Check-in [6aedc8c1b5]
Overview
Comment:Merged in several outstanding patches
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 6aedc8c1b555605ff77c607a68f2562c1582fe9c
User & Date: rkeene on 2016-11-22 21:43:13
Other Links: manifest | tags
Context
2016-12-08
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
2016-11-22
22:07
Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk
21:36
Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix
17:58
Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded
17:58
Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile
17:58
Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate
2015-07-07
17:16
Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk
Changes
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:






|







225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	-$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:
Modified configure from [701a0c22b6] to [c1aa70d493].
1383
1384
1385
1386
1387
1388
1389

1390

1391
1392
1393
1394
1395
1396
1397
1398
1399

1400

1401
1402
1403
1404
1405
1406
1407
echo "${ECHO_T}$CYGPATH" >&6
else
  echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi

	    EXEEXT=".exe"

	    TEA_PLATFORM="windows"

	    ;;
	*CYGWIN_*)
	    CYGPATH=echo
	    EXEEXT=".exe"
	    # TEA_PLATFORM is determined later
	    ;;
	*)
	    CYGPATH=echo
	    EXEEXT=""

	    TEA_PLATFORM="unix"

	    ;;
    esac

    # Check if exec_prefix is set. If not use fall back to prefix.
    # Note when adjusted, so that TEA_PREFIX can correct for this.
    # This is needed for recursive configures, since autoconf propagates
    # $prefix, but not $exec_prefix (doh!).






>
|
>









>
|
>







1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
echo "${ECHO_T}$CYGPATH" >&6
else
  echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi

	    EXEEXT=".exe"
		if [ -z "${TEA_PLATFORM}" ]; then
			TEA_PLATFORM="windows"
		fi
	    ;;
	*CYGWIN_*)
	    CYGPATH=echo
	    EXEEXT=".exe"
	    # TEA_PLATFORM is determined later
	    ;;
	*)
	    CYGPATH=echo
	    EXEEXT=""
		if [ -z "${TEA_PLATFORM}" ]; then
			TEA_PLATFORM="unix"
		fi
	    ;;
    esac

    # Check if exec_prefix is set. If not use fall back to prefix.
    # Note when adjusted, so that TEA_PREFIX can correct for this.
    # This is needed for recursive configures, since autoconf propagates
    # $prefix, but not $exec_prefix (doh!).
1678
1679
1680
1681
1682
1683
1684

1685

1686
1687
1688
1689
1690

1691

1692
1693
1694
1695
1696
1697
1698
    case "`uname -s`" in
	*CYGWIN_*)
	    echo "$as_me:$LINENO: checking for cygwin variant" >&5
echo $ECHO_N "checking for cygwin variant... $ECHO_C" >&6
	    case ${TCL_EXTRA_CFLAGS} in
		*-mwin32*|*-mno-cygwin*)

		    TEA_PLATFORM="windows"

		    CFLAGS="$CFLAGS -mwin32"
		    echo "$as_me:$LINENO: result: win32" >&5
echo "${ECHO_T}win32" >&6
		    ;;
		*)

		    TEA_PLATFORM="unix"

		    echo "$as_me:$LINENO: result: unix" >&5
echo "${ECHO_T}unix" >&6
		    ;;
	    esac
	    EXEEXT=".exe"
	    ;;
	*)






>
|
>





>
|
>







1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
    case "`uname -s`" in
	*CYGWIN_*)
	    echo "$as_me:$LINENO: checking for cygwin variant" >&5
echo $ECHO_N "checking for cygwin variant... $ECHO_C" >&6
	    case ${TCL_EXTRA_CFLAGS} in
		*-mwin32*|*-mno-cygwin*)
			if [ -z "${TEA_PLATFORM}" ]; then
				TEA_PLATFORM="windows"
			fi
		    CFLAGS="$CFLAGS -mwin32"
		    echo "$as_me:$LINENO: result: win32" >&5
echo "${ECHO_T}win32" >&6
		    ;;
		*)
			if [ -z "${TEA_PLATFORM}" ]; then
				TEA_PLATFORM="unix"
			fi
		    echo "$as_me:$LINENO: result: unix" >&5
echo "${ECHO_T}unix" >&6
		    ;;
	    esac
	    EXEEXT=".exe"
	    ;;
	*)
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
	PKG_LIBS="$PKG_LIBS $i"
    done


    fi
    if test -n "${OPENSSL}"; then

    vars="ssleay32.lib libeay32.lib"
    for i in $vars; do
	if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then
	    # Convert foo.lib to -lfoo for GCC.  No-op if not *.lib
	    i=`echo "$i" | sed -e 's/^\([^-].*\)\.lib$/-l\1/i'`
	fi
	PKG_LIBS="$PKG_LIBS $i"
    done






|







10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
	PKG_LIBS="$PKG_LIBS $i"
    done


    fi
    if test -n "${OPENSSL}"; then

    vars="ssl.lib crypto.lib"
    for i in $vars; do
	if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then
	    # Convert foo.lib to -lfoo for GCC.  No-op if not *.lib
	    i=`echo "$i" | sed -e 's/^\([^-].*\)\.lib$/-l\1/i'`
	fi
	PKG_LIBS="$PKG_LIBS $i"
    done
Modified tls.c from [5f36052c70] to [15a7d7809d].
1768
1769
1770
1771
1772
1773
1774

1775
1776
1777
1778
1779
1780
1781
1782
1783

1784
1785
1786
1787
1788
1789
1790
 *------------------------------------------------------*
 */
static int
TlsLibInit ()
{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;
#endif
    int status=TCL_OK;

    if (!initialized) {
	Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;


	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }







>


<
<





>







1768
1769
1770
1771
1772
1773
1774
1775
1776
1777


1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
 *------------------------------------------------------*
 */
static int
TlsLibInit ()
{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status=TCL_OK;
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;



    if (!initialized) {
	Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;
#endif

	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }

1823
1824
1825
1826
1827
1828
1829

1830

1831
1832
1833
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}
    	done:


	Tcl_MutexUnlock(&init_mx);

    }
    return status;
}






>

>



1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}
    	done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	Tcl_MutexUnlock(&init_mx);
#endif
    }
    return status;
}
Modified tlsIO.c from [cd93e606f5] to [ed5e46f5ea].
929
930
931
932
933
934
935



936
937
938
939
940
941
942
		    dprintf(stderr,"E! ");
		    *errorCodePtr = EAGAIN;
		    return -1;
		} else {
		    continue;
		}
	    } else if (err == 0) {



		dprintf(stderr,"CR! ");
		*errorCodePtr = ECONNRESET;
		return -1;
	    }
	    if (statePtr->flags & TLS_TCL_SERVER) {
		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {






>
>
>







929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
		    dprintf(stderr,"E! ");
		    *errorCodePtr = EAGAIN;
		    return -1;
		} else {
		    continue;
		}
	    } else if (err == 0) {
                if (Tcl_Eof(statePtr->self)) {
                    return 0;
                }
		dprintf(stderr,"CR! ");
		*errorCodePtr = ECONNRESET;
		return -1;
	    }
	    if (statePtr->flags & TLS_TCL_SERVER) {
		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {
Modified tlsX509.c from [3f68dadacd] to [24e0063023].
96
97
98
99
100
101
102

103
104
105
106
107
108

109
110
111
112
113
114
115
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];

#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif


    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;






>






>







96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
    char certStr[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif

    certStr[0] = 0;
    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;
127
128
129
130
131
132
133







134
135
136
137
138
139
140
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);








	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));







>
>
>
>
>
>
>







129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);

        if (PEM_write_bio_X509(bio, cert)) {
            n = BIO_read(bio, certStr, min(BIO_pending(bio), BUFSIZ - 1));
            n = max(n, 0);
            certStr[n] = 0;
            BIO_flush(bio);
        }

	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

170
171
172
173
174
175
176





177
178
179
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );






    return certPtr;
}






>
>
>
>
>



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "certificate", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( certStr, -1) );

    return certPtr;
}