Changes On Branch 3dcd70f98ef4b6b8

Changes In Branch TEA Through [3dcd70f98e] Excluding Merge-Ins

This is equivalent to a diff from c9cb1a525d to 3dcd70f98e

2023-05-13
20:25
Merged TEA branch into master check-in: 6c02d4d029 user: bohagan tags: trunk
2023-04-30
17:06
Updated windows makefile to add missing targets check-in: 06521814cd user: bohagan tags: TEA
16:07
Moved files to subdirectories per TEA directory structure. check-in: 3dcd70f98e user: bohagan tags: TEA
02:08
Format clean-ups. check-in: e02b79f82f user: bohagan tags: TEA
2023-04-23
21:01
Created TEA updates branch check-in: b8dafda9a9 user: bohagan tags: TEA
04:49
Starkit fix to add current library names to tls.tcl starkit load function. Source: https://sourceforge.net/p/tls/bugs/55/ and https://sourceforge.net/p/tls/bugs/44/ check-in: c9cb1a525d user: bohagan tags: trunk
03:34
Use server cipher preference order. Source: https://sourceforge.net/p/tls/bugs/60/ and https://www.androwish.org/home/info/5718c3eb47cced4d and https://core.tcl-lang.org/tcltls/tktview/305ee10b86 check-in: ba1403b62c user: bohagan tags: trunk

Deleted HEADER version [b4ecd86142].
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).

TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
versions of Tcl need to be used.

TclTLS requires OpenSSL or LibreSSL in order to be compiled and function.







|







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.7, with binaries built against OpenSSL 1.1.1.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).

TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
versions of Tcl need to be used.

TclTLS requires OpenSSL or LibreSSL in order to be compiled and function.
Added doc/tls.htm version [a06ffeb7ad].
Deleted gen_dh_params version [90177a1658].
Added generic/HEADER version [9b3a71bb69].
Added generic/tls.c version [4c6200b506].
Added generic/tls.h version [bcbadd0481].
Added generic/tlsIO.c version [ff0429678e].
Added library/tls.tcl version [3524eca483].
Deleted tclOpts.h version [b51276a00c].
Deleted tcltls.syms.in version [f4a8c433c1].
Deleted tcltls.vers version [f9f493f912].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# all.tcl --
#
# This file contains a top-level script to run all of the Tcl
# tests.  Execute it by invoking "source all.test" when running tcltest
# in this directory.
#
# Copyright (c) 1998-2000 by Ajuba Solutions.
# All rights reserved.
# 
# RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $

#set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
set auto_path [linsert $auto_path 0 [file normalize [pwd]]]

if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest








|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# all.tcl --
#
# This file contains a top-level script to run all of the Tcl
# tests.  Execute it by invoking "source all.test" when running tcltest
# in this directory.
#
# Copyright (c) 1998-2000 by Ajuba Solutions.
# All rights reserved.
#
# RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $

#set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
set auto_path [linsert $auto_path 0 [file normalize [pwd]]]

if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
Deleted tls.c version [9adcbda92a].
Deleted tls.h version [625cff2305].
Deleted tls.htm version [a06ffeb7ad].
Deleted tls.tcl version [6d0b26dfc0].
Deleted tlsBIO.c version [71885cfb41].
Deleted tlsIO.c version [cfd328a393].
Deleted tlsInt.h version [df5a52ff88].
Deleted tlsX509.c version [87f16e34d8].
1
2

3
4
5
6
7
8
9
10
11
12
13



14
15
16

17
18
19
20
21

22
23
24


25
26
27
28
29


30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

64

	Windows DLL Build instructions using nmake build system
	2020-10-15 Harald.Oehlmann@elmicron.de


Properties:
- 32 bit DLL
- VisualStudio 2015
Note: Vuisual C++ 6 does not build OpenSSL (long long syntax error)
- Cygwin32 (temporary helper, please help to replace by tclsh)
- OpenSSL statically linked to TCLTLS DLL.
Note: Dynamic linking also works but results in a DLL dependeny on OPENSSL DLL's

1) Build OpenSSL static libraries:




OpenSSL source distribtution unpacked in:
c:\test\tcltls\Openssl_1_1_1h


- Install Perl from http://strawberryperl.com/download/5.32.0.1/strawberry-perl-5.32.0.1-32bit.msi
  to C:\perl
  (ActivePerl failed due to missing 32 bit console module)
- Install NASM Assembler:


https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/win32/nasm-2.15.05-installer-x86.exe
  to C:\Program Files (x86)\NASM
  


-> Visual Studio x86 native prompt.

set Path=%PATH%;C:\Program Files (x86)\NASM;C:\Perl\perl\bin

perl Configure VC-WIN32 --prefix=c:\test\tcltls\openssl --openssldir=c:\test\tcltls\openssldir no-shared no-filenames threads



nmake
nmake test
namke install

2) Build TCLTLS

Unzip distribution in:
c:\test\tcltls\tcltls-1.7.22

-> start cygwin bash prompt

cd /cygdrive/c/test/tcltls/tcltls-1.7.22
./gen_dh_params > dh_params.h

od -A n -v -t xC < 'tls.tcl' > tls.tcl.h.new.1
sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h
rm -f tls.tcl.h.new.1

-> Visual Studio x86 native prompt.

cd C:\test\tcltls\tcltls-1.7.22\win

nmake -f makefile.vc TCLDIR=c:\test\tcl8610 SSL_INSTALL_FOLDER=C:\test\tcltls\openssl

nmake -f makefile.vc install TCLDIR=c:\test\tcl8610 INSTALLDIR=c:\test\tcltls SSL_INSTALL_FOLDER=C:\test\tcltls\openssl

3) Test

Start tclsh or wish

lappend auto_path {C:\test\tcltls\tls1.7.22}
package require tls


A small "1.7.22" showing up is hopefully the end of this long way...



>


|

|


|



>
>
>
|
|

>
|
|

<

>
|
|
|
>
>
|

|


>
>



|



|
|

|

|






|

|









<

|
>
|
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

70
71
72
73
74
	Windows DLL Build instructions using nmake build system
	2020-10-15 Harald.Oehlmann@elmicron.de
	2023-04-23 Brian O'Hagan

Properties:
- 64 bit DLL
- VisualStudio 2015
Note: Visual C++ 6 does not build OpenSSL (long long syntax error)
- Cygwin32 (temporary helper, please help to replace by tclsh)
- OpenSSL statically linked to TCLTLS DLL.
Note: Dynamic linking also works but results in a DLL dependency on OPENSSL DLL's

1) Build OpenSSL static libraries:

(1a) Get OpenSSL
  https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1t/openssl-1.1.1t.tar.gz

  OpenSSL source distribution unpacked in:
  C:\Users\Brian\Documents\Source\Build\openssl-1.1.1t

(1b) Install Perl from https://strawberryperl.com/
  https://strawberryperl.com/download/5.32.1.1/strawberry-perl-5.32.1.1-64bit.msi
  to C:\Strawberry\perl
  (ActivePerl failed due to missing 32 bit console module)


(1c) Install NASM Assembler from https://www.nasm.us/
  https://www.nasm.us/pub/nasm/releasebuilds/2.16.01/win64/nasm-2.16.01-installer-x64.exe
  to C:\Program Files\NASM

(1d)
- Configure
  At Visual Studio x86 native prompt:

set Path=%PATH%;C:\Program Files\NASM;C:\Strawberry\perl\bin

perl Configure VC-WIN32 --prefix=c:\test\tcltls\openssl --openssldir=c:\test\tcltls\openssldir no-shared no-filenames threads
perl ..\Configure VC-WIN64A no-asm no-ssl3 no-zlib no-comp no-ui-console no-autoload-config --api=1.1.0 --prefix="%installdir%" --openssldir="%commoninstalldir%" -DOPENSSL_NO_DEPRECATED


nmake
nmake test
nmake install

2) Build TCLTLS

2a) Unzip distribution in:
C:\Users\Brian\Documents\Source\Build\tcltls-b5c41cdeb6

2b) Start BASH shell (MinGW62 Git shell)

cd /c/Users/Brian/Documents/Source/Build/tcltls-b5c41cdeb6
./gen_dh_params > dh_params.h

od -A n -v -t xC < 'tls.tcl' > tls.tcl.h.new.1
sed 's@[^0-9A-Fa-f]@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h
rm -f tls.tcl.h.new.1

2c) Start Visual Studio shell

cd C:\Users\Brian\Documents\Source\Build\tcltls-b5c41cdeb6\win

nmake -f makefile.vc TCLDIR=c:\test\tcl8610 SSL_INSTALL_FOLDER=C:\test\tcltls\openssl

nmake -f makefile.vc install TCLDIR=c:\test\tcl8610 INSTALLDIR=c:\test\tcltls SSL_INSTALL_FOLDER=C:\test\tcltls\openssl

3) Test

Start tclsh or wish


package require tls
package require http
http::register https 443 [list ::tls::socket -autoservername true]
set tok [http::data [http::geturl https://www.tcl-lang.org]]
::http::cleanup $tok
1
2
3
4
5
6
7
8









9
10
11
12
13
14
15
# call nmake with additional parameter SSL_INSTALL_FOLDER= with the
# OpenSSL instalation folder following.

PROJECT=tls
DOTVERSION = 1.7.22

PRJ_INCLUDES	= -I"$(SSL_INSTALL_FOLDER)\include"
PRJ_DEFINES =  -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS










PRJ_LIBS = \
	"$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \
	"$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \
	WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB

PRJ_OBJS = $(TMP_DIR)\tls.obj \

|




|
|
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# call nmake with additional parameter SSL_INSTALL_FOLDER= with the
# OpenSSL installation folder following.

PROJECT=tls
DOTVERSION = 1.7.22

PRJ_INCLUDES = -I"$(SSL_INSTALL_FOLDER)\include" -I"$(OPENSSL_INSTALL_DIR)\include"
PRJ_DEFINES = -D NO_SSL2 -D NO_SSL3 -D _CRT_SECURE_NO_WARNINGS
 
# SSL Libs:
#    1. ${LIBCRYPTO}.dll
#    2. ${LIBSSL}.dll
# Where LIBCRYPTO (#1.) and LIBSSL (#2.) are defined as follows:
#    v1.1: libcrypto-1.1-x64.dll and libssl-1.1-x64.dll
#    v3: libcrypto-3-x64.dll and libssl-3-x64.dll
# On *nix libcrypto.so.* and libssl.so.* (where suffix is a version indicator).
#

PRJ_LIBS = \
	"$(SSL_INSTALL_FOLDER)\lib\libssl.lib" \
	"$(SSL_INSTALL_FOLDER)\lib\libcrypto.lib" \
	WS2_32.LIB GDI32.LIB ADVAPI32.LIB CRYPT32.LIB USER32.LIB

PRJ_OBJS = $(TMP_DIR)\tls.obj \
Added win/nmakehlp.c version [b01f822eab].
Added win/rules.vc version [79247ddfc9].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#------------------------------------------------------------- -*- makefile -*-
# targets.vc --
#
# Part of the nmake based build system for Tcl and its extensions.
# This file defines some standard targets for the convenience of extensions
# and can be optionally included by the extension makefile.
# See TIP 477 (https://core.tcl-lang.org/tips/doc/trunk/tip/477.md) for docs.

$(PROJECT): setup pkgindex $(PRJLIB)

!ifdef PRJ_STUBOBJS
$(PROJECT): $(PRJSTUBLIB)
$(PRJSTUBLIB): $(PRJ_STUBOBJS)
	$(LIBCMD) $**






|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
#------------------------------------------------------------- -*- makefile -*-
# targets.vc --
#
# Part of the nmake based build system for Tcl and its extensions.
# This file defines some standard targets for the convenience of extensions
# and can be optionally included by the extension makefile.
# See TIP 477 (https://core.tcl-lang.org/tips/doc/main/tip/477.md) for docs.

$(PROJECT): setup pkgindex $(PRJLIB)

!ifdef PRJ_STUBOBJS
$(PROJECT): $(PRJSTUBLIB)
$(PRJSTUBLIB): $(PRJ_STUBOBJS)
	$(LIBCMD) $**