Check-in [4ef8ff423e]
Overview
Comment:Updated README file
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: 4ef8ff423e653c100f504f926844ddb95f0bf6048e62e8bc6ff85d29a19c2fb4
User & Date: bohagan on 2024-11-02 00:06:52
Other Links: branch diff | manifest | tags
Context
2024-11-03
02:00
BADSSL test updates for latest certificate status check-in: cf3d49b26b user: bohagan tags: tls-1.8
2024-11-02
00:06
Updated README file check-in: 4ef8ff423e user: bohagan tags: tls-1.8
2024-11-01
22:01
Makefile updates for tls.tcl.h to work for sh. Needed for FreeBSD. Made makefile optimizations. check-in: 97047919d0 user: bohagan tags: tls-1.8
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28



29

30
31
32
33


34
35
36
37
38
39
40







41
42
43
44
45
46
47
Tool Command Language (TCL) Transport Layer Security (TLS) Extension

Intro
=====

This package provides an extension which implements Secure Socket Layer (SSL)
and Transport Layer Security (TLS) encryption over Transmission Control
Protocol (TCP) network communication channels. It utilizes the OpenSSL library.


Description
===========

This extension works by creating a layered TCL Channel on top of an existing
bi-directional channel created by the TLS socket command. All existing socket
functionality is supported, in addition to several new options. Both client
and server modes are supported.


Documentation
=============

See the doc directory for the full usage documentation.


Compatibility
=============




This package requires TCL 8.5 or later. It will work with TCL 9. If this

extension is built against TCL 8.x it will not work with TCL 9 or vice versa.
It is best to compile both separately then install them with the compatible
TCL versions.




This package is compatible with:
- OpenSSL v1.1.1 or later though 3.2+ is preferred. See (http://www.openssl.org/

Note: There are incompatibilities between OpenSSL 1.1.1 and 3.x, so if this
extension is built against OpenSSL 1.1.1 it will not work with an OpenSSL 3.x
installation or vice versa.









Installation
============

This package uses the TCL Extension Architecture (TEA) to build and install on
any supported Unix, Mac, or MS Windows system. It depends on the OpenSSL







|







|
|











>
>
>
|
>
|
|
<

>
>

|
<
|
|
|
|
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

36
37
38
39
40

41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Tool Command Language (TCL) Transport Layer Security (TLS) Extension

Intro
=====

This package provides an extension which implements Secure Socket Layer (SSL)
and Transport Layer Security (TLS) encryption over Transmission Control
Protocol (TCP) network communication channels utilizing the OpenSSL library.


Description
===========

This extension works by creating a layered TCL Channel on top of an existing
bi-directional channel created by the TLS socket command. All existing socket
functionality is supported in addition to several new options. Both client and
server modes are supported.


Documentation
=============

See the doc directory for the full usage documentation.


Compatibility
=============

TCL
---

This package requires TCL 8.5 or later. It will also work with TCL 9, but it is
not binary compatible between major TCL versions. This means if this extension
is built with TCL 8.x it will not load into TCL 9 or vice versa. It is best
to compile both separately then install them with the compatible TCL versions.


OpenSSL
-------

This package is compatible with OpenSSL v1.1.1 or later, though 3.2 or later is

preferred. See http://www.openssl.org/. Please note that there are a few API
incompatibilities between OpenSSL 1.1.1 and 3.x, so if this extension is built
against OpenSSL 1.1.1 it is not binary compatible with OpenSSL 3.x or vice
versa.

TCLTLS
------

There were several changes made in the callback command arguments between
versions 1.7 and 2.0. See the doc/tls.html for what changed and library/tls.tcl
for example handler functions that are backwards compatible.


Installation
============

This package uses the TCL Extension Architecture (TEA) to build and install on
any supported Unix, Mac, or MS Windows system. It depends on the OpenSSL
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
==========

Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.
TLS 1.7      Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState
                                Software Inc, Roy Keene <tcltls@rkeene.org>
TLS 1.8     Copyright (C) 2023 Brian O'Hagan

Acknowledgments
===============

Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState







|







126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
==========

Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.
TLS 1.7      Copyright (C) 2016 Matt Newman, Ajuba Solutions, ActiveState
                                Software Inc, Roy Keene <tcltls@rkeene.org>
TLS 1.8-2.0  Copyright (C) 2023-2024 Brian O'Hagan

Acknowledgments
===============

Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState
349
350
351
352
353
354
355

356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
	}
	"session" {
	    lassign $args session_id ticket lifetime

	    log 0 "TLS/$chan: session: lifetime $lifetime"
	}
	"verify" {

	    return [tls::validate_command $option $chan {*}$args]
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of error, info, message, or session"
	}
    }
}

#
# Sample callback when return value is needed
#
proc tls::validate_command {option chan args} {
    variable debug

    switch -- $option {
	"alpn" {
	    lassign $args protocol match







>










|







349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
	}
	"session" {
	    lassign $args session_id ticket lifetime

	    log 0 "TLS/$chan: session: lifetime $lifetime"
	}
	"verify" {
	    # Backwards compatible for v1.7
	    return [tls::validate_command $option $chan {*}$args]
	}
	default	{
	    return -code error "bad option \"$option\":\
		    must be one of error, info, message, or session"
	}
    }
}

#
# Sample callback when return value is needed. New for TLS 1.8+.
#
proc tls::validate_command {option chan args} {
    variable debug

    switch -- $option {
	"alpn" {
	    lassign $args protocol match
422
423
424
425
426
427
428



429
430
431
432
433
434
435
	}
	if {$cb(handshake) == "done"} {
	    return 1
	}
    }
}




proc tls::password {{option password} {rwflag 0} {size 0}} {
    log 0 "TLS/Password: did you forget to set your passwd!"
    # Return the worlds best kept secret password.
    return "secret"
}

proc tls::log {level msg} {







>
>
>







423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
	}
	if {$cb(handshake) == "done"} {
	    return 1
	}
    }
}

#
# Sample callback to get password when needed. Args are new for TLS 1.8+.
#
proc tls::password {{option password} {rwflag 0} {size 0}} {
    log 0 "TLS/Password: did you forget to set your passwd!"
    # Return the worlds best kept secret password.
    return "secret"
}

proc tls::log {level msg} {