Changes On Branch 4aa7638d1a2b2e45

Changes In Branch tls-1-7 Through [4aa7638d1a] Excluding Merge-Ins

This is equivalent to a diff from 6aedc8c1b5 to 4aa7638d1a

2016-12-08
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
2016-12-06
05:24
Updated to make updating the remote m4 files optional and not the default check-in: 4257f23d7c user: rkeene tags: tls-1-7
04:56
Fixed search for "xxd" to not check for a prefixed version check-in: 4aa7638d1a user: rkeene tags: tls-1-7
04:42
Ensure that defines are not duplicated check-in: f0726c57a4 user: rkeene tags: tls-1-7
2016-11-22
22:07
Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk
21:36
Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix
17:58
Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded
17:58
Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile
17:58
Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate
2015-07-07
17:16
Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk

Added HEADER version [786e922403].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17


18
19
20
21
22

23
24
25
26

27
28
29
30
31

32
33

34
35
36
37
38
39



40
41
42
43

44
45
46
47
48
49

50
51
52
53
54
55
56
57

58
59
60
61
62

63
64
65
66

67
68
69
70
71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

121
122
123
124
125
126
127
128
129

130
131

132
133

134
135
136

137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

159
160
161
162
163
164
165

166
167

168
169

170
171

172
173
174
175

176
177
178
179

180
181
182
183
184
185
186
187


188
189
190
191
192

193
194
195
196
197
198
199
200
201

202
203
204
205
206
207
208
209
210
211
212
213

214
215
216

217
218

219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

249
250
251


252
253

254
255
256
257
258
259
260
261
262
263
264
265
266



267
268
269
270

271
272
273
274
275
276
277
278
279
280


281
282
283
284

285
286

287
288
289

290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322

323
324
325

326
327

328
329
330
331
332
333
334
335
336
337
338
339

340
341
342
343

344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390

391
392

393
394
395
396
397


398
399

400
401
402
403
404
405
406

407
408
409
410

411
412
413

















1
2





3




4





5


6






7
8
9




10






11




12



13


14


15




16






17








































18







19









20


21


22



23



















24


25







26


27


28


29

30


31




32








33
34





35









36








37



38



39


40










41




42















43



44
45


46







47





48
49
50




51



52






53
54




55


56



57

























58



59




60



61


62












63




64































65






66









67


68





69
70


71







72

73


74



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
+
-
-
+
-
-
-
-
-
-
+
+
+
-
-
-
-
+
-
-
-
-
-
-
+
-
-
-
-

-
-
-
+
-
-

-
-
+
-
-
-
-
+
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
+
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
+
-
-
-
-
-
-
-
+
-
-
+
-
-
+
-
-
+
-

-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
-
+
+
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-

-
-
-
+
-
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
+
+
-
-
+
-
-
-
-
-
-
-

-
-
-
-
-
+
+
+
-
-
-
-
+
-
-
-

-
-
-
-
-
-
+
+
-
-
-
-
+
-
-
+
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
+
-
-
-
-
+
-
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
-
-
-
+
+
-
-
+
-
-
-
-
-
-
-
+
-

-
-
+
-
-
-
# Makefile.in --
#
# This file is a Makefile for the tls Tcl extension.  If it has the name
# "Makefile.in" then it is a template for a Makefile;  to generate the
# actual Makefile, run "./configure", which is a configuration script
# generated by the "autoconf" program (constructs like "@foo@" will get
# replaced in the actual Makefile.
#
# Copyright (c) 1999-2000 Ajuba Solutions.
# All rights reserved.
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
# RCS: @(#) $Id: Makefile.in,v 1.29 2010/08/12 01:28:06 hobbs2 Exp $


CC = @CC@
AR = @AR@
#========================================================================
# Enumerate the names of the source files included in this package.
# This will be used when a dist target is added to the Makefile.
#========================================================================

RANLIB = @RANLIB@
PKG_SOURCES	= tls.c tlsIO.c tlsBIO.c tlsX509.c fixstrtod.c
PKG_OBJECTS	= tls.$(OBJEXT) tlsIO.$(OBJEXT) tlsBIO.$(OBJEXT) \
		  tlsX509.$(OBJEXT) fixstrtod.$(OBJEXT)

CFLAGS = @CFLAGS@ @SHOBJFLAGS@
#========================================================================
# RUNTIME_SOURCES identifies Tcl runtime files that are associated with
# this package that need to be installed, if any.
#========================================================================

CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ @TCL_DEFS@
PKG_TCL_SOURCES	= tls.tcl

LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@
#========================================================================
# This is a list of header files to be installed
#========================================================================

PKG_HEADERS	= tls.h

LIBS = @LIBS@
INSTALL = @INSTALL@
PACKAGE_VERSION = @PACKAGE_VERSION@
#========================================================================
# Variables and AC_SUBST cases added for tls.
#========================================================================

TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@
SSL_DIR			= @SSL_DIR@
SSL_LIB_DIR 		= @SSL_LIB_DIR@
SSL_INCLUDE_DIR 	= @SSL_INCLUDE_DIR@
SSL_INCLUDE_DIR_NATIVE	= @SSL_INCLUDE_DIR_NATIVE@
SSL_INCLUDES 		= -I$(SSL_INCLUDE_DIR_NATIVE)

PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)
#========================================================================
# "PKG_LIB_FILE" refers to the library (dynamic or static as per
# configuration options) composed of the named objects.
#========================================================================

PKG_LIB_FILE	= @PKG_LIB_FILE@
PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@

all: @EXTENSION_TARGET@
lib_BINARIES	= $(PKG_LIB_FILE)
BINARIES	= $(lib_BINARIES)

SHELL		= @SHELL@

# The shared object target
srcdir		= @srcdir@
prefix		= @prefix@
exec_prefix	= @exec_prefix@

tcltls.@SHOBJEXT@: tls.o tlsBIO.o tlsIO.o tlsX509.o
bindir		= @bindir@
libdir		= @libdir@
datadir		= @datadir@
mandir		= @mandir@
includedir	= @includedir@

	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tcltls.@SHOBJEXT@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)
DESTDIR		=

PKG_DIR		= $(PACKAGE_NAME)$(PACKAGE_VERSION)
pkgdatadir	= $(datadir)/$(PKG_DIR)
pkglibdir	= $(libdir)/$(PKG_DIR)
pkgincludedir	= $(includedir)/$(PKG_DIR)

top_builddir	= .

INSTALL		= @INSTALL@
INSTALL_PROGRAM	= @INSTALL_PROGRAM@
INSTALL_DATA	= @INSTALL_DATA@
INSTALL_SCRIPT	= @INSTALL_SCRIPT@

PACKAGE_NAME	= @PACKAGE_NAME@
PACKAGE_VERSION	= @PACKAGE_VERSION@
CC		= @CC@
CFLAGS_DEFAULT	= @CFLAGS_DEFAULT@
CFLAGS_WARNING	= @CFLAGS_WARNING@
CLEANFILES	= @CLEANFILES@
EXEEXT		= @EXEEXT@
LDFLAGS_DEFAULT	= @LDFLAGS_DEFAULT@
MAKE_LIB	= @MAKE_LIB@
MAKE_SHARED_LIB	= @MAKE_SHARED_LIB@
MAKE_STATIC_LIB	= @MAKE_STATIC_LIB@
MAKE_STUB_LIB	= @MAKE_STUB_LIB@
OBJEXT		= @OBJEXT@
RANLIB		= @RANLIB@
RANLIB_STUB	= @RANLIB_STUB@
SHLIB_CFLAGS	= @SHLIB_CFLAGS@
SHLIB_LD	= @SHLIB_LD@
SHLIB_LD_LIBS	= @SHLIB_LD_LIBS@
STLIB_LD	= @STLIB_LD@
TCL_DEFS	= @TCL_DEFS@
TCL_BIN_DIR	= @TCL_BIN_DIR@
TCL_SRC_DIR	= @TCL_SRC_DIR@
# This is necessary for packages that use private Tcl headers
#TCL_TOP_DIR_NATIVE	= @TCL_TOP_DIR_NATIVE@
# Not used, but retained for reference of what libs Tcl required
TCL_LIBS	= @TCL_LIBS@

#========================================================================
# TCLLIBPATH seeds the auto_path in Tcl's init.tcl so we can test our
# package without installing.  The other environment variables allow us
# to test against an uninstalled Tcl.  Add special env vars that you
# require for testing here (like TCLX_LIBRARY).
#========================================================================

# The static target
EXTRA_PATH	= $(top_builddir):$(TCL_BIN_DIR)
TCLSH_ENV	= TCL_LIBRARY=`@CYGPATH@ $(TCL_SRC_DIR)/library` \
		  @LD_LIBRARY_PATH_VAR@="$(EXTRA_PATH):$(@LD_LIBRARY_PATH_VAR@)" \
		  PATH="$(EXTRA_PATH):$(PATH)" \
		  TCLLIBPATH="$(top_builddir)"
TCLSH_PROG	= @TCLSH_PROG@
TCLSH		= $(TCLSH_ENV) $(TCLSH_PROG)
SHARED_BUILD	= @SHARED_BUILD@

tcltls.a: tls.o tlsBIO.o tlsIO.o tlsX509.o
INCLUDES	= @PKG_INCLUDES@ @TCL_INCLUDES@ $(SSL_INCLUDES)

	$(AR) rcu tcltls.a.new tls.o tlsBIO.o tlsIO.o tlsX509.o
PKG_CFLAGS	= @PKG_CFLAGS@

	$(RANLIB) tcltls.a.new
#DEFS		= $(TCL_DEFS) @DEFS@ $(EXTRA_CFLAGS)
DEFS		= @DEFS@ $(PKG_CFLAGS)

	mv tcltls.a.new tcltls.a
CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl

CPPFLAGS	= @CPPFLAGS@
LIBS		= @PKG_LIBS@ @LIBS@
AR		= ar
CFLAGS		= @CFLAGS@
COMPILE		= $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

#========================================================================
# Start of user-definable TARGETS section
#========================================================================

#========================================================================
# TEA TARGETS.  Please note that the "libraries:" target refers to platform
# independent files, and the "binaries:" target inclues executable programs and
# platform-dependent libraries.  Modify these targets so that they install
# the various pieces of your package.  The make and install rules
# for the BINARIES that you specified above have already been done.
#========================================================================

all: binaries libraries doc

# Dependencies for all our targets
#========================================================================
# The binaries target builds executable programs, Windows .dll's, unix
# shared/static libraries, and any other platform-dependent files.
# The list of targets to build for "binaries:" is specified at the top
# of the Makefile, in the "BINARIES" variable.
#========================================================================

tls.o: @srcdir@/tls.c @srcdir@/tlsInt.h @srcdir@/tclOpts.h @srcdir@/tls.tcl.h dh_params.h
binaries: $(BINARIES) pkgIndex.tcl

tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h
libraries: $(PKG_TCL_SOURCES)

tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h
doc:

tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h
install: all install-binaries install-libraries install-doc

install-binaries: binaries install-lib-binaries install-bin-binaries

# Create a C-source-ified version of the script resources
#========================================================================
# This rule installs platform-independent files, such as header files.
#========================================================================

# for TclTLS so that we only need a single file to enable
install-libraries: libraries
	@mkdir -p $(DESTDIR)$(includedir)
	@echo "Installing header files in $(DESTDIR)$(includedir)"
	@list='$(PKG_HEADERS)'; for i in $$list; do \
	    echo "Installing $(srcdir)/$$i" ; \
	    $(INSTALL_DATA) $(srcdir)/$$i $(DESTDIR)$(includedir) ; \
	done;

# this extension
@srcdir@/tls.tcl.h: @srcdir@/tls.tcl
#========================================================================
# Install documentation.  Unix manpages should go in the $(mandir)
# directory.
#========================================================================

	@XXD@ -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new'
install-doc: doc
#	@mkdir -p $(DESTDIR)$(mandir)/mann
#	@echo "Installing documentation in $(DESTDIR)$(mandir)"
#	@for i in $(srcdir)/doc/*.n; do \
#	    echo "Installing $$i"; \
#	    rm -f $(DESTDIR)$(mandir)/mann/`basename $$i`; \
#	    $(INSTALL_DATA) $$i $(DESTDIR)$(mandir)/mann ; \
#	done

	mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h'
test: binaries libraries
	echo "load $(PKG_LIB_FILE); \
	  if {![file exists tls.tcl]} { \
	      file copy [file join $(srcdir) tls.tcl] tls.tcl \
	  } ;\
	  source [file join $(srcdir) tls.tcl]; \
	  set argv {$(TESTFLAGS)}; \
	  source [file join $(srcdir) tests all.tcl]" | $(TCLSH)

shell: binaries libraries
	@$(TCLSH) $(SCRIPT)

# Create default DH parameters
gdb:
	$(TCLSH_ENV) gdb $(TCLSH_PROG) $(SCRIPT)

dh_params.h: @srcdir@/gen_dh_params
depend:

	@srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new
#========================================================================
# $(PKG_LIB_FILE) should be listed as part of the BINARIES variable
# mentioned above.  That will ensure that this target is built when you
# run "make binaries".
#
# The $(PKG_OBJECTS) objects are created and linked into the final
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

	mv dh_params.h.new dh_params.h
$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	-$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:
#
# sample.$(OBJEXT): $(srcdir)/generic/sample.c
# 	$(COMPILE) -c `@CYGPATH@ $(srcdir)/generic/sample.c` -o $@
#
# Setting the VPATH variable to a list of paths will cause the makefile
# to look into these paths when resolving .c to .obj dependencies.
# As necessary, add $(srcdir):$(srcdir)/compat:....
#========================================================================

# Generic target for building files from the "srcdir"
VPATH = $(srcdir)

.c.@OBJEXT@:
# tree -- the default target will not match paths
.c.o:
	$(COMPILE) -c `@CYGPATH@ $<` -o $@

	$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"
#========================================================================
# Create the pkgIndex.tcl file.
# It is usually easiest to let Tcl do this for you with pkg_mkIndex, but
# you may find that you need to customize the package.  If so, either
# modify the -hand version, or create a pkgIndex.tcl.in file and have
# the configure script output the pkgIndex.tcl by editing configure.in.
#========================================================================

pkgIndex.tcl-auto:
	( echo pkg_mkIndex . $(PKG_LIB_FILE) \; exit; ) | $(TCLSH)

pkgIndex.tcl:
	(echo 'package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \
# Install the extension
install: @EXTENSION_TARGET@ pkgIndex.tcl
	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
	    "[list source [file join $$dir tls.tcl]] ; \
	     [list tls::initlib $$dir $(PKG_LIB_FILE)]"'\
	) > pkgIndex.tcl

	$(INSTALL) -t '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' @EXTENSION_TARGET@ pkgIndex.tcl
#========================================================================
# End of user-definable section
#========================================================================

#========================================================================
# Don't modify the file to clean here.  Instead, set the "CLEANFILES"
# variable in configure.in
#========================================================================

clean:  
# Clean the local build directory for rebuild against the same configuration
clean:
	-test -z "$(BINARIES)" || rm -f $(BINARIES)
	-rm -f *.$(OBJEXT) core *.core
	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)

	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
distclean: clean
	-rm -f *.tab.c
	rm -f tcltls.@SHOBJEXT@
	-rm -f $(CONFIG_CLEAN_FILES)
	-rm -f config.cache config.log config.status

	rm -f tcltls.a.new tcltls.a
COMPEXE		= gzip
COMPEXT		= gz
COMPRESS	= tar cvf - $(PKG_DIR) | $(COMPEXE) > $(PKG_DIR)-src.tar.$(COMPEXT)
DIST_ROOT	= /tmp/dist
DIST_DIR	= $(DIST_ROOT)/$(PKG_DIR)

dist-clean:
	rm -rf $(DIST_DIR) $(DIST_ROOT)/$(PKG_DIR).tar.$(COMPEXT)

dist: dist-clean
	mkdir -p $(DIST_DIR)
	cp -p $(srcdir)/README.txt $(srcdir)/ChangeLog $(srcdir)/tls.htm \
		$(srcdir)/configure $(srcdir)/configure.in \
		$(srcdir)/Makefile.in $(srcdir)/*.[ch] \
		$(srcdir)/license.terms \
		$(srcdir)/aclocal.m4 $(srcdir)/tls.tcl \
		$(DIST_DIR)
	chmod 664 $(DIST_DIR)/Makefile.in $(DIST_DIR)/aclocal.m4
	chmod 775 $(DIST_DIR)/configure $(DIST_DIR)/configure.in

	mkdir $(DIST_DIR)/tclconfig
	cp -p $(srcdir)/tclconfig/install-sh $(srcdir)/tclconfig/tcl.m4 \
		$(DIST_DIR)/tclconfig/
	chmod 664 $(DIST_DIR)/tclconfig/tcl.m4
	chmod +x $(DIST_DIR)/tclconfig/install-sh

	mkdir $(DIST_DIR)/tests
	cp -p $(srcdir)/tests/*.{tcl,test} $(DIST_DIR)/tests

# Clean the local build directory back to what it was after unpacking the
	mkdir $(DIST_DIR)/tests/certs
	cp -p $(srcdir)/tests/certs/*.{pem,key,req,txt,srl} \
		$(DIST_DIR)/tests/certs

# distribution tarball
	mkdir $(DIST_DIR)/win
	cp -p $(srcdir)/win/*.{vc,rc,c} $(DIST_DIR)/win

distclean: clean
	(cd $(DIST_ROOT); $(COMPRESS);)

	rm -f config.log config.status
#========================================================================
# Install binary object libraries.  On Windows this includes both .dll and
# .lib files.  Because the .lib files are not explicitly listed anywhere,
# we need to deduce their existence from the .dll file of the same name.
# Additionally, the .dll files go into the bin directory, but the .lib
# files go into the lib directory.  On Unix platforms, all library files
# go into the lib directory.  In addition, this will generate the pkgIndex.tcl
# file in the install location (assuming it can find a usable tclsh)
#
# You should not have to modify this target.
#========================================================================

	rm -f dh_params.h.new dh_params.h
install-lib-binaries:
	@mkdir -p $(DESTDIR)$(pkglibdir)
	@list='$(lib_BINARIES)'; for p in $$list; do \
	  if test -f $$p; then \
	rm -f Makefile pkgIndex.tcl
	    echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(pkglibdir)/$$p"; \
	    $(INSTALL_PROGRAM) $$p $(DESTDIR)$(pkglibdir)/$$p; \
	    stub=`echo $$p|sed -e "s/.*\(stub\).*/\1/"`; \
	    if test "x$$stub" = "xstub"; then \
		echo " $(RANLIB_STUB) $(DESTDIR)$(pkglibdir)/$$p"; \
		$(RANLIB_STUB) $(DESTDIR)$(pkglibdir)/$$p; \
	    else \
		echo " $(RANLIB) $(DESTDIR)$(pkglibdir)/$$p"; \
		$(RANLIB) $(DESTDIR)$(pkglibdir)/$$p; \
	    fi; \
	    ext=`echo $$p|sed -e "s/.*\.//"`; \
	    if test "x$$ext" = "xdll"; then \
		lib=`basename $$p|sed -e 's/.[^.]*$$//'`.lib; \
		if test -f $$lib; then \
		    echo " $(INSTALL_DATA) $$lib $(DESTDIR)$(pkglibdir)/$$lib"; \
	            $(INSTALL_DATA) $$lib $(DESTDIR)$(pkglibdir)/$$lib; \
		fi; \
	    fi; \
	  fi; \
	done
	@list='$(PKG_TCL_SOURCES)'; for p in $$list; do \
	  if test -f $(srcdir)/$$p; then \
	    destp=`basename $$p`; \
	    echo " Install $$destp $(DESTDIR)$(pkglibdir)/$$destp"; \
	    $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkglibdir)/$$destp; \
	  fi; \
	done
	@if test "x$(SHARED_BUILD)" = "x1"; then \
	    echo " Install pkgIndex.tcl $(DESTDIR)$(pkglibdir)"; \
	    $(INSTALL_DATA) pkgIndex.tcl $(DESTDIR)$(pkglibdir); \
	fi

#========================================================================
# Install binary executables (e.g. .exe files)
#
# You should not have to modify this target.
#========================================================================

# Clean the local build directory back to only thing things that exist in
install-bin-binaries:
	@mkdir -p $(DESTDIR)$(bindir)
	@list='$(bin_BINARIES)'; for p in $$list; do \
	  if test -f $$p; then \
	    echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$p"; \
	    $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$p; \
	  fi; \
	done

# version control system
.SUFFIXES: .c .$(OBJEXT)

mrproper: distclean
Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
	cd $(top_builddir) \
	  && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status

uninstall-binaries:
	rm -f @srcdir@/tls.tcl.h
	rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh
	list='$(lib_BINARIES)'; for p in $$list; do \
	  rm -f $(DESTDIR)$(pkglibdir)/$$p; \
	rm -f @srcdir@/aclocal.m4
	done
	list='$(PKG_TCL_SOURCES)'; for p in $$list; do \
	  p=`basename $$p`; \
	  rm -f $(DESTDIR)$(pkglibdir)/$$p; \
	done
	list='$(bin_BINARIES)'; for p in $$list; do \
	  rm -f $(DESTDIR)$(bindir)/$$p; \
	rm -rf @srcdir@/autom4te.cache
	done

.PHONY: all binaries clean depend distclean doc install libraries test

.PHONY: all install clean distclean mrproper
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
1
2
3
4
5
6
7
8
9
10
11
12
13
1
2
3
4


5
6
7
8
9
10
11




-
-







Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.

$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.7 2008/03/19 22:49:12 hobbs2 Exp $

TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.
Deleted aclocal.m4 version [9e0a6d21b1].
Added aclocal/tcl.m4 version [154523ce1b].
Added autogen.sh version [7cd79754ca].
Added build/post.sh version [b845836733].
Added build/pre.sh version [a8f310fb41].
Deleted configure version [c1aa70d493].
1
2
3
4
5

6
7
8
9
10
11
12
13


14
15
16


17
18
19
20
21



22

23

24

25

26


27
28
29
30
31

32


33
34
35
36





37
38
39



40
41
42
43
44
45

46
47

48
49

50
51
52


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70



71
72
73
74





75
76
77






78







79
80
81
82
83




84

85
86
87
88

89
90

91

92
93
94
95
96
97

98
99
100

101
102

103
104

105



106


107
108


109
110
111

112
113

114
115

116
117
118
119
120
121
122
123

124
125
126
127
128
129



130
131



132
133
134
135
136




137



138
139
140

141
142

143
144

145
146

147
148

149
150
151
152

153
154
155
156



157
158





159
160
161
162
163
164
165
166

167
168
169
170
171
172
173

174
175

176
177

178
179
180
181
182
183
184
185
186













187
188
189


190
191
192



193
194
195




196
197
198
199
200
201
202
203
204


205
206

207
208
209






210

211






1








2
3



4
5





6
7
8
9
10

11
12
13

14
15
16
17



18

19

20
21
22



23
24
25
26
27



28
29
30
31





32


33


34



35
36






37








38



39
40
41




42
43
44
45
46



47
48
49
50
51
52

53
54
55
56
57
58
59




60
61
62
63
64

65




66


67

68
69





70



71


72


73

74
75
76
77
78
79


80
81



82


83


84





85


86






87
88
89


90
91
92




93
94
95
96
97

98
99
100
101


102


103


104


105


106




107




108
109
110
111
112
113
114
115
116
117





118


119







120


121


122









123
124
125
126
127
128
129
130
131
132
133
134
135



136
137



138
139
140



141
142
143
144









145
146


147



148
149
150
151
152
153
154
155

156
-
-
-
-
-
+
-
-
-
-
-
-
-
-
+
+
-
-
-
+
+
-
-
-
-
-
+
+
+

+
-
+

+
-
+

+
+
-
-
-

-
+
-
+
+

-
-
-
+
+
+
+
+
-
-
-
+
+
+

-
-
-
-
-
+
-
-
+
-
-
+
-
-
-
+
+
-
-
-
-
-
-

-
-
-
-
-
-
-
-
+
-
-
-
+
+
+
-
-
-
-
+
+
+
+
+
-
-
-
+
+
+
+
+
+
-
+
+
+
+
+
+
+
-
-
-
-

+
+
+
+
-
+
-
-
-
-
+
-
-
+
-
+

-
-
-
-
-
+
-
-
-
+
-
-
+
-
-
+
-
+
+
+

+
+
-
-
+
+
-
-
-
+
-
-
+
-
-
+
-
-
-
-
-

-
-
+
-
-
-
-
-
-
+
+
+
-
-
+
+
+
-
-
-
-

+
+
+
+
-
+
+
+

-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
-
-
+
-
-
-
-
+
+
+


+
+
+
+
+
-
-
-
-
-

-
-
+
-
-
-
-
-
-
-
+
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
+
+
-
-
-
+
+
+
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
+
+
-
-
+
-
-
-
+
+
+
+
+
+

+
-
+
#!/bin/bash -norc
dnl	This file is an input file used by the GNU "autoconf" program to
dnl	generate the file "configure", which is run during Tcl installation
dnl	to configure the system for the local environment.
dnl 
dnl Define ourselves
dnl This file contains code to generate "tls" using either the
dnl OpenSSL libraries or libraries from the commercial BSAFE SSL-C
dnl product from RSA Security.  In the United States, it is necessary
dnl to use the RSA BSAFE libraries for any product developed for
dnl commercial use. Licensing information for BSAFE SSL-C may be
dnl obtained from RSA Data Scurity Inc., San Mateo, California, USA.
dnl Their home page on the web is "www.rsasecurity.com". 
#
AC_INIT(tcltls, 1.7.0)

# RCS: @(#) $Id: configure.in,v 1.31 2015/07/07 17:16:02 andreas_kupries Exp $


dnl Checks for programs.
AC_PROG_CC
#--------------------------------------------------------------------
# macro used to verify that the configure script can find the sources
#--------------------------------------------------------------------

AC_INIT([tls], [1.6.7])
AC_PROG_MAKE_SET
AC_PROG_INSTALL
AC_GNU_SOURCE

dnl Determine system information
TEA_INIT([3.8])
DC_CHK_OS_INFO

dnl Look for appropriate headers
AC_CONFIG_AUX_DIR(tclconfig)
AC_CHECK_HEADERS(unistd.h stdlib.h string.h strings.h)

dnl Perform Tcl Extension required stuff
TCLEXT_INIT
#--------------------------------------------------------------------
# Load the tclConfig.sh file
#--------------------------------------------------------------------

TEA_PATH_TCLCONFIG
if test "$TCLEXT_BUILD" != 'static'; then
TEA_LOAD_TCLCONFIG
	dnl Determine how to make shared objects
	DC_GET_SHOBJFLAGS

#-----------------------------------------------------------------------
# Handle the --prefix=... option by defaulting to what Tcl gave.
# Must be called after TEA_LOAD_TCLCONFIG and before TEA_SETUP_COMPILER.
	EXTENSION_TARGET="tcltls.${SHOBJEXT}"
else
	AC_CHECK_TOOL([AR], [ar], [false])
	AC_CHECK_TOOL([RANLIB], [ranlib], [:])
	EXTENSION_TARGET="tcltls.a"
#-----------------------------------------------------------------------

TEA_PREFIX
fi
AC_SUBST(EXTENSION_TARGET)
AC_SUBST(TCLEXT_BUILD)

#-----------------------------------------------------------------------
# Standard compiler checks.
# This sets up CC by using the CC env var, or looks for gcc otherwise.
# This also calls AC_PROG_CC, AC_PROG_INSTALL and a few others to create
# the basic setup necessary to compile executables.
dnl Determine what SSL library to link with
#-----------------------------------------------------------------------

AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl], [name of ssl library to build against (openssl, libressl, nss, auto)]), [
TEA_SETUP_COMPILER

	if test "$withval" = "no"; then
#-----------------------------------------------------------------------
# __CHANGE__
# Specify the C source files to compile in TEA_ADD_SOURCES,
		AC_MSG_ERROR([You may not specify --without-ssl])
	fi
# public headers that need to be installed in TEA_ADD_HEADERS,
# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------

TEA_ADD_SOURCES([])
TEA_ADD_HEADERS([])
TEA_ADD_INCLUDES([])
TEA_ADD_LIBS([])
TEA_ADD_CFLAGS([])
TEA_ADD_STUB_SOURCES([])
TEA_ADD_TCL_SOURCES([])

	if test "$withval" = "yes"; then
#--------------------------------------------------------------------
# A few miscellaneous platform-specific items:
#
		AC_MSG_ERROR([If you specify --with-ssl then you must provide a value])
	fi

# Define a special symbol for Windows (BUILD_sample in this case) so
# that we create the export library with the dll.  See sha1.h on how
# to use this.
#
	tcltls_ssl_lib="$withval"
], [
	tcltls_ssl_lib='auto'
])

# Windows creates a few extra files that need to be cleaned up.
# You can add more files to clean if your extension creates any extra
# files.
dnl Enable support for building the same library every time
tcltls_deterministic='false'
AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [
	if test "$enableval" = "yes"; then
		tcltls_deterministic='true'
	fi
#
])
if test "$tcltls_deterministic" = 'true'; then
	GEN_DH_PARAMS_ARGS='fallback'
else
	GEN_DH_PARAMS_ARGS=''
fi
AC_SUBST(GEN_DH_PARAMS_ARGS)
# Define any extra compiler flags in the PACKAGE_CFLAGS variable.
# These will be appended to the current set of compiler flags for
# your system.
#--------------------------------------------------------------------

dnl Allow the user to manually disable protocols
dnl ## SSLv2: Disabled by default
tcltls_ssl_ssl2='false'
AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [
if test "${TEA_PLATFORM}" = "windows" ; then
	if test "$enableval" = "yes"; then
    AC_DEFINE(BUILD_tls)
    AC_DEFINE(WINDOWS)
    CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch"
else
		tcltls_ssl_ssl2='true'
    CLEANFILES="pkgIndex.tcl"
fi
	fi
AC_SUBST(CLEANFILES)
])

#--------------------------------------------------------------------
# Choose which headers you need.  Extension authors should try very
# hard to only rely on the Tcl public header files.  Internal headers
# contain private data structures and are subject to change without
# notice.
dnl ## SSLv3: Disabled by default
# This MUST be called after TEA_LOAD_TCLCONFIG / TEA_LOAD_TKCONFIG
#--------------------------------------------------------------------

tcltls_ssl_ssl3='false'
TEA_PUBLIC_TCL_HEADERS

AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [
#--------------------------------------------------------------------
# Check whether --enable-threads or --disable-threads was given.
	if test "$enableval" = "yes"; then
#--------------------------------------------------------------------
		tcltls_ssl_ssl3='true'
	fi
])

dnl ## TLSv1.0: Enabled by default
tcltls_ssl_tls1_0='true'
TEA_ENABLE_THREADS

AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [
	if test "$enableval" = "no"; then
#--------------------------------------------------------------------
# The statement below defines a collection of symbols related to
# building as a shared library instead of a static library.
		tcltls_ssl_tls1_0='false'
#--------------------------------------------------------------------

	fi
TEA_ENABLE_SHARED

])
#--------------------------------------------------------------------
# This macro figures out what flags to use with the compiler/linker
# when building shared/static debug/optimized objects.  This information
# can be taken from the tclConfig.sh file, but this figures it all out.
#--------------------------------------------------------------------

TEA_CONFIG_CFLAGS

dnl ## TLSv1.1: Enabled by default
#--------------------------------------------------------------------
# Set the default compiler switches based on the --enable-symbols option.
#--------------------------------------------------------------------

TEA_ENABLE_SYMBOLS

tcltls_ssl_tls1_1='true'
AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [
	if test "$enableval" = "no"; then
#--------------------------------------------------------------------
# Everyone should be linking against the Tcl stub library.  If you
		tcltls_ssl_tls1_1='false'
	fi
])
# can't for some reason, remove this definition.  If you aren't using
# stubs, you also need to modify the SHLIB_LD_LIBS setting below to
# link against the non-stubbed Tcl library.  Add Tk too if necessary.
#--------------------------------------------------------------------

dnl ## TLSv1.1: Enabled by default
tcltls_ssl_tls1_2='true'
AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [
	if test "$enableval" = "no"; then
AC_DEFINE(USE_TCL_STUBS)
		tcltls_ssl_tls1_2='false'
	fi
])

#--------------------------------------------------------------------
# If the variable OPENSSL is set, we will build with the OpenSSL
dnl Enable support for a debugging build
# libraries.  If it is not set, then we will use RSA BSAFE SSL-C
# libraries instead of the default OpenSSL libaries.
tcltls_debug='false'
#--------------------------------------------------------------------

AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
OPENSSL="1"

	if test "$enableval" = "yes"; then
TLS_CHECK_SSL

		tcltls_debug='true'
#--------------------------------------------------------------------
# Determine if we should use the patented encryption code
#--------------------------------------------------------------------

	fi
AC_ARG_ENABLE(patents, [  --enable-patents        Use patented code.  Default is enabled], PATENTS=${enableval}, PATENTS=yes)  

if test ${PATENTS} = no; then
    AC_DEFINE([NO_PATENTS])
])
if test "$tcltls_debug" = 'true'; then
	AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging build])
fi

dnl Find "xxd" so we can build the tls.tcl.h file
AC_CHECK_PROG([XXD], [xxd], [xxd], [__xxd__not__found])

dnl Find "pkg-config" since we need to use it
AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])
#--------------------------------------------------------------------
# This macro generates a line to use when building a library.  It
# depends on values set by the TEA_ENABLE_SHARED, TEA_ENABLE_SYMBOLS,
# and TEA_LOAD_TCLCONFIG macros above.
#--------------------------------------------------------------------

TEA_MAKE_LIB

dnl XXX:TODO: Automatically determine the SSL library to use
#--------------------------------------------------------------------
# Shared libraries and static libraries have different names.
# Also, windows libraries and unix libraries have different names.
# For the OpenSSL version, I chose to use the same library names that
# OpenSSL uses as its default names.
#--------------------------------------------------------------------

dnl           defaulting to OpenSSL for compatibility reasons
if test "${TEA_PLATFORM}" = "windows" ; then
    if test "$GCC" = "yes"; then
if test "$tcltls_ssl_lib" = 'auto'; then
	TEA_ADD_LIBS([-L${SSL_LIB_DIR_NATIVE}])
    else
	tcltls_ssl_lib='openssl'
	TEA_ADD_LIBS([-libpath:${SSL_LIB_DIR_NATIVE}])
    fi
    if test -n "${OPENSSL}"; then
        TEA_ADD_LIBS([ssleay32.lib libeay32.lib])
    else
        TEA_ADD_LIBS([sslc32.lib])
    fi
else
    # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859]
fi

AC_MSG_CHECKING([which TLS library to use])
AC_MSG_RESULT([$tcltls_ssl_lib])


dnl Manually rewrite libressl to OpenSSL since we use the
dnl compatibility interface
if test "$tcltls_ssl_lib" = "libressl"; then
	tcltls_ssl_lib='openssl'
fi

AS_CASE([$tcltls_ssl_lib],
    LIB_RUNTIME_DIR=${SSL_LIB_DIR}
    eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\""
    if test -n "${OPENSSL}"; then
	[openssl], [
		TCLTLS_SSL_OPENSSL
	TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}])
    else
	TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lsslc])
	],
	[nss], [
	 	TCLTLS_SSL_LIBS=""
    fi
fi

		TCLTLS_SSL_CFLAGS=""
		TCLTLS_SSL_CPPFLAGS=""
	],
	[
#--------------------------------------------------------------------
# Find tclsh so that we can run pkg_mkIndex to generate the pkgIndex.tcl
# file during the install process.  Don't run the TCLSH_PROG through
# ${CYGPATH} because it's being used directly by make.
# Require that we use a tclsh shell version 8.2 or later since earlier
# versions have bugs in the pkg_mkIndex routine.
# Add WISH as well if this is a Tk extension.
#--------------------------------------------------------------------

		AC_MSG_ERROR([Unsupported SSL library: $tcltls_ssl_lib])
	]
TEA_PROG_TCLSH

)
#--------------------------------------------------------------------
# Finally, substitute all of the various values into the Makefile.
#--------------------------------------------------------------------
dnl Determine how to use this SSL library
AC_MSG_CHECKING([how to use $tcltls_ssl_lib])
LIBS="${LIBS} ${TCLTLS_SSL_LIBS}"
CFLAGS="${CFLAGS} ${TCLTLS_SSL_CFLAGS}"
CPPFLAGS="${CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"
AC_MSG_RESULT([$TCLTLS_SSL_CPPFLAGS $TCLTLS_SSL_CFLAGS $TCLTLS_SSL_LIBS])

dnl Produce output
AC_OUTPUT([Makefile])
AC_OUTPUT(Makefile pkgIndex.tcl)
Deleted fixstrtod.c version [097c39a2a6].
Added gen_dh_params version [121b16da7e].
Added pkgIndex.tcl.in version [69b06405aa].
Modified tclOpts.h from [4e3c2a8397] to [aff9aa3b9c].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 *  Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 *  $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tclOpts.h,v 1.2 2000/01/20 01:49:31 aborr Exp $
 *
 * Stylized option processing - requires consitent
 * external vars: opt, idx, objc, objv
 */
#ifndef _TCL_OPTS_H
#define _TCL_OPTS_H

#define OPT_PROLOG(option)			\
Deleted tclconfig/tcl.m4 version [1cb6792ef2].
1
2
3
4
5
6
7
8
9
10


11
12
13
14
15
16
17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19










+
+







# all.tcl --
#
# This file contains a top-level script to run all of the Tcl
# tests.  Execute it by invoking "source all.test" when running tcltest
# in this directory.
#
# Copyright (c) 1998-2000 by Ajuba Solutions.
# All rights reserved.
# 
# RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]

if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import ::tcltest::*
}

set ::tcltest::testSingleFile false
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
13
14
15
16
17
18
19


20
21
22
23
24
25
26







-
-








if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import ::tcltest::*
}

# The build dir is added as the first element of $PATH
set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]

package require tls

# One of these should == 1, depending on what type of ssl library
# tls was compiled against. (RSA BSAFE SSL-C or OpenSSL).
#
set ::tcltest::testConstraints(rsabsafe) 0
set ::tcltest::testConstraints(openssl) [string match "OpenSSL*" [tls::version]]
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16


17
18
19
20
21
22
23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26




+












+
+







#!/bin/sh
# The next line is executed by /bin/sh, but not tcl \
exec tclsh "$0" ${1+"$@"}

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
package require tls

proc creadable {s} {
    puts "LINE=[gets $s]"
    after 2000
    exit
}

proc myserv {s args} {
    fileevent $s readable [list creadable $s]
}

close [file tempfile keyfile]
close [file tempfile certfile]
tls::misc req 1024 $keyfile $certfile [list C CCC ST STTT L LLLL O OOOO OU OUUUU CN CNNNN Email some@email.com days 730 serial 12]

tls::socket -keyfile $keyfile -certfile $certfile -server myserv 12300

puts "Now run keytest2.tcl"
vwait forever




1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
9
10

+
+
+







-
#! /usr/bin/env tclsh

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
package require tls

set s [tls::socket 127.0.0.1 12300]
puts $s "A line"
flush $s
puts [join [tls::status $s] \n]
exit

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tls.tcl,v 1.2 2000/06/06 18:24:33 aborr Exp $
#
set dir [file dirname [info script]]
regsub {\.} [info tclversion] {} vshort
if {$tcl_platform(platform) == "windows"} {
    if {[info exists tcl_platform(debug)]} {
	load $dir/../win/Debug$vshort/tls.dll
    } else {
	load $dir/../win/Release$vshort/tls.dll
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsAuto.tcl,v 1.1 2000/06/06 18:13:20 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc fromServer {chan} {
    if {[catch {read $chan 10} data]} {
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsBlocking.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc bgerror {msg} {tclLog "BG: $msg"}

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsCiphers.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

if {[llength $argv] == 0} {
    puts stderr "Usage: ciphers protocol ?verbose?"
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsHttp.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
package require base64

set dir [file dirname [info script]]
cd $dir
source tls.tcl
package require http

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsSrv.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
# Sample Tls-enabled server
#
set dir [file dirname [info script]]
cd $dir
source tls.tcl
#lappend auto_path d:/tcl80/lib
#package require tls
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsSrv2.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
# Sample Tls-enabled server
#
set dir [file dirname [info script]]
cd $dir
source tls.tcl
#lappend auto_path d:/tcl80/lib
#package require tls
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsUpload.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc fromServer {chan} {
    if {[catch {read $chan 10} data]} {
66
67
68
69
70
71
72
73
74
75

76
77
78
79
80
81
82
66
67
68
69
70
71
72

73

74
75
76
77
78
79
80
81







-

-
+








if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import -force ::tcltest::*
}

# The build dir is added as the first element of $PATH
set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
# Load the tls package
package require tls 1.6
package require tls

set tlsServerPort 8048

# Specify where the certificates are

set certsDir	[file join [file dirname [info script]] certs]
set serverCert	[file join $certsDir server.pem]
300
301
302
303
304
305
306

307
308
309
310
311
312
313
314
315
299
300
301
302
303
304
305
306
307

308
309
310
311
312
313
314







+

-







test tlsIO-1.12 {arg parsing for socket command} {socket} {
    list [catch {tls::socket foo badport} msg] $msg
} {1 {expected integer but got "badport"}}

test tlsIO-2.1 {tcp connection} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x timed_out"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
    puts $f {
	proc accept {file addr port} {
	    global x
342
343
344
345
346
347
348

349
350
351
352
353
354
355
356
357
341
342
343
344
345
346
347
348
349

350
351
352
353
354
355
356







+

-







} else {
    set port [expr {$tlsServerPort + [pid]%1024}]
}

test tlsIO-2.2 {tcp connection with client port specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8829 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
382
383
384
385
386
387
388

389
390
391
392
393
394
395
396
397
381
382
383
384
385
386
387
388
389

390
391
392
393
394
395
396







+

-







    close $f
    set x
} [list ready "hello $port"]

test tlsIO-2.3 {tcp connection with client interface specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8830 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
419
420
421
422
423
424
425
426
427

428
429
430
431
432
433
434







+

-







    close $f
    set x
} {ready {hello 127.0.0.1}}

test tlsIO-2.4 {tcp connection with server interface specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey -myaddr [info hostname] 8831 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
457
458
459
460
461
462
463

464
465
466
467
468
469
470
471
472
456
457
458
459
460
461
462
463
464

465
466
467
468
469
470
471







+

-







    close $f
    set x
} {ready hello}

test tlsIO-2.5 {tcp connection with redundant server port} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8832 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
504
505
506
507
508
509
510

511
512
513
514
515
516
517
518
519
503
504
505
506
507
508
509
510
511

512
513
514
515
516
517
518







+

-







    }
    set status
} ok

test tlsIO-2.7 {echo server, one line} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8834 \]"
    puts $f {
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
548
549
550
551
552
553
554

555
556
557
558
559
560
561
562
563
547
548
549
550
551
552
553
554
555

556
557
558
559
560
561
562







+

-







    set y [gets $f]
    close $f
    list $x $y
} {{hello abcdefghijklmnop} done}

test tlsIO-2.8 {echo server, loop 50 times, single connection} {socket stdio} {
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8835 \]"
    puts $f {
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
            fconfigure $s -buffering line
600
601
602
603
604
605
606

607
608
609
610
611
612
613
614
615
599
600
601
602
603
604
605
606
607

608
609
610
611
612
613
614







+

-







    set x
} {done 50}

test tlsIO-2.9 {socket conflict} {socket stdio} {
    set s [tls::socket -server accept 8828]
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts -nonewline $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	tls::socket -server accept 8828
    }
    close $f
    set f [open "|[list $::tcltest::tcltest script]" r]
    gets $f
    after 100
672
673
674
675
676
677
678
679

680
681
682
683
684
685
686
687
688
689
690
691
692
693

694
695
696
697
698
699
700
701
702
671
672
673
674
675
676
677

678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694

695
696
697
698
699
700
701







-
+














+

-







    after 500
    fconfigure $sock -blocking 0
    set result a:[gets $sock]
    lappend result b:[gets $sock]
    fconfigure $sock -blocking 1
    puts $s2 two
    flush $s2
    fconfigure $sock -blocking 0
    fconfigure $sock -blocking 1
    lappend result c:[gets $sock]
    fconfigure $sock -blocking 1
    close $s2
    close $s
    close $sock
    set result
} {a:one b: c:two}

test tlsIO-2.12 {tcp connection; no certificates specified} \
	{socket stdio unixOnly} {
    # There is a debug assertion on Windows/SSL that causes a crash when the
    # certificate isn't specified.
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x timed_out"]
	set f [tls::socket -server accept 8828]
	proc accept {file addr port} {
	    global x
	    set x done
            close $file
720
721
722
723
724
725
726

727
728
729
730
731
732
733
734
735
719
720
721
722
723
724
725
726
727

728
729
730
731
732
733
734







+

-







    close $f
    set x
} {ready done {}}

test tlsIO-3.1 {socket conflict} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
    puts $f {
	puts ready
	gets stdin
	close $f
745
746
747
748
749
750
751

752
753
754
755
756
757
758
759
760
744
745
746
747
748
749
750
751
752

753
754
755
756
757
758
759







+

-







    close $f
    set x
} {1 {couldn't open socket: address already in use}}

test tlsIO-3.2 {server with several clients} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set t1 [after 30000 "set x timed_out"]
	set t2 [after 31000 "set x timed_out"]
	set t3 [after 32000 "set x timed_out"]
	set counter 0
    }
    puts $f "set s \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
814
815
816
817
818
819
820

821
822
823
824
825
826
827
828
829
813
814
815
816
817
818
819
820
821

822
823
824
825
826
827
828







+

-







    set x
} {ready done}

test tlsIO-4.1 {server with several clients} {socket stdio} {
    # have seen intermittent hangs on Windows
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	gets stdin
    }
    puts $f "set s \[tls::socket -certfile $clientCert -cafile $caCert -keyfile $clientKey 127.0.0.1 8828 \]"
    puts $f {
	fconfigure $s -buffering line
	for {set i 0} {$i < 100} {incr i} {
922
923
924
925
926
927
928

929
930
931
932
933
934
935
936
937
921
922
923
924
925
926
927
928
929

930
931
932
933
934
935
936







+

-







} {couldn't open socket: not owner}

test tlsIO-6.1 {accept callback error} {socket stdio} {
    # There is a debug assertion on Windows/SSL that causes a crash when the
    # certificate isn't specified.
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
	gets stdin
    }
    puts $f [list tls::socket -cafile $caCert 127.0.0.1 8848]
    close $f
    set f [open "|[list $::tcltest::tcltest script]" r+]
    proc bgerror args {
950
951
952
953
954
955
956

957
958
959
960
961
962
963
964
965
949
950
951
952
953
954
955
956
957

958
959
960
961
962
963
964







+

-







    rename bgerror {}
    set x
} {{divide by zero}}

test tlsIO-7.1 {testing socket specific options} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f [list tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8820]
    puts $f {
	proc accept args {
	    global x
984
985
986
987
988
989
990

991
992
993
994
995
996
997
998
999
983
984
985
986
987
988
989
990
991

992
993
994
995
996
997
998







+

-







    lappend l [string compare [lindex $p 2] 8820]
    lappend l [llength $p]
} {0 0 3}

test tlsIO-7.2 {testing socket specific options} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8821"
    puts $f {
	proc accept args {
	    global x
	    set x done
1756
1757
1758
1759
1760
1761
1762

1763
1764
1765
1766
1767
1768
1769
1770
1771
1755
1756
1757
1758
1759
1760
1761
1762
1763

1764
1765
1766
1767
1768
1769
1770







+

-








    # Script2 creates the server socket, launches script1,
    # waits a second, and exits.  The server socket will now
    # be closed unless script1 inherited it.

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828\]"
    puts $f {
	proc accept { file addr port } {
	    close $file
1813
1814
1815
1816
1817
1818
1819

1820
1821
1822
1823
1824
1825
1826
1827
1828
1812
1813
1814
1815
1816
1817
1818
1819
1820

1821
1822
1823
1824
1825
1826
1827







+

-








    # Script2 opens the client socket and writes to it.  It then
    # launches script1 and exits.  If the child process inherited the
    # client socket, the socket will still be open.

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -certfile $clientCert -cafile $caCert \
	    -keyfile $clientKey 127.0.0.1 8829\]"
    puts $f {
	exec $tclsh script1 &
	puts $f testing
1874
1875
1876
1877
1878
1879
1880

1881
1882
1883
1884
1885
1886
1887
1888
1889
1873
1874
1875
1876
1877
1878
1879
1880
1881

1882
1883
1884
1885
1886
1887
1888







+

-







	after 10000 exit
	vwait forever
    }
    close $f

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8930\]"
    puts $f {
	proc accept { file host port } {
	    global tclsh
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1925
1926
1927
1928
1929
1930
1931

1932
1933
1934
1935
1936
1937
1938







-







test tlsIO-13.1 {Testing use of shared socket between two threads} \
	{socket testthread} {
    # HOBBS: never tested
    removeFile script
    threadReap

    makeFile {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
	set f [tls::socket -server accept 8828]
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
            fconfigure $s -buffering line
        }
	proc echo {s} {
Modified tls.c from [15a7d7809d] to [829214fd98].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
1
2
3
4
5
6
7


8
9
10
11
12
13
14







-
-







/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * some modifications:
 *	Copyright (C) 2000 Ajuba Solutions
 *	Copyright (C) 2002 ActiveState Corporation
 *	Copyright (C) 2004 Starfish Systems 
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.37 2015/07/07 17:16:02 andreas_kupries Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
63
64
65
66
67
68
69
70

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
61
62
63
64
65
66
67

68
69
70
71
72
73
74
75
76
77
78
79
80
81


82










































83
84
85
86
87
88
89







-
+













-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-







static int	UnimportObjCmd _ANSI_ARGS_ ((ClientData clientData,
			Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]));

static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, char *key,
			char *cert, char *CAdir, char *CAfile, char *ciphers,
			char *DHparams));

static int	TlsLibInit _ANSI_ARGS_ (()) ;
static int	TlsLibInit _ANSI_ARGS_ ((void)) ;

#define TLS_PROTO_SSL2		0x01
#define TLS_PROTO_SSL3		0x02
#define TLS_PROTO_TLS1		0x04
#define TLS_PROTO_TLS1_1	0x08
#define TLS_PROTO_TLS1_2	0x10
#define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))

/*
 * Static data structures
 */

#ifndef OPENSSL_NO_DH
/* code derived from output of 'openssl dhparam -C 2048' */

#include "dh_params.h"
static unsigned char dh2048_p[]={
	0xEC,0xFD,0x6F,0x66,0xD8,0xBC,0xB4,0xCB,0xD7,0xE7,0xB4,0xAE,
	0xEC,0xC0,0x06,0x25,0x40,0x9F,0x3F,0xC4,0xAC,0x34,0x19,0x36,
	0x8A,0xAB,0xA9,0xF6,0x45,0x36,0x87,0x1F,0x10,0x35,0x3F,0x90,
	0x00,0xC6,0x7A,0xE8,0x51,0xF4,0x7F,0x50,0x0F,0xC2,0x82,0x91,
	0xAD,0x60,0x1B,0x49,0xB1,0x0B,0x23,0xC3,0x37,0xAE,0x0D,0x2C,
	0x49,0xC6,0xFB,0x60,0x9D,0x50,0x2F,0x8C,0x2F,0xDE,0xE6,0x5F,
	0x53,0x8B,0x5F,0xF9,0x70,0x16,0xEE,0x51,0xD1,0xAB,0x02,0x48,
	0x61,0xF1,0xA0,0xD7,0xBD,0x04,0x24,0xF0,0xE4,0xD1,0x0A,0x4C,
	0x28,0xDC,0x22,0x78,0x7C,0xED,0x2A,0xFA,0xF4,0x57,0x7C,0xAE,
	0xDF,0x52,0xC6,0xA2,0x11,0x28,0xC5,0x3B,0xB8,0x2F,0x95,0x3F,
	0x1E,0x05,0x66,0xFE,0x7D,0x1A,0x73,0xA0,0x45,0xF8,0xBB,0x8C,
	0x64,0xB9,0xA9,0x4D,0x23,0xBE,0x20,0x60,0xA2,0xF7,0xC7,0xD8,
	0xD8,0x49,0x28,0x9A,0x81,0xAC,0xF9,0x7F,0x3C,0xFC,0xBE,0x25,
	0x5B,0x1D,0xB6,0xAB,0x08,0x06,0x11,0x8D,0x94,0x69,0x3C,0x68,
	0x98,0x5A,0x90,0xF8,0xEB,0x19,0xCA,0x9F,0x1C,0x50,0x96,0x53,
	0xEF,0xEC,0x1B,0x93,0x4F,0x53,0xB7,0xD9,0x04,0x8E,0x48,0x99,
	0x6E,0x24,0xFF,0x66,0xF5,0xB0,0xDF,0x00,0xBA,0x22,0xE2,0xB6,
	0xE3,0x3A,0xC2,0x95,0xB1,0x14,0x68,0xFB,0xA5,0x37,0x22,0x78,
	0x56,0x5C,0xA4,0x23,0x31,0x02,0x97,0x7D,0xA9,0x84,0x0B,0x12,
	0x26,0x58,0x2F,0x86,0x10,0xAD,0xB0,0xAB,0xB9,0x7B,0x05,0x9A,
	0xDE,0x11,0xF1,0xE7,0x34,0xC7,0x95,0x42,0x1C,0x4F,0xA9,0xA8,
	0x92,0xDF,0x3F,0x7B,
	};
static unsigned char dh2048_g[]={
	0x02,
};


static DH *get_dh2048()
{
    DH *dh=NULL;

    if ((dh=DH_new()) == NULL) return(NULL);

    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);

    if ((dh->p == NULL) || (dh->g == NULL))
	return(NULL);
    return(dh);
}
#endif

/*
 * Defined in Tls_Init to determine what kind of channels we are using
 * (old-style 8.2.0-8.3.1 or new-style 8.3.2+).
 */
int channelTypeVersion;
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
121
122
123
124
125
126
127

128
129
130
131
132
133
134







-







/*
 * Threaded operation requires locking callbacks
 * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL.
 */

static Tcl_Mutex locks[CRYPTO_NUM_LOCKS];
static Tcl_Mutex init_mx;
static int initialized;

static void          CryptoThreadLockCallback (int mode, int n, const char *file, int line);
static unsigned long CryptoThreadIdCallback   (void);

static void
CryptoThreadLockCallback(int mode, int n, const char *file, int line)
{
312
313
314
315
316
317
318
319

320
321
322
323
324
325
326
266
267
268
269
270
271
272

273
274
275
276
277
278
279
280







-
+







    int length;
    SSL   *ssl		= (SSL*)X509_STORE_CTX_get_app_data(ctx);
    X509  *cert		= X509_STORE_CTX_get_current_cert(ctx);
    State *statePtr	= (State*)SSL_get_app_data(ssl);
    int depth		= X509_STORE_CTX_get_error_depth(ctx);
    int err		= X509_STORE_CTX_get_error(ctx);

    dprintf(stderr, "Verify: %d\n", ok);
    dprintf("Verify: %d", ok);

    if (!ok) {
	errStr = (char*)X509_verify_cert_error_string(err);
    } else {
	errStr = (char *)0;
    }

361
362
363
364
365
366
367
368

369
370
371
372
373
374
375
315
316
317
318
319
320
321

322
323
324
325
326
327
328
329







-
+







	/* It got an error - reject the certificate.		*/
	Tcl_BackgroundError( statePtr->interp);
	ok = 0;
    } else {
	result = Tcl_GetObjResult(statePtr->interp);
	string = Tcl_GetStringFromObj(result, &length);
	/* An empty result leaves verification unchanged.	*/
	if (length > 0) {
	if (string != NULL && length > 0) {
	    if (Tcl_GetIntFromObj(statePtr->interp, result, &ok) != TCL_OK) {
		Tcl_BackgroundError(statePtr->interp);
		ok = 0;
	    }
	}
    }
    Tcl_DecrRefCount( cmdPtr);
760
761
762
763
764
765
766



767




768




769

770
771
772
773
774
775
776
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742







+
+
+

+
+
+
+

+
+
+
+

+







    int ssl2 = 1;
#endif
#if defined(NO_SSL3)
    int ssl3 = 0;
#else
    int ssl3 = 1;
#endif
#if defined(NO_TLS1)
    int tls1 = 0;
#else
    int tls1 = 1;
#endif
#if defined(NO_TLS1_1)
    int tls1_1 = 0;
#else
    int tls1_1 = 1;
#endif
#if defined(NO_TLS1_2)
    int tls1_2 = 0;
#else
    int tls1_2 = 1;
#endif
    int proto = 0;
    int verify = 0, require = 0, request = 1;

    if (objc < 2) {
	Tcl_WrongNumArgs(interp, 1, objv, "channel ?options?");
	return TCL_ERROR;
    }
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534







1535
1536
1537
1538
1539
1540
1541
1487
1488
1489
1490
1491
1492
1493







1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507







-
-
-
-
-
-
-
+
+
+
+
+
+
+







		ASN1_INTEGER_set(X509_get_serialNumber(cert),serial);
		X509_gmtime_adj(X509_get_notBefore(cert),0);
		X509_gmtime_adj(X509_get_notAfter(cert),(long)60*60*24*days);
		X509_set_pubkey(cert,pkey);
		
		name=X509_get_subject_name(cert);

		X509_NAME_add_entry_by_txt(name,"C", MBSTRING_ASC, k_C, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"ST", MBSTRING_ASC, k_ST, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"L", MBSTRING_ASC, k_L, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"O", MBSTRING_ASC, k_O, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"OU", MBSTRING_ASC, k_OU, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, k_CN, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"Email", MBSTRING_ASC, k_Email, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"C", MBSTRING_ASC, (unsigned char *) k_C, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"ST", MBSTRING_ASC, (unsigned char *) k_ST, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"L", MBSTRING_ASC, (unsigned char *) k_L, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"O", MBSTRING_ASC, (unsigned char *) k_O, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"OU", MBSTRING_ASC, (unsigned char *) k_OU, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"CN", MBSTRING_ASC, (unsigned char *) k_CN, -1, -1, 0);
		X509_NAME_add_entry_by_txt(name,"Email", MBSTRING_ASC, (unsigned char *) k_Email, -1, -1, 0);

		X509_set_subject_name(cert,name);

		if (!X509_sign(cert,pkey,EVP_md5())) {
		    X509_free(cert);
		    EVP_PKEY_free(pkey);
		    Tcl_SetResult(interp,"Error signing certificate",NULL);
1615
1616
1617
1618
1619
1620
1621
1622

1623
1624
1625
1626
1627

1628
1629
1630
1631
1632
1633
1634
1581
1582
1583
1584
1585
1586
1587

1588
1589
1590
1591
1592

1593
1594
1595
1596
1597
1598
1599
1600







-
+




-
+







    if (statePtr->timer != (Tcl_TimerToken) NULL) {
	Tcl_DeleteTimerHandler(statePtr->timer);
	statePtr->timer = NULL;
    }

    if (statePtr->bio) {
	/* This will call SSL_shutdown. Bug 1414045 */
	dprintf(stderr, "BIO_free_all(%p)\n", statePtr->bio);
	dprintf("BIO_free_all(%p)", statePtr->bio);
	BIO_free_all(statePtr->bio);
	statePtr->bio = NULL;
    }
    if (statePtr->ssl) {
	dprintf(stderr, "SSL_free(%p)\n", statePtr->ssl);
	dprintf("SSL_free(%p)", statePtr->ssl);
	SSL_free(statePtr->ssl);
	statePtr->ssl = NULL;
    }
    if (statePtr->ctx) {
	SSL_CTX_free(statePtr->ctx);
	statePtr->ctx = NULL;
    }
1658
1659
1660
1661
1662
1663
1664




1665
1666
1667
1668
1669
1670
1671
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641







+
+
+
+







 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
					 * to be made available. */
{
    const char tlsTclInitScript[] = {
#include "tls.tcl.h"
    };

    int major, minor, patchlevel, release;

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
1717
1718
1719
1720
1721
1722
1723




1724

1725
1726
1727
1728
1729
1730
1731
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697

1698
1699
1700
1701
1702
1703
1704
1705







+
+
+
+
-
+








    Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    if (interp) {
        Tcl_Eval(interp, tlsTclInitScript);
    }

    return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION);
    return Tcl_PkgProvide(interp, "tls", PACKAGE_VERSION);
}

/*
 *------------------------------------------------------*
 *
 *	Tls_SafeInit --
 *
1763
1764
1765
1766
1767
1768
1769
1770
1771


1772
1773
1774
1775






1776
1777
1778
1779
1780

1781
1782
1783
1784
1785
1786
1787
1788
1789
1737
1738
1739
1740
1741
1742
1743


1744
1745

1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757


1758


1759
1760
1761
1762
1763
1764
1765







-
-
+
+
-



+
+
+
+
+
+



-
-
+
-
-







 *		initilizes SSL library
 *
 *	Result:
 *		none
 *
 *------------------------------------------------------*
 */
static int
TlsLibInit ()
static int TlsLibInit (void) {
    static int initialized = 0;
{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status=TCL_OK;

    if (initialized) {
        return status;
    }
    initialized = 1;

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;

    if (!initialized) {
	Tcl_MutexLock(&init_mx);
    Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;
#endif

	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }
1820
1821
1822
1823
1824
1825
1826
1827
1828

1829
1830
1831
1832
1833
1834
1835
1796
1797
1798
1799
1800
1801
1802


1803
1804
1805
1806
1807

1808
1809







-
-
+




-


	    srand((unsigned int) time((time_t *) NULL));
	    do {
		for (i = 0; i < 16; i++) {
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}
    	done:
done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	Tcl_MutexUnlock(&init_mx);
#endif
    }
    return status;
}
Modified tls.h from [dc96a1623e] to [6362c4c989].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.h,v 1.2 2000/01/20 01:59:38 aborr Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
Modified tls.tcl from [3192efd07b] to [90f08f912e].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> 
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.tcl,v 1.14 2015/07/07 17:16:03 andreas_kupries Exp $
#
namespace eval tls {
    variable logcmd tclLog
    variable debug 0
 
    # Default flags passed to tls::import
    variable defaults {}

Modified tlsBIO.c from [66eac232ea] to [4953796f1e].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39










40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65


66
67
68
69
70
71
72
73
74


75
76
77
78
79
80
81
1
2
3


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19












20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44






45
46
47
48
49
50
51
52
53


54
55
56
57
58
59
60
61
62


63
64
65
66
67
68
69
70
71



-
-
















-
-
-
-
-
-
-
-
-
-
-
-






+
+
+
+
+
+
+
+
+
+









-
-
-
-
-
-









-
-
+
+







-
-
+
+







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsBIO.c,v 1.8 2004/03/24 05:22:53 razzell Exp $
 *
 * Provides BIO layer to interface openssl to Tcl.
 */

#include "tlsInt.h"

/*
 * Forward declarations
 */

static int BioWrite	_ANSI_ARGS_ ((BIO *h, CONST char *buf, int num));
static int BioRead	_ANSI_ARGS_ ((BIO *h, char *buf, int num));
static int BioPuts	_ANSI_ARGS_ ((BIO *h, CONST char *str));
static long BioCtrl	_ANSI_ARGS_ ((BIO *h, int cmd, long arg1, void *ptr));
static int BioNew	_ANSI_ARGS_ ((BIO *h));
static int BioFree	_ANSI_ARGS_ ((BIO *h));


static BIO_METHOD BioMethods = {
    BIO_TYPE_TCL, "tcl",
    BioWrite,
    BioRead,
    BioPuts,
    NULL,	/* BioGets */
    BioCtrl,
    BioNew,
    BioFree,
};

BIO *
BIO_new_tcl(statePtr, flags)
    State *statePtr;
    int flags;
{
    BIO *bio;
    static BIO_METHOD BioMethods = {
        .type = BIO_TYPE_TCL,
	.name = "tcl",
        .bwrite = BioWrite,
        .bread = BioRead,
        .bputs = BioPuts,
        .ctrl = BioCtrl,
        .create = BioNew,
        .destroy = BioFree,
    };

    bio			= BIO_new(&BioMethods);
    bio->ptr		= (char*)statePtr;
    bio->init		= 1;
    bio->shutdown	= flags;

    return bio;
}

BIO_METHOD *
BIO_s_tcl()
{
    return &BioMethods;
}

static int
BioWrite (bio, buf, bufLen)
    BIO *bio;
    CONST char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)(bio->ptr));
    int ret;

    dprintf(stderr,"\nBioWrite(0x%x, <buf>, %d) [0x%x]",
	    (unsigned int) bio, bufLen, (unsigned int) chan);
    dprintf("BioWrite(%p, <buf>, %d) [%p]",
	    (void *) bio, bufLen, (void *) chan);

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	ret = Tcl_WriteRaw(chan, buf, bufLen);
    } else {
	ret = Tcl_Write(chan, buf, bufLen);
    }

    dprintf(stderr,"\n[0x%x] BioWrite(%d) -> %d [%d.%d]",
	    (unsigned int) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
    dprintf("[%p] BioWrite(%d) -> %d [%d.%d]",
	    (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());

    BIO_clear_flags(bio, BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);

    if (ret == 0) {
	if (!Tcl_Eof(chan)) {
	    BIO_set_retry_write(bio);
	    ret = -1;
92
93
94
95
96
97
98
99
100


101
102
103
104
105
106
107
108
109
110
111


112
113
114
115
116
117
118
82
83
84
85
86
87
88


89
90
91
92
93
94
95
96
97
98
99


100
101
102
103
104
105
106
107
108







-
-
+
+









-
-
+
+







    BIO *bio;
    char *buf;
    int bufLen;
{
    Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
    int ret = 0;

    dprintf(stderr,"\nBioRead(0x%x, <buf>, %d) [0x%x]",
	    (unsigned int) bio, bufLen, (unsigned int) chan);
    dprintf("BioRead(%p, <buf>, %d) [%p]",
	    (void *) bio, bufLen, (void *) chan);

    if (buf == NULL) return 0;

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	ret = Tcl_ReadRaw(chan, buf, bufLen);
    } else {
	ret = Tcl_Read(chan, buf, bufLen);
    }

    dprintf(stderr,"\n[0x%x] BioRead(%d) -> %d [%d.%d]",
	    (unsigned int) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());
    dprintf("[%p] BioRead(%d) -> %d [%d.%d]",
	    (void *) chan, bufLen, ret, Tcl_Eof(chan), Tcl_GetErrno());

    BIO_clear_flags(bio, BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);

    if (ret == 0) {
	if (!Tcl_Eof(chan)) {
	    BIO_set_retry_read(bio);
	    ret = -1;
139
140
141
142
143
144
145
146
147
148



149
150
151
152
153
154
155
129
130
131
132
133
134
135



136
137
138
139
140
141
142
143
144
145







-
-
-
+
+
+







    long num;
    void *ptr;
{
    Tcl_Channel chan = Tls_GetParent((State*)bio->ptr);
    long ret = 1;
    int *ip;

    dprintf(stderr,"\nBioCtrl(0x%x, 0x%x, 0x%x, 0x%x)",
	    (unsigned int) bio, (unsigned int) cmd, (unsigned int) num,
	    (unsigned int) ptr);
    dprintf("BioCtrl(%p, 0x%x, 0x%x, %p)",
	    (void *) bio, (unsigned int) cmd, (unsigned int) num,
	    (void *) ptr);

    switch (cmd) {
    case BIO_CTRL_RESET:
	num = 0;
    case BIO_C_FILE_SEEK:
    case BIO_C_FILE_TELL:
	ret = 0;
178
179
180
181
182
183
184
185

186
187
188
189
190

191
192
193
194
195
196
197
198

199
200
201
202
203
204
205
168
169
170
171
172
173
174

175
176
177
178
179

180
181
182
183
184
185
186
187

188
189
190
191
192
193
194
195







-
+




-
+







-
+







    case BIO_CTRL_GET_CLOSE:
	ret = bio->shutdown;
	break;
    case BIO_CTRL_SET_CLOSE:
	bio->shutdown = (int)num;
	break;
    case BIO_CTRL_EOF:
	dprintf(stderr, "BIO_CTRL_EOF\n");
	dprintf("BIO_CTRL_EOF");
	ret = Tcl_Eof(chan);
	break;
    case BIO_CTRL_PENDING:
	ret = (Tcl_InputBuffered(chan) ? 1 : 0);
	dprintf(stderr, "BIO_CTRL_PENDING(%d)\n", (int) ret);
	dprintf("BIO_CTRL_PENDING(%d)", (int) ret);
	break;
    case BIO_CTRL_WPENDING:
	ret = 0;
	break;
    case BIO_CTRL_DUP:
	break;
    case BIO_CTRL_FLUSH:
	dprintf(stderr, "BIO_CTRL_FLUSH\n");
	dprintf("BIO_CTRL_FLUSH");
	if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	    ret = ((Tcl_WriteRaw(chan, "", 0) >= 0) ? 1 : -1);
	} else {
	    ret = ((Tcl_Flush(chan) == TCL_OK) ? 1 : -1);
	}
	break;
    default:
Modified tlsIO.c from [ed5e46f5ea] to [6426f40f98].
1
2
3
4
5
6
7
8
9
10
11
12
13
1
2
3
4


5
6
7
8
9
10
11




-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.19 2015/06/06 09:07:08 apnadkarni Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
282
283
284
285
286
287
288
289

290
291
292
293
294
295
296
280
281
282
283
284
285
286

287
288
289
290
291
292
293
294







-
+







 */
static int
TlsCloseProc(ClientData instanceData,	/* The socket to close. */
             Tcl_Interp *interp)	/* For error reporting - unused. */
{
    State *statePtr = (State *) instanceData;

    dprintf(stderr,"\nTlsCloseProc(0x%x)", (unsigned int) statePtr);
    dprintf("TlsCloseProc(%p)", (void *) statePtr);

    if (channelTypeVersion == TLS_CHANNEL_VERSION_1) {
	/*
	 * Remove event handler to underlying channel, this could
	 * be because we are closing for real, or being "unstacked".
	 */

330
331
332
333
334
335
336
337

338
339
340
341
342
343
344
328
329
330
331
332
333
334

335
336
337
338
339
340
341
342







-
+







	int *errorCodePtr)		/* Where to store error code. */
{
    State *statePtr = (State *) instanceData;
    int bytesRead;			/* How many bytes were read? */

    *errorCodePtr = 0;

    dprintf(stderr,"\nBIO_read(%d)", bufSize);
    dprintf("BIO_read(%d)", bufSize);

    if (statePtr->flags & TLS_TCL_CALLBACK) {
       /* don't process any bytes while verify callback is running */
       bytesRead = 0;
       goto input;
    }

365
366
367
368
369
370
371
372

373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390
391
392
393

394
395
396
397
398
399
400
363
364
365
366
367
368
369

370
371
372
373
374
375
376
377
378

379
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398







-
+








-
+











-
+







     * Alternatively, we may want to handle the <0 return codes from
     * BIO_read specially (as advised in the RSA docs).  TLS's lower level BIO
     * functions play with the retry flags though, and this seems to work
     * correctly.  Similar fix in TlsOutputProc. - hobbs
     */
    ERR_clear_error();
    bytesRead = BIO_read(statePtr->bio, buf, bufSize);
    dprintf(stderr,"\nBIO_read -> %d", bytesRead);
    dprintf("BIO_read -> %d", bytesRead);

    if (bytesRead < 0) {
	int err = SSL_get_error(statePtr->ssl, bytesRead);

	if (err == SSL_ERROR_SSL) {
	    Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, bytesRead));
	    *errorCodePtr = ECONNABORTED;
	} else if (BIO_should_retry(statePtr->bio)) {
	    dprintf(stderr,"RE! ");
	    dprintf("RE! ");
	    *errorCodePtr = EAGAIN;
	} else {
	    *errorCodePtr = Tcl_GetErrno();
	    if (*errorCodePtr == ECONNRESET) {
		/* Soft EOF */
		*errorCodePtr = 0;
		bytesRead = 0;
	    }
	}
    }
    input:
    dprintf(stderr, "\nInput(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
    dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr);
    return bytesRead;
}

/*
 *-------------------------------------------------------------------
 *
 * TlsOutputProc --
419
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445

446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464


465
466
467
468
469
470
471
472
473
474

475
476
477

478
479
480

481
482
483

484
485
486
487
488

489
490
491
492
493
494
495
496
497
498

499
500
501
502
503

504
505
506
507
508
509
510
417
418
419
420
421
422
423

424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442

443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460


461
462
463
464
465
466
467
468
469
470
471

472
473
474

475
476
477

478
479
480

481
482
483
484
485

486
487
488
489
490
491
492
493
494
495

496
497
498
499
500

501
502
503
504
505
506
507
508







-
+


















-
+

















-
-
+
+









-
+


-
+


-
+


-
+




-
+









-
+




-
+







              int *errorCodePtr)	/* Where to store error code. */
{
    State *statePtr = (State *) instanceData;
    int written, err;

    *errorCodePtr = 0;

    dprintf(stderr,"\nBIO_write(0x%x, %d)", (unsigned int) statePtr, toWrite);
    dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite);

    if (statePtr->flags & TLS_TCL_CALLBACK) {
       /* don't process any bytes while verify callback is running */
       written = -1;
       *errorCodePtr = EAGAIN;
       goto output;
    }

    if (!SSL_is_init_finished(statePtr->ssl)) {
	written = Tls_WaitForConnect(statePtr, errorCodePtr);
	if (written <= 0) {
	    goto output;
	}
    }
    if (statePtr->flags & TLS_TCL_INIT) {
	statePtr->flags &= ~(TLS_TCL_INIT);
    }
    if (toWrite == 0) {
	dprintf(stderr, "zero-write\n");
	dprintf("zero-write");
	BIO_flush(statePtr->bio);
	written = 0;
	goto output;
    } else {
	/*
	 * We need to clear the SSL error stack now because we sometimes reach
	 * this function with leftover errors in the stack.  If BIO_write
	 * returns -1 and intends EAGAIN, there is a leftover error, it will be
	 * misconstrued as an error, not EAGAIN.
	 *
	 * Alternatively, we may want to handle the <0 return codes from
	 * BIO_write specially (as advised in the RSA docs).  TLS's lower level
	 * BIO functions play with the retry flags though, and this seems to
	 * work correctly.  Similar fix in TlsInputProc. - hobbs
	 */
	ERR_clear_error();
	written = BIO_write(statePtr->bio, buf, toWrite);
	dprintf(stderr,"\nBIO_write(0x%x, %d) -> [%d]",
		(unsigned int) statePtr, toWrite, written);
	dprintf("BIO_write(%p, %d) -> [%d]",
		(void *) statePtr, toWrite, written);
    }
    if (written <= 0) {
	switch ((err = SSL_get_error(statePtr->ssl, written))) {
	    case SSL_ERROR_NONE:
		if (written < 0) {
		    written = 0;
		}
		break;
	    case SSL_ERROR_WANT_WRITE:
		dprintf(stderr," write W BLOCK");
		dprintf(" write W BLOCK");
		break;
	    case SSL_ERROR_WANT_READ:
		dprintf(stderr," write R BLOCK");
		dprintf(" write R BLOCK");
		break;
	    case SSL_ERROR_WANT_X509_LOOKUP:
		dprintf(stderr," write X BLOCK");
		dprintf(" write X BLOCK");
		break;
	    case SSL_ERROR_ZERO_RETURN:
		dprintf(stderr," closed\n");
		dprintf(" closed");
		written = 0;
		break;
	    case SSL_ERROR_SYSCALL:
		*errorCodePtr = Tcl_GetErrno();
		dprintf(stderr," [%d] syscall errr: %d",
		dprintf(" [%d] syscall errr: %d",
			written, *errorCodePtr);
		written = -1;
		break;
	    case SSL_ERROR_SSL:
		Tls_Error(statePtr, SSL_ERROR(statePtr->ssl, written));
		*errorCodePtr = ECONNABORTED;
		written = -1;
		break;
	    default:
		dprintf(stderr," unknown err: %d\n", err);
		dprintf(" unknown err: %d", err);
		break;
	}
    }
    output:
    dprintf(stderr, "\nOutput(%d) -> %d", toWrite, written);
    dprintf("Output(%d) -> %d", toWrite, written);
    return written;
}

/*
 *-------------------------------------------------------------------
 *
 * TlsGetOptionProc --
549
550
551
552
553
554
555

556
557
558
559
560
561
562
563
564
565
566
567
568
547
548
549
550
551
552
553
554
555
556
557
558
559

560
561
562
563
564
565
566







+





-







	    return TCL_OK;
	}
	/*
	 * Request for a specific option has to fail, we don't have any.
	 */
	return TCL_ERROR;
    } else {
#if 0
	size_t len = 0;

	if (optionName != (char *) NULL) {
	    len = strlen(optionName);
	}
#if 0
	if ((len == 0) || ((len > 1) && (optionName[1] == 'c') &&
		(strncmp(optionName, "-cipher", len) == 0))) {
	    if (len == 0) {
		Tcl_DStringAppendElement(dsPtr, "-cipher");
	    }
	    Tcl_DStringAppendElement(dsPtr, SSL_get_cipher(statePtr->ssl));
	    if (len) {
595
596
597
598
599
600
601
602

603
604
605
606
607
608
609
593
594
595
596
597
598
599

600
601
602
603
604
605
606
607







-
+







TlsWatchProc(ClientData instanceData,	/* The socket state. */
             int mask)			/* Events of interest; an OR-ed
                                         * combination of TCL_READABLE,
                                         * TCL_WRITABLE and TCL_EXCEPTION. */
{
    State *statePtr = (State *) instanceData;

    dprintf(stderr, "TlsWatchProc(0x%x)\n", mask);
    dprintf("TlsWatchProc(0x%x)", mask);

    /* Pretend to be dead as long as the verify callback is running. 
     * Otherwise that callback could be invoked recursively. */
    if (statePtr->flags & TLS_TCL_CALLBACK) { return; }

    if (channelTypeVersion == TLS_CHANNEL_VERSION_2) {
	Tcl_Channel     downChan;
774
775
776
777
778
779
780
781

782
783
784
785
786
787
788
772
773
774
775
776
777
778

779
780
781
782
783
784
785
786







-
+







static void
TlsChannelHandler (clientData, mask)
    ClientData     clientData;
    int            mask;
{
    State *statePtr = (State *) clientData;

dprintf(stderr, "HANDLER(0x%x)\n", mask);
    dprintf("HANDLER(0x%x)", mask);
    Tcl_Preserve( (ClientData)statePtr);

    if (mask & TCL_READABLE) {
	BIO_set_flags(statePtr->p_bio, BIO_FLAGS_READ);
    } else {
	BIO_clear_flags(statePtr->p_bio, BIO_FLAGS_READ);
    }
883
884
885
886
887
888
889
890

891
892
893
894
895
896
897
881
882
883
884
885
886
887

888
889
890
891
892
893
894
895







-
+







int
Tls_WaitForConnect( statePtr, errorCodePtr)
    State *statePtr;
    int *errorCodePtr;		/* Where to store error code. */
{
    int err;

    dprintf(stderr,"\nWaitForConnect(0x%x)", (unsigned int) statePtr);
    dprintf("WaitForConnect(%p)", (void *) statePtr);

    if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
        /*
         * We choose ECONNRESET over ECONNABORTED here because some server
         * side code, on the wiki for example, sets up a read handler that
         * does a read and if eof closes the channel. There is no catch/try
         * around the reads so exceptions will result in potentially many
922
923
924
925
926
927
928
929

930
931
932
933
934
935
936
937
938
939

940
941
942
943
944
945
946
947
948
949
950
951
952
953
954

955
956
957

958
959
960
961
962
963
964
920
921
922
923
924
925
926

927
928
929
930
931
932
933
934
935
936

937
938
939
940
941
942
943
944
945
946
947
948
949
950
951

952
953
954

955
956
957
958
959
960
961
962







-
+









-
+














-
+


-
+







		Tls_Error(statePtr,
			(char *)ERR_reason_error_string(ERR_get_error()));
                statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
		*errorCodePtr = ECONNABORTED;
		return -1;
	    } else if (BIO_should_retry(statePtr->bio)) {
		if (statePtr->flags & TLS_TCL_ASYNC) {
		    dprintf(stderr,"E! ");
		    dprintf("E! ");
		    *errorCodePtr = EAGAIN;
		    return -1;
		} else {
		    continue;
		}
	    } else if (err == 0) {
                if (Tcl_Eof(statePtr->self)) {
                    return 0;
                }
		dprintf(stderr,"CR! ");
		dprintf("CR! ");
		*errorCodePtr = ECONNRESET;
		return -1;
	    }
	    if (statePtr->flags & TLS_TCL_SERVER) {
		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {
		    Tls_Error(statePtr,
			    (char *)X509_verify_cert_error_string(err));
                    statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
		    *errorCodePtr = ECONNABORTED;
		    return -1;
		}
	    }
	    *errorCodePtr = Tcl_GetErrno();
	    dprintf(stderr,"ERR(%d, %d) ", rc, *errorCodePtr);
	    dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
	    return -1;
	}
	dprintf(stderr,"R0! ");
	dprintf("R0! ");
	return 1;
    }
}

Tcl_Channel
Tls_GetParent( statePtr )
    State *statePtr;
Modified tlsInt.h from [aca790a765] to [3735faccfa].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44








45
46
47
48
49
50
51
52
53
54
55
56

57
58



59
60

61
62



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82


83
84

85
86
87
88
89
90
91
1
2
3


4
5
6
7
8
9
10
11
12
13
14
15
16
17

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36






37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57


58
59
60
61
62
63


64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84


85
86
87

88
89
90
91
92
93
94
95



-
-














-
+


















-
-
-
-
-
-
+
+
+
+
+
+
+
+












+
-
-
+
+
+


+
-
-
+
+
+


















-
-
+
+

-
+







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsInt.h,v 1.17 2015/06/06 09:07:08 apnadkarni Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
 * to enhance it to support full fileevent semantics.
 *
 * Also work done by the follow people provided the impetus to do this "right":-
 *	tclSSL (Colin McCormack, Shared Technology)
 *	SSLtcl (Peter Antman)
 *
 */
#ifndef _TSLINT_H
#ifndef _TLSINT_H
#define _TLSINT_H

#include "tls.h"
#include <errno.h>
#include <string.h>

#ifdef __WIN32__
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h> /* OpenSSL needs this on Windows */
#endif

/* Handle tcl8.3->tcl8.4 CONST changes */
#ifndef CONST84
#define CONST84
#endif

#ifdef NO_PATENTS
#define NO_IDEA
#define NO_RC2
#define NO_RC4
#define NO_RC5
#define NO_RSA
#define NO_SSL2
#  define NO_IDEA
#  define NO_RC2
#  define NO_RC4
#  define NO_RC5
#  define NO_RSA
#  ifndef NO_SSL2
#    define NO_SSL2
#  endif
#endif

#ifdef BSAFE
#include <ssl.h>
#include <err.h>
#include <rand.h>
#else
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#endif

#ifndef NO_TLS1_1
#ifndef SSL_OP_NO_TLSv1_1
#define NO_TLS1_1
#  ifndef SSL_OP_NO_TLSv1_1
#    define NO_TLS1_1
#  endif
#endif

#ifndef NO_TLS1_2
#ifndef SSL_OP_NO_TLSv1_2
#define NO_TLS1_2
#  ifndef SSL_OP_NO_TLSv1_2
#    define NO_TLS1_2
#  endif
#endif

#ifdef TCL_STORAGE_CLASS
# undef TCL_STORAGE_CLASS
#endif
#ifdef BUILD_tls
# define TCL_STORAGE_CLASS DLLEXPORT
#else
# define TCL_STORAGE_CLASS DLLIMPORT
#endif
 
#ifndef ECONNABORTED
#define ECONNABORTED	130	/* Software caused connection abort */
#endif
#ifndef ECONNRESET
#define ECONNRESET	131	/* Connection reset by peer */
#endif

#ifdef DEBUG
#define dprintf fprintf
#ifdef TCLEXT_TCLTLS_DEBUG
#define dprintf(...) { fprintf(stderr, "%s:%i:", __func__, __LINE__); fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#else
#define dprintf if (0) fprintf
#define dprintf(...) if (0) { fprintf(stderr, __VA_ARGS__); }
#endif

#define SSL_ERROR(ssl,err)	\
    ((char*)ERR_reason_error_string((unsigned long)SSL_get_error((ssl),(err))))
/*
 * OpenSSL BIO Routines
 */
252
253
254
255
256
257
258
259
260
261
262
256
257
258
259
260
261
262

263
264
265







-



EXTERN Tcl_Obj*		Tls_NewX509Obj _ANSI_ARGS_ (( Tcl_Interp *interp, X509 *cert));
EXTERN void		Tls_Error _ANSI_ARGS_ ((State *statePtr, char *msg));
EXTERN void		Tls_Free _ANSI_ARGS_ ((char *blockPtr));
EXTERN void		Tls_Clean _ANSI_ARGS_ ((State *statePtr));
EXTERN int		Tls_WaitForConnect _ANSI_ARGS_(( State *statePtr,
							int *errorCodePtr));

EXTERN BIO_METHOD *	BIO_s_tcl _ANSI_ARGS_((void));
EXTERN BIO *		BIO_new_tcl _ANSI_ARGS_((State* statePtr, int flags));

#endif /* _TLSINT_H */
Modified tlsX509.c from [24e0063023] to [a24085972c].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <matt@sensus.org>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.5 2004/06/29 10:58:08 patthoyts Exp $
 */
#include "tlsInt.h"

/*
 *  Ensure these are not macros - known to be defined on Win32 
 */
#ifdef min
Deleted win/makefile.vc version [91ee39841d].
Deleted win/nmakehlp.c version [892a643209].
Deleted win/rules.vc version [ead277b0fc].
Deleted win/tls.rc version [93d9423ff3].