR)\tls.c: $(WIN_DIR)\tlsUuid.h
+$(GENERICDIR)\tls.c: $(TMP_DIR)\tlsUuid.h
# Test package
test: default-test