Index: build/post.sh ================================================================== --- build/post.sh +++ build/post.sh Index: build/pre.sh ================================================================== --- build/pre.sh +++ build/pre.sh Index: gen_dh_params ================================================================== --- gen_dh_params +++ gen_dh_params Index: tests/remote.tcl ================================================================== --- tests/remote.tcl +++ tests/remote.tcl Index: tests/simpleClient.tcl ================================================================== --- tests/simpleClient.tcl +++ tests/simpleClient.tcl Index: tests/simpleServer.tcl ================================================================== --- tests/simpleServer.tcl +++ tests/simpleServer.tcl Index: tests/tlsIO.test ================================================================== --- tests/tlsIO.test +++ tests/tlsIO.test Index: tls.c ================================================================== --- tls.c +++ tls.c @@ -74,10 +74,12 @@ #define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) +#define SSLKEYLOGFILE "SSLKEYLOGFILE" + /* * Static data structures */ #ifndef OPENSSL_NO_DH @@ -402,10 +404,20 @@ Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); Tcl_Release((ClientData) statePtr->interp); } + +void KeyLogCallback(const SSL *ssl, const char *line) { + char *str = getenv(SSLKEYLOGFILE); + FILE *fd; + if (str) { + fd = fopen(str, "a"); + fprintf(fd, "%s\n",line); + fclose(fd); + } +} /* *------------------------------------------------------------------- * * PasswordCallback -- @@ -1201,10 +1213,14 @@ ctx = SSL_CTX_new (method); if (!ctx) { return(NULL); } + + if (getenv(SSLKEYLOGFILE)) { + SSL_CTX_set_keylog_callback(ctx, KeyLogCallback); + } #if !defined(NO_TLS1_3) if (proto == TLS_PROTO_TLS1_3) { SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION); Index: tls.htm ================================================================== --- tls.htm +++ tls.htm @@ -407,10 +407,16 @@ The use of the variable tls::debug is not recommended. It may be removed from future releases.

+

DEBUG

+ +TLS key logging can be enabled by setting the environment variable +SSLKEYLOGFILE to the name of the file to log to. Then whenever TLS +key material is generated or received it will be logged to the file. +

HTTPS EXAMPLE

This example uses a sample server.pem provided with the TLS release, courtesy of the OpenSSL project.

Index: win/README.txt ================================================================== --- win/README.txt +++ win/README.txt @@ -1,64 +1,64 @@ - Windows DLL Build instructions using nmake build system - 2020-10-15 Harald.Oehlmann@elmicron.de - -Properties: -- 32 bit DLL -- VisualStudio 2015 -Note: Vuisual C++ 6 does not build OpenSSL (long long syntax error) -- Cygwin32 (temporary helper, please help to replace by tclsh) -- OpenSSL statically linked to TCLTLS DLL. -Note: Dynamic linking also works but results in a DLL dependeny on OPENSSL DLL's - -1) Build OpenSSL static libraries: - -OpenSSL source distribtution unpacked in: -c:\test\tcltls\Openssl_1_1_1h - -- Install Perl from http://strawberryperl.com/download/5.32.0.1/strawberry-perl-5.32.0.1-32bit.msi - to C:\perl - (ActivePerl failed due to missing 32 bit console module) -- Install NASM Assembler: - -https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/win32/nasm-2.15.05-installer-x86.exe - to C:\Program Files (x86)\NASM - --> Visual Studio x86 native prompt. - -set Path=%PATH%;C:\Program Files (x86)\NASM;C:\Perl\perl\bin - -perl Configure VC-WIN32 --prefix=c:\test\tcltls\openssl --openssldir=c:\test\tcltls\openssldir no-shared no-filenames threads - -nmake -nmake test -namke install - -2) Build TCLTLS - -Unzip distribution in: -c:\test\tcltls\tcltls-1.7.22 - --> start cygwin bash prompt - -cd /cygdrive/c/test/tcltls/tcltls-1.7.22 -./gen_dh_params > dh_params.h - -od -A n -v -t xC < 'tls.tcl' > tls.tcl.h.new.1 -sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h -rm -f tls.tcl.h.new.1 - --> Visual Studio x86 native prompt. - -cd C:\test\tcltls\tcltls-1.7.22\win - -nmake -f makefile.vc TCLDIR=c:\test\tcl8610 SSL_INSTALL_FOLDER=C:\test\tcltls\openssl - -nmake -f makefile.vc install TCLDIR=c:\test\tcl8610 INSTALLDIR=c:\test\tcltls SSL_INSTALL_FOLDER=C:\test\tcltls\openssl - -3) Test - -Start tclsh or wish - -lappend auto_path {C:\test\tcltls\tls1.7.22} -package require tls - + Windows DLL Build instructions using nmake build system + 2020-10-15 Harald.Oehlmann@elmicron.de + +Properties: +- 32 bit DLL +- VisualStudio 2015 +Note: Vuisual C++ 6 does not build OpenSSL (long long syntax error) +- Cygwin32 (temporary helper, please help to replace by tclsh) +- OpenSSL statically linked to TCLTLS DLL. +Note: Dynamic linking also works but results in a DLL dependeny on OPENSSL DLL's + +1) Build OpenSSL static libraries: + +OpenSSL source distribtution unpacked in: +c:\test\tcltls\Openssl_1_1_1h + +- Install Perl from http://strawberryperl.com/download/5.32.0.1/strawberry-perl-5.32.0.1-32bit.msi + to C:\perl + (ActivePerl failed due to missing 32 bit console module) +- Install NASM Assembler: + +https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/win32/nasm-2.15.05-installer-x86.exe + to C:\Program Files (x86)\NASM + +-> Visual Studio x86 native prompt. + +set Path=%PATH%;C:\Program Files (x86)\NASM;C:\Perl\perl\bin + +perl Configure VC-WIN32 --prefix=c:\test\tcltls\openssl --openssldir=c:\test\tcltls\openssldir no-shared no-filenames threads + +nmake +nmake test +namke install + +2) Build TCLTLS + +Unzip distribution in: +c:\test\tcltls\tcltls-1.7.22 + +-> start cygwin bash prompt + +cd /cygdrive/c/test/tcltls/tcltls-1.7.22 +./gen_dh_params > dh_params.h + +od -A n -v -t xC < 'tls.tcl' > tls.tcl.h.new.1 +sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h +rm -f tls.tcl.h.new.1 + +-> Visual Studio x86 native prompt. + +cd C:\test\tcltls\tcltls-1.7.22\win + +nmake -f makefile.vc TCLDIR=c:\test\tcl8610 SSL_INSTALL_FOLDER=C:\test\tcltls\openssl + +nmake -f makefile.vc install TCLDIR=c:\test\tcl8610 INSTALLDIR=c:\test\tcltls SSL_INSTALL_FOLDER=C:\test\tcltls\openssl + +3) Test + +Start tclsh or wish + +lappend auto_path {C:\test\tcltls\tls1.7.22} +package require tls + A small "1.7.22" showing up is hopefully the end of this long way... Index: win/makefile.vc ================================================================== --- win/makefile.vc +++ win/makefile.vc @@ -1,24 +1,24 @@ -# call nmake with additional parameter SSL_INSTALL_FOLDER= with the -# OpenSSL instalation folder following. - -PROJECT=tls -DOTVERSION = 1.7.22 - -PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS - -PRJ_LIBS = \ - "$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \ - "$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \ - WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB - -PRJ_OBJS = $(TMP_DIR)\tls.obj \ - $(TMP_DIR)\tlsBIO.obj \ - $(TMP_DIR)\tlsIO.obj \ - $(TMP_DIR)\tlsX509.obj - -!include "rules-ext.vc" -!include "targets.vc" - -pkgindex: default-pkgindex - +# call nmake with additional parameter SSL_INSTALL_FOLDER= with the +# OpenSSL instalation folder following. + +PROJECT=tls +DOTVERSION = 1.7.22 + +PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" +PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS + +PRJ_LIBS = \ + "$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \ + "$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \ + WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB + +PRJ_OBJS = $(TMP_DIR)\tls.obj \ + $(TMP_DIR)\tlsBIO.obj \ + $(TMP_DIR)\tlsIO.obj \ + $(TMP_DIR)\tlsX509.obj + +!include "rules-ext.vc" +!include "targets.vc" + +pkgindex: default-pkgindex + Index: win/targets.vc ================================================================== --- win/targets.vc +++ win/targets.vc @@ -1,98 +1,98 @@ -#------------------------------------------------------------- -*- makefile -*- -# targets.vc -- -# -# Part of the nmake based build system for Tcl and its extensions. -# This file defines some standard targets for the convenience of extensions -# and can be optionally included by the extension makefile. -# See TIP 477 (https://core.tcl-lang.org/tips/doc/trunk/tip/477.md) for docs. - -$(PROJECT): setup pkgindex $(PRJLIB) - -!ifdef PRJ_STUBOBJS -$(PROJECT): $(PRJSTUBLIB) -$(PRJSTUBLIB): $(PRJ_STUBOBJS) - $(LIBCMD) $** - -$(PRJ_STUBOBJS): - $(CCSTUBSCMD) %s -!endif # PRJ_STUBOBJS - -!ifdef PRJ_MANIFEST -$(PROJECT): $(PRJLIB).manifest -$(PRJLIB).manifest: $(PRJ_MANIFEST) - @nmakehlp -s << $** >$@ -@MACHINE@ $(MACHINE:IX86=X86) -<< -!endif - -!if "$(PROJECT)" != "tcl" && "$(PROJECT)" != "tk" -$(PRJLIB): $(PRJ_OBJS) $(RESFILE) -!if $(STATIC_BUILD) - $(LIBCMD) $** -!else - $(DLLCMD) $** - $(_VC_MANIFEST_EMBED_DLL) -!endif - -@del $*.exp -!endif - -!if "$(PRJ_HEADERS)" != "" && "$(PRJ_OBJS)" != "" -$(PRJ_OBJS): $(PRJ_HEADERS) -!endif - -# If parent makefile has defined stub objects, add their installation -# to the default install -!if "$(PRJ_STUBOBJS)" != "" -default-install: default-install-stubs -!endif - -# Unlike the other default targets, these cannot be in rules.vc because -# the executed command depends on existence of macro PRJ_HEADERS_PUBLIC -# that the parent makefile will not define until after including rules-ext.vc -!if "$(PRJ_HEADERS_PUBLIC)" != "" -default-install: default-install-headers -default-install-headers: - @echo Installing headers to '$(INCLUDE_INSTALL_DIR)' - @for %f in ($(PRJ_HEADERS_PUBLIC)) do @$(COPY) %f "$(INCLUDE_INSTALL_DIR)" -!endif - -!if "$(DISABLE_STANDARD_TARGETS)" == "" -DISABLE_STANDARD_TARGETS = 0 -!endif - -!if "$(DISABLE_TARGET_setup)" == "" -DISABLE_TARGET_setup = 0 -!endif -!if "$(DISABLE_TARGET_install)" == "" -DISABLE_TARGET_install = 0 -!endif -!if "$(DISABLE_TARGET_clean)" == "" -DISABLE_TARGET_clean = 0 -!endif -!if "$(DISABLE_TARGET_test)" == "" -DISABLE_TARGET_test = 0 -!endif -!if "$(DISABLE_TARGET_shell)" == "" -DISABLE_TARGET_shell = 0 -!endif - -!if !$(DISABLE_STANDARD_TARGETS) -!if !$(DISABLE_TARGET_setup) -setup: default-setup -!endif -!if !$(DISABLE_TARGET_install) -install: default-install -!endif -!if !$(DISABLE_TARGET_clean) -clean: default-clean -realclean: hose -hose: default-hose -distclean: realclean default-distclean -!endif -!if !$(DISABLE_TARGET_test) -test: default-test -!endif -!if !$(DISABLE_TARGET_shell) -shell: default-shell -!endif -!endif # DISABLE_STANDARD_TARGETS +#------------------------------------------------------------- -*- makefile -*- +# targets.vc -- +# +# Part of the nmake based build system for Tcl and its extensions. +# This file defines some standard targets for the convenience of extensions +# and can be optionally included by the extension makefile. +# See TIP 477 (https://core.tcl-lang.org/tips/doc/trunk/tip/477.md) for docs. + +$(PROJECT): setup pkgindex $(PRJLIB) + +!ifdef PRJ_STUBOBJS +$(PROJECT): $(PRJSTUBLIB) +$(PRJSTUBLIB): $(PRJ_STUBOBJS) + $(LIBCMD) $** + +$(PRJ_STUBOBJS): + $(CCSTUBSCMD) %s +!endif # PRJ_STUBOBJS + +!ifdef PRJ_MANIFEST +$(PROJECT): $(PRJLIB).manifest +$(PRJLIB).manifest: $(PRJ_MANIFEST) + @nmakehlp -s << $** >$@ +@MACHINE@ $(MACHINE:IX86=X86) +<< +!endif + +!if "$(PROJECT)" != "tcl" && "$(PROJECT)" != "tk" +$(PRJLIB): $(PRJ_OBJS) $(RESFILE) +!if $(STATIC_BUILD) + $(LIBCMD) $** +!else + $(DLLCMD) $** + $(_VC_MANIFEST_EMBED_DLL) +!endif + -@del $*.exp +!endif + +!if "$(PRJ_HEADERS)" != "" && "$(PRJ_OBJS)" != "" +$(PRJ_OBJS): $(PRJ_HEADERS) +!endif + +# If parent makefile has defined stub objects, add their installation +# to the default install +!if "$(PRJ_STUBOBJS)" != "" +default-install: default-install-stubs +!endif + +# Unlike the other default targets, these cannot be in rules.vc because +# the executed command depends on existence of macro PRJ_HEADERS_PUBLIC +# that the parent makefile will not define until after including rules-ext.vc +!if "$(PRJ_HEADERS_PUBLIC)" != "" +default-install: default-install-headers +default-install-headers: + @echo Installing headers to '$(INCLUDE_INSTALL_DIR)' + @for %f in ($(PRJ_HEADERS_PUBLIC)) do @$(COPY) %f "$(INCLUDE_INSTALL_DIR)" +!endif + +!if "$(DISABLE_STANDARD_TARGETS)" == "" +DISABLE_STANDARD_TARGETS = 0 +!endif + +!if "$(DISABLE_TARGET_setup)" == "" +DISABLE_TARGET_setup = 0 +!endif +!if "$(DISABLE_TARGET_install)" == "" +DISABLE_TARGET_install = 0 +!endif +!if "$(DISABLE_TARGET_clean)" == "" +DISABLE_TARGET_clean = 0 +!endif +!if "$(DISABLE_TARGET_test)" == "" +DISABLE_TARGET_test = 0 +!endif +!if "$(DISABLE_TARGET_shell)" == "" +DISABLE_TARGET_shell = 0 +!endif + +!if !$(DISABLE_STANDARD_TARGETS) +!if !$(DISABLE_TARGET_setup) +setup: default-setup +!endif +!if !$(DISABLE_TARGET_install) +install: default-install +!endif +!if !$(DISABLE_TARGET_clean) +clean: default-clean +realclean: hose +hose: default-hose +distclean: realclean default-distclean +!endif +!if !$(DISABLE_TARGET_test) +test: default-test +!endif +!if !$(DISABLE_TARGET_shell) +shell: default-shell +!endif +!endif # DISABLE_STANDARD_TARGETS