Changes On Branch db17641211e35017

Changes In Branch tls-1-7 Through [db17641211] Excluding Merge-Ins

This is equivalent to a diff from 6aedc8c1b5 to db17641211

2016-12-08
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
2016-11-30
13:49
Removed unneeded setting of auto_path (set from all.tcl) check-in: 8695903dbb user: rkeene tags: tls-1-7
2016-11-29
23:49
Ignore static target check-in: db17641211 user: rkeene tags: tls-1-7
23:47
Ignore generated file check-in: a5ce94c94d user: rkeene tags: tls-1-7
2016-11-22
22:07
Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk
21:36
Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix
17:58
Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded
17:58
Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile
17:58
Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate
2015-07-07
17:16
Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk

Added HEADER version [786e922403].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17


18
19
20
21
22

23
24
25
26

27
28
29
30
31

32
33

34
35
36
37

38
39

40
41
42
43

44
45
46
47
48
49

50
51
52
53
54
55
56
57

58
59
60
61
62

63
64
65
66

67
68
69
70
71
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120

121
122
123
124
125
126
127
128
129

130
131

132
133
134
135
136

137
138

139
140
141
142
143
144

145
146
147
148

149
150
151
152
153
154

155
156
157
158

159
160
161
162
163
164
165

166
167

168
169

170
171

172
173

174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

214
215
216

217
218

219
220
221
222
223
224
225
226
227
228

229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

249
250

251
252
253

254
255

256
257
258
259
260
261
262
263
264

265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280

281
282
283
284

285
286

287
288
289

290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

319
320
321
322

323
324
325

326
327

328
329
330
331
332
333
334
335
336
337
338
339

340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

382
383
384
385
386
387
388
389
390

391
392

393
394
395
396
397


398
399

400
401
402
403

404
405
406
407
408
409
410

411
412
413

















1
2





3




4





5


6




7


8




9






10




11



12


13


14




15






16








































17



18




19









20


21

22



23


24






25




26






27

28


29







30


31


32


33


34




































35



36



37


38










39




40















41


42



43


44





45



46
















47




48


49



50

























51



52




53



54


55












56



































57






58









59


60





61
62


63




64




65


66



-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
+
-
-
+
-
-
-
-
+
-
-
+
-
-
-
-
+
-
-
-
-
-
-
+
-
-
-
-

-
-
-
+
-
-

-
-
+
-
-
-
-
+
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
-
-
+
-
-
+
-

-
-
-
+
-
-
+
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
+
-

-
-
+
-
-
-
-
-
-
-
+
-
-
+
-
-
+
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
+
-
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-

-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
-
+
-
-
+
-
-
-
-
-

-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
+
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
+
-
-
-
-
+
-
-
-
+
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
+
-
-
+
-
-
-
-
-
+
+
-
-
+
-
-
-
-
+
-
-
-
-

-
-
+
-
-
-
# Makefile.in --
#
# This file is a Makefile for the tls Tcl extension.  If it has the name
# "Makefile.in" then it is a template for a Makefile;  to generate the
# actual Makefile, run "./configure", which is a configuration script
# generated by the "autoconf" program (constructs like "@foo@" will get
# replaced in the actual Makefile.
#
# Copyright (c) 1999-2000 Ajuba Solutions.
# All rights reserved.
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
# RCS: @(#) $Id: Makefile.in,v 1.29 2010/08/12 01:28:06 hobbs2 Exp $


CC = @CC@
AR = @AR@
#========================================================================
# Enumerate the names of the source files included in this package.
# This will be used when a dist target is added to the Makefile.
#========================================================================

CFLAGS = @CFLAGS@ @SHOBJFLAGS@
PKG_SOURCES	= tls.c tlsIO.c tlsBIO.c tlsX509.c fixstrtod.c
PKG_OBJECTS	= tls.$(OBJEXT) tlsIO.$(OBJEXT) tlsBIO.$(OBJEXT) \
		  tlsX509.$(OBJEXT) fixstrtod.$(OBJEXT)

CPPFLAGS = @CPPFLAGS@ -I@srcdir@ @DEFS@
#========================================================================
# RUNTIME_SOURCES identifies Tcl runtime files that are associated with
# this package that need to be installed, if any.
#========================================================================

LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@
PKG_TCL_SOURCES	= tls.tcl

LIBS = @LIBS@
#========================================================================
# This is a list of header files to be installed
#========================================================================

INSTALL = @INSTALL@
PKG_HEADERS	= tls.h

PACKAGE_VERSION = @PACKAGE_VERSION@
#========================================================================
# Variables and AC_SUBST cases added for tls.
#========================================================================

TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@
SSL_DIR			= @SSL_DIR@
SSL_LIB_DIR 		= @SSL_LIB_DIR@
SSL_INCLUDE_DIR 	= @SSL_INCLUDE_DIR@
SSL_INCLUDE_DIR_NATIVE	= @SSL_INCLUDE_DIR_NATIVE@
SSL_INCLUDES 		= -I$(SSL_INCLUDE_DIR_NATIVE)

PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)
#========================================================================
# "PKG_LIB_FILE" refers to the library (dynamic or static as per
# configuration options) composed of the named objects.
#========================================================================

PKG_LIB_FILE	= @PKG_LIB_FILE@
PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@

all: @EXTENSION_TARGET@
lib_BINARIES	= $(PKG_LIB_FILE)
BINARIES	= $(lib_BINARIES)

SHELL		= @SHELL@

# The shared object target
srcdir		= @srcdir@
prefix		= @prefix@
exec_prefix	= @exec_prefix@

tcltls.@SHOBJEXT@: tls.o tlsBIO.o tlsIO.o tlsX509.o
bindir		= @bindir@
libdir		= @libdir@
datadir		= @datadir@
mandir		= @mandir@
includedir	= @includedir@

	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tcltls.@SHOBJEXT@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)
DESTDIR		=

PKG_DIR		= $(PACKAGE_NAME)$(PACKAGE_VERSION)
pkgdatadir	= $(datadir)/$(PKG_DIR)
pkglibdir	= $(libdir)/$(PKG_DIR)
pkgincludedir	= $(includedir)/$(PKG_DIR)

top_builddir	= .

INSTALL		= @INSTALL@
INSTALL_PROGRAM	= @INSTALL_PROGRAM@
INSTALL_DATA	= @INSTALL_DATA@
INSTALL_SCRIPT	= @INSTALL_SCRIPT@

PACKAGE_NAME	= @PACKAGE_NAME@
PACKAGE_VERSION	= @PACKAGE_VERSION@
CC		= @CC@
CFLAGS_DEFAULT	= @CFLAGS_DEFAULT@
CFLAGS_WARNING	= @CFLAGS_WARNING@
CLEANFILES	= @CLEANFILES@
EXEEXT		= @EXEEXT@
LDFLAGS_DEFAULT	= @LDFLAGS_DEFAULT@
MAKE_LIB	= @MAKE_LIB@
MAKE_SHARED_LIB	= @MAKE_SHARED_LIB@
MAKE_STATIC_LIB	= @MAKE_STATIC_LIB@
MAKE_STUB_LIB	= @MAKE_STUB_LIB@
OBJEXT		= @OBJEXT@
RANLIB		= @RANLIB@
RANLIB_STUB	= @RANLIB_STUB@
SHLIB_CFLAGS	= @SHLIB_CFLAGS@
SHLIB_LD	= @SHLIB_LD@
SHLIB_LD_LIBS	= @SHLIB_LD_LIBS@
STLIB_LD	= @STLIB_LD@
TCL_DEFS	= @TCL_DEFS@
TCL_BIN_DIR	= @TCL_BIN_DIR@
TCL_SRC_DIR	= @TCL_SRC_DIR@
# This is necessary for packages that use private Tcl headers
#TCL_TOP_DIR_NATIVE	= @TCL_TOP_DIR_NATIVE@
# Not used, but retained for reference of what libs Tcl required
TCL_LIBS	= @TCL_LIBS@

#========================================================================
# TCLLIBPATH seeds the auto_path in Tcl's init.tcl so we can test our
# package without installing.  The other environment variables allow us
# The static target
# to test against an uninstalled Tcl.  Add special env vars that you
# require for testing here (like TCLX_LIBRARY).
#========================================================================

tcltls.a: tls.o tlsBIO.o tlsIO.o tlsX509.o
EXTRA_PATH	= $(top_builddir):$(TCL_BIN_DIR)
TCLSH_ENV	= TCL_LIBRARY=`@CYGPATH@ $(TCL_SRC_DIR)/library` \
		  @LD_LIBRARY_PATH_VAR@="$(EXTRA_PATH):$(@LD_LIBRARY_PATH_VAR@)" \
		  PATH="$(EXTRA_PATH):$(PATH)" \
		  TCLLIBPATH="$(top_builddir)"
TCLSH_PROG	= @TCLSH_PROG@
TCLSH		= $(TCLSH_ENV) $(TCLSH_PROG)
SHARED_BUILD	= @SHARED_BUILD@

	$(AR) rcu tcltls.a.new tls.o tlsBIO.o tlsIO.o tlsX509.o
INCLUDES	= @PKG_INCLUDES@ @TCL_INCLUDES@ $(SSL_INCLUDES)

	mv tcltls.a.new tcltls.a
PKG_CFLAGS	= @PKG_CFLAGS@

#DEFS		= $(TCL_DEFS) @DEFS@ $(EXTRA_CFLAGS)
DEFS		= @DEFS@ $(PKG_CFLAGS)

# Dependencies for all our targets
CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl

tls.o: @srcdir@/tls.c @srcdir@/tlsInt.h @srcdir@/tclOpts.h @srcdir@/tls.tcl.h
CPPFLAGS	= @CPPFLAGS@
LIBS		= @PKG_LIBS@ @LIBS@
AR		= ar
CFLAGS		= @CFLAGS@
COMPILE		= $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h
#========================================================================
# Start of user-definable TARGETS section
#========================================================================

tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h
#========================================================================
# TEA TARGETS.  Please note that the "libraries:" target refers to platform
# independent files, and the "binaries:" target inclues executable programs and
# platform-dependent libraries.  Modify these targets so that they install
# the various pieces of your package.  The make and install rules
# for the BINARIES that you specified above have already been done.
tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h
#========================================================================

all: binaries libraries doc

# Create a C-source-ified version of the script resources
#========================================================================
# The binaries target builds executable programs, Windows .dll's, unix
# shared/static libraries, and any other platform-dependent files.
# The list of targets to build for "binaries:" is specified at the top
# of the Makefile, in the "BINARIES" variable.
#========================================================================

# for TclTLS so that we only need a single file to enable
binaries: $(BINARIES) pkgIndex.tcl

# this extension
libraries: $(PKG_TCL_SOURCES)

@srcdir@/tls.tcl.h: @srcdir@/tls.tcl
doc:

	xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new'
install: all install-binaries install-libraries install-doc

	mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h'
install-binaries: binaries install-lib-binaries install-bin-binaries

#========================================================================
# This rule installs platform-independent files, such as header files.
#========================================================================

install-libraries: libraries
	@mkdir -p $(DESTDIR)$(includedir)
	@echo "Installing header files in $(DESTDIR)$(includedir)"
	@list='$(PKG_HEADERS)'; for i in $$list; do \
	    echo "Installing $(srcdir)/$$i" ; \
	    $(INSTALL_DATA) $(srcdir)/$$i $(DESTDIR)$(includedir) ; \
	done;

#========================================================================
# Install documentation.  Unix manpages should go in the $(mandir)
# directory.
#========================================================================

install-doc: doc
#	@mkdir -p $(DESTDIR)$(mandir)/mann
#	@echo "Installing documentation in $(DESTDIR)$(mandir)"
#	@for i in $(srcdir)/doc/*.n; do \
#	    echo "Installing $$i"; \
#	    rm -f $(DESTDIR)$(mandir)/mann/`basename $$i`; \
#	    $(INSTALL_DATA) $$i $(DESTDIR)$(mandir)/mann ; \
#	done

test: binaries libraries
	echo "load $(PKG_LIB_FILE); \
	  if {![file exists tls.tcl]} { \
	      file copy [file join $(srcdir) tls.tcl] tls.tcl \
	  } ;\
	  source [file join $(srcdir) tls.tcl]; \
	  set argv {$(TESTFLAGS)}; \
	  source [file join $(srcdir) tests all.tcl]" | $(TCLSH)

shell: binaries libraries
	@$(TCLSH) $(SCRIPT)

# Generic target for building files from the "srcdir"
gdb:
	$(TCLSH_ENV) gdb $(TCLSH_PROG) $(SCRIPT)

# tree -- the default target will not match paths
depend:

%.o: @srcdir@/%.c
#========================================================================
# $(PKG_LIB_FILE) should be listed as part of the BINARIES variable
# mentioned above.  That will ensure that this target is built when you
# run "make binaries".
#
# The $(PKG_OBJECTS) objects are created and linked into the final
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

	$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"
$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	-$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:
#
# sample.$(OBJEXT): $(srcdir)/generic/sample.c
# 	$(COMPILE) -c `@CYGPATH@ $(srcdir)/generic/sample.c` -o $@
#
# Setting the VPATH variable to a list of paths will cause the makefile
# to look into these paths when resolving .c to .obj dependencies.
# As necessary, add $(srcdir):$(srcdir)/compat:....
#========================================================================

# Install the extension
VPATH = $(srcdir)

install: @EXTENSION_TARGET@ pkgIndex.tcl
.c.@OBJEXT@:
	$(COMPILE) -c `@CYGPATH@ $<` -o $@

	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
#========================================================================
# Create the pkgIndex.tcl file.
	$(INSTALL) -t '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' @EXTENSION_TARGET@ pkgIndex.tcl
# It is usually easiest to let Tcl do this for you with pkg_mkIndex, but
# you may find that you need to customize the package.  If so, either
# modify the -hand version, or create a pkgIndex.tcl.in file and have
# the configure script output the pkgIndex.tcl by editing configure.in.
#========================================================================

pkgIndex.tcl-auto:
	( echo pkg_mkIndex . $(PKG_LIB_FILE) \; exit; ) | $(TCLSH)

# Clean the local build directory for rebuild against the same configuration
pkgIndex.tcl:
	(echo 'package ifneeded $(PACKAGE_NAME) $(PACKAGE_VERSION) \
	    "[list source [file join $$dir tls.tcl]] ; \
	     [list tls::initlib $$dir $(PKG_LIB_FILE)]"'\
	) > pkgIndex.tcl

#========================================================================
# End of user-definable section
#========================================================================

#========================================================================
# Don't modify the file to clean here.  Instead, set the "CLEANFILES"
# variable in configure.in
#========================================================================

clean:  
clean:
	-test -z "$(BINARIES)" || rm -f $(BINARIES)
	-rm -f *.$(OBJEXT) core *.core
	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)

	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
distclean: clean
	-rm -f *.tab.c
	rm -f tcltls.@SHOBJEXT@
	-rm -f $(CONFIG_CLEAN_FILES)
	-rm -f config.cache config.log config.status

	rm -f tcltls.a.new tcltls.a
COMPEXE		= gzip
COMPEXT		= gz
COMPRESS	= tar cvf - $(PKG_DIR) | $(COMPEXE) > $(PKG_DIR)-src.tar.$(COMPEXT)
DIST_ROOT	= /tmp/dist
DIST_DIR	= $(DIST_ROOT)/$(PKG_DIR)

dist-clean:
	rm -rf $(DIST_DIR) $(DIST_ROOT)/$(PKG_DIR).tar.$(COMPEXT)

dist: dist-clean
	mkdir -p $(DIST_DIR)
	cp -p $(srcdir)/README.txt $(srcdir)/ChangeLog $(srcdir)/tls.htm \
		$(srcdir)/configure $(srcdir)/configure.in \
		$(srcdir)/Makefile.in $(srcdir)/*.[ch] \
		$(srcdir)/license.terms \
		$(srcdir)/aclocal.m4 $(srcdir)/tls.tcl \
		$(DIST_DIR)
	chmod 664 $(DIST_DIR)/Makefile.in $(DIST_DIR)/aclocal.m4
	chmod 775 $(DIST_DIR)/configure $(DIST_DIR)/configure.in

	mkdir $(DIST_DIR)/tclconfig
	cp -p $(srcdir)/tclconfig/install-sh $(srcdir)/tclconfig/tcl.m4 \
		$(DIST_DIR)/tclconfig/
	chmod 664 $(DIST_DIR)/tclconfig/tcl.m4
	chmod +x $(DIST_DIR)/tclconfig/install-sh

	mkdir $(DIST_DIR)/tests
	cp -p $(srcdir)/tests/*.{tcl,test} $(DIST_DIR)/tests

# Clean the local build directory back to what it was after unpacking the
	mkdir $(DIST_DIR)/tests/certs
	cp -p $(srcdir)/tests/certs/*.{pem,key,req,txt,srl} \
		$(DIST_DIR)/tests/certs

# distribution tarball
	mkdir $(DIST_DIR)/win
	cp -p $(srcdir)/win/*.{vc,rc,c} $(DIST_DIR)/win

distclean: clean
	(cd $(DIST_ROOT); $(COMPRESS);)

	rm -f config.log config.status
#========================================================================
# Install binary object libraries.  On Windows this includes both .dll and
# .lib files.  Because the .lib files are not explicitly listed anywhere,
# we need to deduce their existence from the .dll file of the same name.
# Additionally, the .dll files go into the bin directory, but the .lib
# files go into the lib directory.  On Unix platforms, all library files
# go into the lib directory.  In addition, this will generate the pkgIndex.tcl
# file in the install location (assuming it can find a usable tclsh)
#
# You should not have to modify this target.
#========================================================================

	rm -f Makefile pkgIndex.tcl
install-lib-binaries:
	@mkdir -p $(DESTDIR)$(pkglibdir)
	@list='$(lib_BINARIES)'; for p in $$list; do \
	  if test -f $$p; then \
	    echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(pkglibdir)/$$p"; \
	    $(INSTALL_PROGRAM) $$p $(DESTDIR)$(pkglibdir)/$$p; \
	    stub=`echo $$p|sed -e "s/.*\(stub\).*/\1/"`; \
	    if test "x$$stub" = "xstub"; then \
		echo " $(RANLIB_STUB) $(DESTDIR)$(pkglibdir)/$$p"; \
		$(RANLIB_STUB) $(DESTDIR)$(pkglibdir)/$$p; \
	    else \
		echo " $(RANLIB) $(DESTDIR)$(pkglibdir)/$$p"; \
		$(RANLIB) $(DESTDIR)$(pkglibdir)/$$p; \
	    fi; \
	    ext=`echo $$p|sed -e "s/.*\.//"`; \
	    if test "x$$ext" = "xdll"; then \
		lib=`basename $$p|sed -e 's/.[^.]*$$//'`.lib; \
		if test -f $$lib; then \
		    echo " $(INSTALL_DATA) $$lib $(DESTDIR)$(pkglibdir)/$$lib"; \
	            $(INSTALL_DATA) $$lib $(DESTDIR)$(pkglibdir)/$$lib; \
		fi; \
	    fi; \
	  fi; \
	done
	@list='$(PKG_TCL_SOURCES)'; for p in $$list; do \
	  if test -f $(srcdir)/$$p; then \
	    destp=`basename $$p`; \
	    echo " Install $$destp $(DESTDIR)$(pkglibdir)/$$destp"; \
	    $(INSTALL_DATA) $(srcdir)/$$p $(DESTDIR)$(pkglibdir)/$$destp; \
	  fi; \
	done
	@if test "x$(SHARED_BUILD)" = "x1"; then \
	    echo " Install pkgIndex.tcl $(DESTDIR)$(pkglibdir)"; \
	    $(INSTALL_DATA) pkgIndex.tcl $(DESTDIR)$(pkglibdir); \
	fi

#========================================================================
# Install binary executables (e.g. .exe files)
#
# You should not have to modify this target.
#========================================================================

# Clean the local build directory back to only thing things that exist in
install-bin-binaries:
	@mkdir -p $(DESTDIR)$(bindir)
	@list='$(bin_BINARIES)'; for p in $$list; do \
	  if test -f $$p; then \
	    echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$p"; \
	    $(INSTALL_PROGRAM) $$p $(DESTDIR)$(bindir)/$$p; \
	  fi; \
	done

# version control system
.SUFFIXES: .c .$(OBJEXT)

mrproper: distclean
Makefile: $(srcdir)/Makefile.in  $(top_builddir)/config.status
	cd $(top_builddir) \
	  && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status

uninstall-binaries:
	rm -f @srcdir@/tls.tcl.h
	rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh
	list='$(lib_BINARIES)'; for p in $$list; do \
	  rm -f $(DESTDIR)$(pkglibdir)/$$p; \
	rm -f @srcdir@/aclocal.m4
	done
	list='$(PKG_TCL_SOURCES)'; for p in $$list; do \
	  p=`basename $$p`; \
	  rm -f $(DESTDIR)$(pkglibdir)/$$p; \
	rm -rf @srcdir@/aclocal @srcdir@/autom4te.cache
	done
	list='$(bin_BINARIES)'; for p in $$list; do \
	  rm -f $(DESTDIR)$(bindir)/$$p; \
	done

.PHONY: all binaries clean depend distclean doc install libraries test

.PHONY: all install clean distclean mrproper
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
1
2
3
4
5
6
7
8
9
10
11
12
13
1
2
3
4


5
6
7
8
9
10
11




-
-







Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.

$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.7 2008/03/19 22:49:12 hobbs2 Exp $

TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.
Deleted aclocal.m4 version [9e0a6d21b1].
Added autogen.sh version [c6e14774e1].
Added build/post.sh version [b845836733].
Added build/pre.sh version [a8f310fb41].
Deleted configure version [c1aa70d493].
1
2
3
4
5

6
7
8
9
10
11
12
13
14
15

16
17
18
19
20
21
22
23
24





25
26
27
28
29
30
31


32
33
34
35
36
37
38

39
40

41
42
43
44
45
46
47
48
49

50
51
52

53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

68
69
70
71
72
73
74



75
76
77
78
79
80
81
82
83

84
85
86
87
88


89

90

91

92
93
94
95
96
97



98
99
100

101
102

103
104
105
106
107
108

109
110
111
112
113

114
115

116
117
118
119
120
121
122
123

124
125
126
127

128
129

130
131
132
133
134
135
136

137
138
139
140
141
142
143
144
145
146

147
148
149
150
151
152

153
154
155


156

157
158
159
160
161
162
163
164
165
166

167
168
169
170
171


172

173
174
175
176

177
178
179




180
181
182
183

184
185


186
187
188
189
190
191
192
193
194
195



196
197
198
199
200
201
202
203
204


205
206

207
208
209
210

211






1










2
3








4
5
6
7
8

9





10
11

12





13


14






15


16



17






18








19







20
21
22









23




24
25
26

27
28
29

30
31





32
33
34



35


36



37


38





39


40





41


42




43


44







45

46





47


48

49




50



51
52

53
54






55


56





57
58

59
60



61



62
63
64
65




66


67
68










69
70
71









72
73


74



75
76

77
-
-
-
-
-
+
-
-
-
-
-
-
-
-
-
-
+

-
-
-
-
-
-
-
-
+
+
+
+
+
-

-
-
-
-
-
+
+
-

-
-
-
-
-
+
-
-
+
-
-
-
-
-
-

-
-
+
-
-
-
+
-
-
-
-
-
-

-
-
-
-
-
-
-
-
+
-
-
-
-
-
-
-
+
+
+
-
-
-
-
-
-
-
-
-
+
-
-
-
-

+
+
-
+

+
-
+

-
-
-
-
-
+
+
+
-
-
-
+
-
-
+
-
-
-

-
-
+
-
-
-
-
-
+
-
-
+
-
-
-
-
-

-
-
+
-
-
-
-
+
-
-
+
-
-
-
-
-
-
-
+
-

-
-
-
-
-

-
-
+
-

-
-
-
-
+
-
-
-
+
+
-
+

-
-
-
-
-
-

-
-
+
-
-
-
-
-
+
+
-
+

-
-
-
+
-
-
-
+
+
+
+
-
-
-
-
+
-
-
+
+
-
-
-
-
-
-
-
-
-
-
+
+
+
-
-
-
-
-
-
-
-
-
+
+
-
-
+
-
-
-

+
-
+
#!/bin/bash -norc
dnl	This file is an input file used by the GNU "autoconf" program to
dnl	generate the file "configure", which is run during Tcl installation
dnl	to configure the system for the local environment.
dnl 
dnl Define ourselves
dnl This file contains code to generate "tls" using either the
dnl OpenSSL libraries or libraries from the commercial BSAFE SSL-C
dnl product from RSA Security.  In the United States, it is necessary
dnl to use the RSA BSAFE libraries for any product developed for
dnl commercial use. Licensing information for BSAFE SSL-C may be
dnl obtained from RSA Data Scurity Inc., San Mateo, California, USA.
dnl Their home page on the web is "www.rsasecurity.com". 
#
# RCS: @(#) $Id: configure.in,v 1.31 2015/07/07 17:16:02 andreas_kupries Exp $

AC_INIT(tcltls, 1.256)

#--------------------------------------------------------------------
# macro used to verify that the configure script can find the sources
#--------------------------------------------------------------------

AC_INIT([tls], [1.6.7])

TEA_INIT([3.8])

dnl Checks for programs.
AC_PROG_CC
AC_PROG_MAKE_SET
AC_PROG_INSTALL
AC_GNU_SOURCE
AC_CONFIG_AUX_DIR(tclconfig)

#--------------------------------------------------------------------
# Load the tclConfig.sh file
#--------------------------------------------------------------------

TEA_PATH_TCLCONFIG
dnl Determine system information
DC_CHK_OS_INFO
TEA_LOAD_TCLCONFIG

#-----------------------------------------------------------------------
# Handle the --prefix=... option by defaulting to what Tcl gave.
# Must be called after TEA_LOAD_TCLCONFIG and before TEA_SETUP_COMPILER.
#-----------------------------------------------------------------------

dnl Look for appropriate headers
TEA_PREFIX

AC_CHECK_HEADERS(unistd.h stdlib.h string.h strings.h)
#-----------------------------------------------------------------------
# Standard compiler checks.
# This sets up CC by using the CC env var, or looks for gcc otherwise.
# This also calls AC_PROG_CC, AC_PROG_INSTALL and a few others to create
# the basic setup necessary to compile executables.
#-----------------------------------------------------------------------

TEA_SETUP_COMPILER

dnl Perform Tcl Extension required stuff
#-----------------------------------------------------------------------
# __CHANGE__
# Specify the C source files to compile in TEA_ADD_SOURCES,
TCLEXT_INIT
# public headers that need to be installed in TEA_ADD_HEADERS,
# stub library C source files to compile in TEA_ADD_STUB_SOURCES,
# and runtime Tcl library files in TEA_ADD_TCL_SOURCES.
# This defines PKG(_STUB)_SOURCES, PKG(_STUB)_OBJECTS, PKG_HEADERS
# and PKG_TCL_SOURCES.
#-----------------------------------------------------------------------

TEA_ADD_SOURCES([])
TEA_ADD_HEADERS([])
TEA_ADD_INCLUDES([])
TEA_ADD_LIBS([])
TEA_ADD_CFLAGS([])
TEA_ADD_STUB_SOURCES([])
TEA_ADD_TCL_SOURCES([])

if test "$TCLEXT_BUILD" != 'static'; then
#--------------------------------------------------------------------
# A few miscellaneous platform-specific items:
#
# Define a special symbol for Windows (BUILD_sample in this case) so
# that we create the export library with the dll.  See sha1.h on how
# to use this.
#
	dnl Determine how to make shared objects
	DC_GET_SHOBJFLAGS

# Windows creates a few extra files that need to be cleaned up.
# You can add more files to clean if your extension creates any extra
# files.
#
# Define any extra compiler flags in the PACKAGE_CFLAGS variable.
# These will be appended to the current set of compiler flags for
# your system.
#--------------------------------------------------------------------

	EXTENSION_TARGET="tcltls.${SHOBJEXT}"
if test "${TEA_PLATFORM}" = "windows" ; then
    AC_DEFINE(BUILD_tls)
    AC_DEFINE(WINDOWS)
    CLEANFILES="pkgIndex.tcl *.lib *.dll *.exp *.ilk *.pdb vc*.pch"
else
	AC_CHECK_TOOL([AR], [ar], [false])
	AC_CHECK_TOOL([RANLIB], [ranlib], [:])
    CLEANFILES="pkgIndex.tcl"
	EXTENSION_TARGET="tcltls.a"
fi
AC_SUBST(EXTENSION_TARGET)
AC_SUBST(CLEANFILES)
AC_SUBST(TCLEXT_BUILD)

#--------------------------------------------------------------------
# Choose which headers you need.  Extension authors should try very
# hard to only rely on the Tcl public header files.  Internal headers
# contain private data structures and are subject to change without
# notice.
dnl Determine what SSL library to link with
AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl], [name of ssl library to build against (openssl, libressl, nss, auto)]), [
	if test "$withval" = "no"; then
# This MUST be called after TEA_LOAD_TCLCONFIG / TEA_LOAD_TKCONFIG
#--------------------------------------------------------------------

		AC_MSG_ERROR([You may not specify --without-ssl])
TEA_PUBLIC_TCL_HEADERS

	fi
#--------------------------------------------------------------------
# Check whether --enable-threads or --disable-threads was given.
#--------------------------------------------------------------------

TEA_ENABLE_THREADS

	if test "$withval" = "yes"; then
#--------------------------------------------------------------------
# The statement below defines a collection of symbols related to
# building as a shared library instead of a static library.
#--------------------------------------------------------------------

		AC_MSG_ERROR([If you specify --with-ssl then you must provide a value])
TEA_ENABLE_SHARED

	fi
#--------------------------------------------------------------------
# This macro figures out what flags to use with the compiler/linker
# when building shared/static debug/optimized objects.  This information
# can be taken from the tclConfig.sh file, but this figures it all out.
#--------------------------------------------------------------------

TEA_CONFIG_CFLAGS

	tcltls_ssl_lib="$withval"
#--------------------------------------------------------------------
# Set the default compiler switches based on the --enable-symbols option.
#--------------------------------------------------------------------

], [
TEA_ENABLE_SYMBOLS

	tcltls_ssl_lib='auto'
#--------------------------------------------------------------------
# Everyone should be linking against the Tcl stub library.  If you
# can't for some reason, remove this definition.  If you aren't using
# stubs, you also need to modify the SHLIB_LD_LIBS setting below to
# link against the non-stubbed Tcl library.  Add Tk too if necessary.
#--------------------------------------------------------------------

])
AC_DEFINE(USE_TCL_STUBS)

#--------------------------------------------------------------------
# If the variable OPENSSL is set, we will build with the OpenSSL
# libraries.  If it is not set, then we will use RSA BSAFE SSL-C
# libraries instead of the default OpenSSL libaries.
#--------------------------------------------------------------------

OPENSSL="1"

AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])
TLS_CHECK_SSL

#--------------------------------------------------------------------
# Determine if we should use the patented encryption code
#--------------------------------------------------------------------

dnl XXX:TODO: Automatically determine the SSL library to use
AC_ARG_ENABLE(patents, [  --enable-patents        Use patented code.  Default is enabled], PATENTS=${enableval}, PATENTS=yes)  

if test ${PATENTS} = no; then
dnl           defaulting to OpenSSL for compatibility reasons
if test "$tcltls_ssl_lib" = 'auto'; then
    AC_DEFINE([NO_PATENTS])
	tcltls_ssl_lib='openssl'
fi

#--------------------------------------------------------------------
# This macro generates a line to use when building a library.  It
# depends on values set by the TEA_ENABLE_SHARED, TEA_ENABLE_SYMBOLS,
# and TEA_LOAD_TCLCONFIG macros above.
#--------------------------------------------------------------------

TEA_MAKE_LIB

AC_MSG_CHECKING([which TLS library to use])
#--------------------------------------------------------------------
# Shared libraries and static libraries have different names.
# Also, windows libraries and unix libraries have different names.
# For the OpenSSL version, I chose to use the same library names that
# OpenSSL uses as its default names.
AS_CASE([$tcltls_ssl_lib],
	[openssl], [
#--------------------------------------------------------------------
		AC_MSG_RESULT([openssl])

if test "${TEA_PLATFORM}" = "windows" ; then
    if test "$GCC" = "yes"; then
	TEA_ADD_LIBS([-L${SSL_LIB_DIR_NATIVE}])
		LIBS="${LIBS} `"${PKGCONFIG}" openssl --libs`"
    else
	TEA_ADD_LIBS([-libpath:${SSL_LIB_DIR_NATIVE}])
    fi
		CFLAGS="${CFLAGS} `"${PKGCONFIG}" openssl --cflags-only-other`"
		CPPFLAGS="${CPPFLAGS} `"${PKGCONFIG}" openssl --cflags-only-I`"
	],
	[libressl], [
    if test -n "${OPENSSL}"; then
        TEA_ADD_LIBS([ssleay32.lib libeay32.lib])
    else
        TEA_ADD_LIBS([sslc32.lib])
		AC_MSG_RESULT([libressl])
    fi
else
	],
	[nss], [
    # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859]
    LIB_RUNTIME_DIR=${SSL_LIB_DIR}
    eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\""
    if test -n "${OPENSSL}"; then
	TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}])
    else
	TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lsslc])
    fi
fi

		AC_MSG_RESULT([nss])
	],
	[
#--------------------------------------------------------------------
# Find tclsh so that we can run pkg_mkIndex to generate the pkgIndex.tcl
# file during the install process.  Don't run the TCLSH_PROG through
# ${CYGPATH} because it's being used directly by make.
# Require that we use a tclsh shell version 8.2 or later since earlier
# versions have bugs in the pkg_mkIndex routine.
# Add WISH as well if this is a Tk extension.
#--------------------------------------------------------------------

		AC_MSG_ERROR([Unsupported SSL library: $tcltls_ssl_lib])
	]
TEA_PROG_TCLSH

)
#--------------------------------------------------------------------
# Finally, substitute all of the various values into the Makefile.
#--------------------------------------------------------------------

dnl Produce output
AC_OUTPUT([Makefile])
AC_OUTPUT(Makefile pkgIndex.tcl)
Added pkgIndex.tcl.in version [69b06405aa].
Modified tclOpts.h from [4e3c2a8397] to [aff9aa3b9c].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 *  Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 *  $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tclOpts.h,v 1.2 2000/01/20 01:49:31 aborr Exp $
 *
 * Stylized option processing - requires consitent
 * external vars: opt, idx, objc, objv
 */
#ifndef _TCL_OPTS_H
#define _TCL_OPTS_H

#define OPT_PROLOG(option)			\
Deleted tclconfig/tcl.m4 version [1cb6792ef2].
1
2
3
4
5
6
7
8
9
10


11
12
13
14
15
16
17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19










+
+







# all.tcl --
#
# This file contains a top-level script to run all of the Tcl
# tests.  Execute it by invoking "source all.test" when running tcltest
# in this directory.
#
# Copyright (c) 1998-2000 by Ajuba Solutions.
# All rights reserved.
# 
# RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]

if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import ::tcltest::*
}

set ::tcltest::testSingleFile false
1
2
3
4

5
6
7
8
9
10
11
12
13
14
15
16


17
18
19
20
21
22
23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26




+












+
+







#!/bin/sh
# The next line is executed by /bin/sh, but not tcl \
exec tclsh "$0" ${1+"$@"}

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
package require tls

proc creadable {s} {
    puts "LINE=[gets $s]"
    after 2000
    exit
}

proc myserv {s args} {
    fileevent $s readable [list creadable $s]
}

close [file tempfile keyfile]
close [file tempfile certfile]
tls::misc req 1024 $keyfile $certfile [list C CCC ST STTT L LLLL O OOOO OU OUUUU CN CNNNN Email some@email.com days 730 serial 12]

tls::socket -keyfile $keyfile -certfile $certfile -server myserv 12300

puts "Now run keytest2.tcl"
vwait forever




1
2
3
4
5
6
7
8
1
2
3
4
5
6
7
8
9
10

+
+
+







-
#! /usr/bin/env tclsh

set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]]
package require tls

set s [tls::socket 127.0.0.1 12300]
puts $s "A line"
flush $s
puts [join [tls::status $s] \n]
exit

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tls.tcl,v 1.2 2000/06/06 18:24:33 aborr Exp $
#
set dir [file dirname [info script]]
regsub {\.} [info tclversion] {} vshort
if {$tcl_platform(platform) == "windows"} {
    if {[info exists tcl_platform(debug)]} {
	load $dir/../win/Debug$vshort/tls.dll
    } else {
	load $dir/../win/Release$vshort/tls.dll
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsAuto.tcl,v 1.1 2000/06/06 18:13:20 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc fromServer {chan} {
    if {[catch {read $chan 10} data]} {
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsBlocking.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc bgerror {msg} {tclLog "BG: $msg"}

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsCiphers.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

if {[llength $argv] == 0} {
    puts stderr "Usage: ciphers protocol ?verbose?"
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsHttp.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
package require base64

set dir [file dirname [info script]]
cd $dir
source tls.tcl
package require http

1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsSrv.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
# Sample Tls-enabled server
#
set dir [file dirname [info script]]
cd $dir
source tls.tcl
#lappend auto_path d:/tcl80/lib
#package require tls
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsSrv2.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#
# Sample Tls-enabled server
#
set dir [file dirname [info script]]
cd $dir
source tls.tcl
#lappend auto_path d:/tcl80/lib
#package require tls
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tests/oldTests/tlsUpload.tcl,v 1.1 2000/06/06 18:13:21 aborr Exp $
#

set dir [file dirname [info script]]
cd $dir
source tls.tcl

proc fromServer {chan} {
    if {[catch {read $chan 10} data]} {
66
67
68
69
70
71
72
73
74
75

76
77
78
79
80
81
82
66
67
68
69
70
71
72

73

74
75
76
77
78
79
80
81







-

-
+








if {[lsearch [namespace children] ::tcltest] == -1} {
    package require tcltest
    namespace import -force ::tcltest::*
}

# The build dir is added as the first element of $PATH
set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
# Load the tls package
package require tls 1.6
package require tls

set tlsServerPort 8048

# Specify where the certificates are

set certsDir	[file join [file dirname [info script]] certs]
set serverCert	[file join $certsDir server.pem]
300
301
302
303
304
305
306

307
308
309
310
311
312
313
314
315
299
300
301
302
303
304
305
306
307

308
309
310
311
312
313
314







+

-







test tlsIO-1.12 {arg parsing for socket command} {socket} {
    list [catch {tls::socket foo badport} msg] $msg
} {1 {expected integer but got "badport"}}

test tlsIO-2.1 {tcp connection} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x timed_out"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
    puts $f {
	proc accept {file addr port} {
	    global x
342
343
344
345
346
347
348

349
350
351
352
353
354
355
356
357
341
342
343
344
345
346
347
348
349

350
351
352
353
354
355
356







+

-







} else {
    set port [expr {$tlsServerPort + [pid]%1024}]
}

test tlsIO-2.2 {tcp connection with client port specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8829 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
382
383
384
385
386
387
388

389
390
391
392
393
394
395
396
397
381
382
383
384
385
386
387
388
389

390
391
392
393
394
395
396







+

-







    close $f
    set x
} [list ready "hello $port"]

test tlsIO-2.3 {tcp connection with client interface specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8830 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
420
421
422
423
424
425
426

427
428
429
430
431
432
433
434
435
419
420
421
422
423
424
425
426
427

428
429
430
431
432
433
434







+

-







    close $f
    set x
} {ready {hello 127.0.0.1}}

test tlsIO-2.4 {tcp connection with server interface specified} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey -myaddr [info hostname] 8831 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
457
458
459
460
461
462
463

464
465
466
467
468
469
470
471
472
456
457
458
459
460
461
462
463
464

465
466
467
468
469
470
471







+

-







    close $f
    set x
} {ready hello}

test tlsIO-2.5 {tcp connection with redundant server port} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8832 \]"
    puts $f {
	proc accept {sock addr port} {
            global x
504
505
506
507
508
509
510

511
512
513
514
515
516
517
518
519
503
504
505
506
507
508
509
510
511

512
513
514
515
516
517
518







+

-







    }
    set status
} ok

test tlsIO-2.7 {echo server, one line} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x done"]
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8834 \]"
    puts $f {
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
548
549
550
551
552
553
554

555
556
557
558
559
560
561
562
563
547
548
549
550
551
552
553
554
555

556
557
558
559
560
561
562







+

-







    set y [gets $f]
    close $f
    list $x $y
} {{hello abcdefghijklmnop} done}

test tlsIO-2.8 {echo server, loop 50 times, single connection} {socket stdio} {
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8835 \]"
    puts $f {
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
            fconfigure $s -buffering line
600
601
602
603
604
605
606

607
608
609
610
611
612
613
614
615
599
600
601
602
603
604
605
606
607

608
609
610
611
612
613
614







+

-







    set x
} {done 50}

test tlsIO-2.9 {socket conflict} {socket stdio} {
    set s [tls::socket -server accept 8828]
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts -nonewline $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	tls::socket -server accept 8828
    }
    close $f
    set f [open "|[list $::tcltest::tcltest script]" r]
    gets $f
    after 100
687
688
689
690
691
692
693

694
695
696
697
698
699
700
701
702
686
687
688
689
690
691
692
693
694

695
696
697
698
699
700
701







+

-








test tlsIO-2.12 {tcp connection; no certificates specified} \
	{socket stdio unixOnly} {
    # There is a debug assertion on Windows/SSL that causes a crash when the
    # certificate isn't specified.
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set timer [after 2000 "set x timed_out"]
	set f [tls::socket -server accept 8828]
	proc accept {file addr port} {
	    global x
	    set x done
            close $file
720
721
722
723
724
725
726

727
728
729
730
731
732
733
734
735
719
720
721
722
723
724
725
726
727

728
729
730
731
732
733
734







+

-







    close $f
    set x
} {ready done {}}

test tlsIO-3.1 {socket conflict} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
    puts $f {
	puts ready
	gets stdin
	close $f
745
746
747
748
749
750
751

752
753
754
755
756
757
758
759
760
744
745
746
747
748
749
750
751
752

753
754
755
756
757
758
759







+

-







    close $f
    set x
} {1 {couldn't open socket: address already in use}}

test tlsIO-3.2 {server with several clients} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	set t1 [after 30000 "set x timed_out"]
	set t2 [after 31000 "set x timed_out"]
	set t3 [after 32000 "set x timed_out"]
	set counter 0
    }
    puts $f "set s \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]"
814
815
816
817
818
819
820

821
822
823
824
825
826
827
828
829
813
814
815
816
817
818
819
820
821

822
823
824
825
826
827
828







+

-







    set x
} {ready done}

test tlsIO-4.1 {server with several clients} {socket stdio} {
    # have seen intermittent hangs on Windows
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
	gets stdin
    }
    puts $f "set s \[tls::socket -certfile $clientCert -cafile $caCert -keyfile $clientKey 127.0.0.1 8828 \]"
    puts $f {
	fconfigure $s -buffering line
	for {set i 0} {$i < 100} {incr i} {
922
923
924
925
926
927
928

929
930
931
932
933
934
935
936
937
921
922
923
924
925
926
927
928
929

930
931
932
933
934
935
936







+

-







} {couldn't open socket: not owner}

test tlsIO-6.1 {accept callback error} {socket stdio} {
    # There is a debug assertion on Windows/SSL that causes a crash when the
    # certificate isn't specified.
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
	gets stdin
    }
    puts $f [list tls::socket -cafile $caCert 127.0.0.1 8848]
    close $f
    set f [open "|[list $::tcltest::tcltest script]" r+]
    proc bgerror args {
950
951
952
953
954
955
956

957
958
959
960
961
962
963
964
965
949
950
951
952
953
954
955
956
957

958
959
960
961
962
963
964







+

-







    rename bgerror {}
    set x
} {{divide by zero}}

test tlsIO-7.1 {testing socket specific options} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f [list tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8820]
    puts $f {
	proc accept args {
	    global x
984
985
986
987
988
989
990

991
992
993
994
995
996
997
998
999
983
984
985
986
987
988
989
990
991

992
993
994
995
996
997
998







+

-







    lappend l [string compare [lindex $p 2] 8820]
    lappend l [llength $p]
} {0 0 3}

test tlsIO-7.2 {testing socket specific options} {socket stdio} {
    removeFile script
    set f [open script w]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8821"
    puts $f {
	proc accept args {
	    global x
	    set x done
1756
1757
1758
1759
1760
1761
1762

1763
1764
1765
1766
1767
1768
1769
1770
1771
1755
1756
1757
1758
1759
1760
1761
1762
1763

1764
1765
1766
1767
1768
1769
1770







+

-








    # Script2 creates the server socket, launches script1,
    # waits a second, and exits.  The server socket will now
    # be closed unless script1 inherited it.

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828\]"
    puts $f {
	proc accept { file addr port } {
	    close $file
1813
1814
1815
1816
1817
1818
1819

1820
1821
1822
1823
1824
1825
1826
1827
1828
1812
1813
1814
1815
1816
1817
1818
1819
1820

1821
1822
1823
1824
1825
1826
1827







+

-








    # Script2 opens the client socket and writes to it.  It then
    # launches script1 and exits.  If the child process inherited the
    # client socket, the socket will still be open.

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -certfile $clientCert -cafile $caCert \
	    -keyfile $clientKey 127.0.0.1 8829\]"
    puts $f {
	exec $tclsh script1 &
	puts $f testing
1874
1875
1876
1877
1878
1879
1880

1881
1882
1883
1884
1885
1886
1887
1888
1889
1873
1874
1875
1876
1877
1878
1879
1880
1881

1882
1883
1884
1885
1886
1887
1888







+

-







	after 10000 exit
	vwait forever
    }
    close $f

    set f [open script2 w]
    puts $f [list set tclsh $::tcltest::tcltest]
    puts $f [list set auto_path $auto_path]
    puts $f {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
	package require tls
    }
    puts $f "set f \[tls::socket -server accept \
	    -certfile $serverCert -cafile $caCert -keyfile $serverKey 8930\]"
    puts $f {
	proc accept { file host port } {
	    global tclsh
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1925
1926
1927
1928
1929
1930
1931

1932
1933
1934
1935
1936
1937
1938







-







test tlsIO-13.1 {Testing use of shared socket between two threads} \
	{socket testthread} {
    # HOBBS: never tested
    removeFile script
    threadReap

    makeFile {
	set auto_path [linsert $auto_path 0 [lindex [split $env(PATH) ";:"] 0]]
    	package require tls
	set f [tls::socket -server accept 8828]
	proc accept {s a p} {
            fileevent $s readable [list echo $s]
            fconfigure $s -buffering line
        }
	proc echo {s} {
Modified tls.c from [15a7d7809d] to [b151916d75].
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
1
2
3
4
5
6
7


8
9
10
11
12
13
14







-
-







/*
 * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com>
 * some modifications:
 *	Copyright (C) 2000 Ajuba Solutions
 *	Copyright (C) 2002 ActiveState Corporation
 *	Copyright (C) 2004 Starfish Systems 
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.c,v 1.37 2015/07/07 17:16:02 andreas_kupries Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built (almost) from scratch based upon observation of
 * OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
1658
1659
1660
1661
1662
1663
1664




1665
1666
1667
1668
1669
1670
1671
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673







+
+
+
+







 *-------------------------------------------------------------------
 */

int
Tls_Init(Tcl_Interp *interp)		/* Interpreter in which the package is
					 * to be made available. */
{
    const unsigned char tlsTclInitScript[] = {
#include "tls.tcl.h"
    };

    int major, minor, patchlevel, release;

    /*
     * The original 8.2.0 stacked channel implementation (and the patch
     * that preceded it) had problems with scalability and robustness.
     * These were address in 8.3.2 / 8.4a2, so we now require that as a
     * minimum for TLS 1.4+.  We only support 8.2+ now (8.3.2+ preferred).
1717
1718
1719
1720
1721
1722
1723




1724

1725
1726
1727
1728
1729
1730
1731
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729

1730
1731
1732
1733
1734
1735
1736
1737







+
+
+
+
-
+








    Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd,
	    (ClientData) 0, (Tcl_CmdDeleteProc *) NULL);

    if (interp) {
        Tcl_Eval(interp, tlsTclInitScript);
    }

    return Tcl_PkgProvide(interp, PACKAGE_NAME, PACKAGE_VERSION);
    return Tcl_PkgProvide(interp, "tls", PACKAGE_VERSION);
}

/*
 *------------------------------------------------------*
 *
 *	Tls_SafeInit --
 *
1772
1773
1774
1775
1776
1777
1778
1779



1780
1781
1782


1783
1784
1785
1786
1787
1788
1789
1778
1779
1780
1781
1782
1783
1784

1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799







-
+
+
+



+
+







{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status=TCL_OK;
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;

    if (!initialized) {
    if (initialized) {
        return status;
    }
	Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;
#else
       {
#endif

	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }
1821
1822
1823
1824
1825
1826
1827

1828

1829
1830
1831
1832
1833
1834
1835
1831
1832
1833
1834
1835
1836
1837
1838

1839
1840
1841
1842
1843

1844
1845







+
-
+




-


	    do {
		for (i = 0; i < 16; i++) {
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}

    	done:
done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	Tcl_MutexUnlock(&init_mx);
#endif
    }
    return status;
}
Modified tls.h from [dc96a1623e] to [6362c4c989].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.h,v 1.2 2000/01/20 01:59:38 aborr Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
Modified tls.tcl from [3192efd07b] to [90f08f912e].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







#
# Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> 
#
# $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tls.tcl,v 1.14 2015/07/07 17:16:03 andreas_kupries Exp $
#
namespace eval tls {
    variable logcmd tclLog
    variable debug 0
 
    # Default flags passed to tls::import
    variable defaults {}

Modified tlsBIO.c from [66eac232ea] to [b90d32218c].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsBIO.c,v 1.8 2004/03/24 05:22:53 razzell Exp $
 *
 * Provides BIO layer to interface openssl to Tcl.
 */

#include "tlsInt.h"

/*
 * Forward declarations
Modified tlsIO.c from [ed5e46f5ea] to [d9df3786b9].
1
2
3
4
5
6
7
8
9
10
11
12
13
1
2
3
4


5
6
7
8
9
10
11




-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 * Copyright (C) 2000 Ajuba Solutions
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsIO.c,v 1.19 2015/06/06 09:07:08 apnadkarni Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
Modified tlsInt.h from [aca790a765] to [337abc57f7].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsInt.h,v 1.17 2015/06/06 09:07:08 apnadkarni Exp $
 *
 * TLS (aka SSL) Channel - can be layered on any bi-directional
 * Tcl_Channel (Note: Requires Trf Core Patch)
 *
 * This was built from scratch based upon observation of OpenSSL 0.9.2B
 *
 * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
 * providing the Tcl_ReplaceChannel mechanism and working closely with me
Modified tlsX509.c from [24e0063023] to [a24085972c].
1
2
3
4
5
6
7
8
9
10
11
12
1
2
3


4
5
6
7
8
9
10



-
-







/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <matt@sensus.org>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.5 2004/06/29 10:58:08 patthoyts Exp $
 */
#include "tlsInt.h"

/*
 *  Ensure these are not macros - known to be defined on Win32 
 */
#ifdef min
Deleted win/makefile.vc version [91ee39841d].
Deleted win/nmakehlp.c version [892a643209].
Deleted win/rules.vc version [ead277b0fc].
Deleted win/tls.rc version [93d9423ff3].