Changes In Branch tls-1-7 Through [ee18d6c91e] Excluding Merge-Ins
This is equivalent to a diff from 6aedc8c1b5 to ee18d6c91e
2016-12-08
| ||
04:26 | Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk | |
2016-12-02
| ||
16:13 | Cleaned up compiler warnings with debugging statements casting pointers to ints check-in: ac2c67d21d user: rkeene tags: tls-1-7 | |
16:09 | Minor cleanup of global variables and void function check-in: ee18d6c91e user: rkeene tags: tls-1-7 | |
2016-12-01
| ||
21:51 | Updated to support a deterministic mode check-in: bf7f82b5e8 user: rkeene tags: tls-1-7 | |
2016-11-22
| ||
22:07 | Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7 | |
21:43 | Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk | |
21:36 | Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix | |
17:58 | Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded | |
17:58 | Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile | |
17:58 | Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate | |
2015-07-07
| ||
17:16 | Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk | |
Added .fossil-settings/ignore-glob version [103e76cae5].
Added HEADER version [786e922403].
Modified Makefile.in
from [de778baab4]
to [d6e6218bd6].
|
| < < < < < < < < < < < < < < < | | < < < < | < < < | < < < < | < | < < < | | | < < < | < < < < < | < < < < < < | < < < | < < < | < < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < < < < | < | < | < < | < < < < < < < < < < < < < < < < < < < < | < < < < < < | < | < | < | < < | < < < | < < < < < < | | < < < < | < < < < < < < < | < < < < < < < < < < | < < | < | < < < < < < < < < | < < < < < < < < < < < | < < < < < < | | | < < < < < < < < < < < < | | | < < < | < < < < < < < | | < < < | < | < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < | < < | < | < < < < < < < < < < < | < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < < < < | < | < < < | | < | < < < | < < < < < | < < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | CC = @CC@ AR = @AR@ RANLIB = @RANLIB@ CFLAGS = @CFLAGS@ @SHOBJFLAGS@ CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@ LIBS = @LIBS@ INSTALL = @INSTALL@ PACKAGE_VERSION = @PACKAGE_VERSION@ TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@ PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION) all: @EXTENSION_TARGET@ # The shared object target tcltls.@SHOBJEXT@: tls.o tlsBIO.o tlsIO.o tlsX509.o $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tcltls.@SHOBJEXT@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS) # The static target tcltls.a: tls.o tlsBIO.o tlsIO.o tlsX509.o $(AR) rcu tcltls.a.new tls.o tlsBIO.o tlsIO.o tlsX509.o $(RANLIB) tcltls.a.new mv tcltls.a.new tcltls.a # Dependencies for all our targets tls.o: @srcdir@/tls.c @srcdir@/tlsInt.h @srcdir@/tclOpts.h @srcdir@/tls.tcl.h dh_params.h tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h # Create a C-source-ified version of the script resources # for TclTLS so that we only need a single file to enable # this extension @srcdir@/tls.tcl.h: @srcdir@/tls.tcl xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new' mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h' # Create default DH parameters dh_params.h: @srcdir@/gen_dh_params @srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new mv dh_params.h.new dh_params.h # Generic target for building files from the "srcdir" # tree -- the default target will not match paths %.o: @srcdir@/%.c $(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<" # Install the extension install: @EXTENSION_TARGET@ pkgIndex.tcl $(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL) -t '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' @EXTENSION_TARGET@ pkgIndex.tcl # Clean the local build directory for rebuild against the same configuration clean: rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o rm -f tcltls.@SHOBJEXT@ rm -f tcltls.a.new tcltls.a # Clean the local build directory back to what it was after unpacking the # distribution tarball distclean: clean rm -f config.log config.status rm -f dh_params.h.new dh_params.h rm -f Makefile pkgIndex.tcl # Clean the local build directory back to only thing things that exist in # version control system mrproper: distclean rm -f @srcdir@/tls.tcl.h rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh rm -f @srcdir@/aclocal.m4 rm -rf @srcdir@/aclocal @srcdir@/autom4te.cache .PHONY: all install clean distclean mrproper |
Modified README.txt
from [a2f4c7f22f]
to [98035f2af2].
1 2 3 4 | Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions TLS 1.6 Copyright (C) 2008 ActiveState Software Inc. | < < | 1 2 3 4 5 6 7 8 9 10 11 | Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions TLS 1.6 Copyright (C) 2008 ActiveState Software Inc. TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel. Both client and server-side sockets are possible, and this code should work on any platform as it uses a generic mechanism for layering on SSL and Tcl. Full filevent sematics should also be intact - see tests directory for blocking and non-blocking examples. |
︙ | ︙ |
Deleted aclocal.m4 version [9e0a6d21b1].
Added autogen.sh version [c6e14774e1].
Added build/makearch.info version [cbbf41f89e].
Added build/post.sh version [b845836733].
Added build/pre.sh version [a8f310fb41].
Deleted configure version [c1aa70d493].
Modified configure.in
from [8e59f65b56]
to [92ab7478f3].
|
| < < < < | < < < < < < < > | < | | < < < | > | < | | < | < | < < < < < < | | < < < < < < | < | < | < < < < < < < < < < < < < < | < < < < < | < < < > > > | < > > < < < < > > | < < < < < > | < < < < < < < < | < > > < < < > > > > < | < < < < | | | < < < < < | < | < < < | < | < < < < < < | < | < < < < < | > | | < < < | < | | < > < < < < < < < | < < < < > | < > < < | < < > > > | < < < | < > | < < < < < < < < < > > | < < < < < < < < > | < | < < < > | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 | dnl Define ourselves AC_INIT(tcltls, 1.256) dnl Checks for programs. AC_PROG_CC AC_PROG_MAKE_SET AC_PROG_INSTALL AC_GNU_SOURCE dnl Determine system information DC_CHK_OS_INFO dnl Look for appropriate headers AC_CHECK_HEADERS(unistd.h stdlib.h string.h strings.h) dnl Perform Tcl Extension required stuff TCLEXT_INIT if test "$TCLEXT_BUILD" != 'static'; then dnl Determine how to make shared objects DC_GET_SHOBJFLAGS EXTENSION_TARGET="tcltls.${SHOBJEXT}" else AC_CHECK_TOOL([AR], [ar], [false]) AC_CHECK_TOOL([RANLIB], [ranlib], [:]) EXTENSION_TARGET="tcltls.a" fi AC_SUBST(EXTENSION_TARGET) AC_SUBST(TCLEXT_BUILD) dnl Determine what SSL library to link with AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl], [name of ssl library to build against (openssl, libressl, nss, auto)]), [ if test "$withval" = "no"; then AC_MSG_ERROR([You may not specify --without-ssl]) fi if test "$withval" = "yes"; then AC_MSG_ERROR([If you specify --with-ssl then you must provide a value]) fi tcltls_ssl_lib="$withval" ], [ tcltls_ssl_lib='auto' ]) dnl Enable support for building the same library every time tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ if test "$enableval" = "yes"; then tcltls_deterministic='true' fi ]) if test "$tcltls_deterministic" = 'true'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi AC_SUBST(GEN_DH_PARAMS_ARGS) AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons if test "$tcltls_ssl_lib" = 'auto'; then tcltls_ssl_lib='openssl' fi AC_MSG_CHECKING([which TLS library to use]) AS_CASE([$tcltls_ssl_lib], [openssl], [ AC_MSG_RESULT([openssl]) LIBS="${LIBS} `"${PKGCONFIG}" openssl --libs`" CFLAGS="${CFLAGS} `"${PKGCONFIG}" openssl --cflags-only-other`" CPPFLAGS="${CPPFLAGS} `"${PKGCONFIG}" openssl --cflags-only-I`" ], [libressl], [ AC_MSG_RESULT([libressl]) ], [nss], [ AC_MSG_RESULT([nss]) ], [ AC_MSG_ERROR([Unsupported SSL library: $tcltls_ssl_lib]) ] ) dnl Produce output AC_OUTPUT(Makefile pkgIndex.tcl) |
Deleted fixstrtod.c version [097c39a2a6].
Added gen_dh_params version [121b16da7e].
Added pkgIndex.tcl.in version [69b06405aa].
Modified tclOpts.h
from [4e3c2a8397]
to [aff9aa3b9c].
1 2 3 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * | < < | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * * Stylized option processing - requires consitent * external vars: opt, idx, objc, objv */ #ifndef _TCL_OPTS_H #define _TCL_OPTS_H #define OPT_PROLOG(option) \ |
︙ | ︙ |
Deleted tclconfig/README.txt version [180f4215d5].
Deleted tclconfig/install-sh version [b087e5c4b9].
Deleted tclconfig/tcl.m4 version [1cb6792ef2].
Modified tests/all.tcl
from [0cb48d72f1]
to [a5976d4aa4].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | # all.tcl -- # # This file contains a top-level script to run all of the Tcl # tests. Execute it by invoking "source all.test" when running tcltest # in this directory. # # Copyright (c) 1998-2000 by Ajuba Solutions. # All rights reserved. # # RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $ if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } set ::tcltest::testSingleFile false | > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | # all.tcl -- # # This file contains a top-level script to run all of the Tcl # tests. Execute it by invoking "source all.test" when running tcltest # in this directory. # # Copyright (c) 1998-2000 by Ajuba Solutions. # All rights reserved. # # RCS: @(#) $Id: all.tcl,v 1.5 2000/08/15 18:45:01 hobbs Exp $ set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]] if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } set ::tcltest::testSingleFile false |
︙ | ︙ |
Modified tests/ciphers.test
from [775a49336b]
to [9bef3a5541].
︙ | ︙ | |||
13 14 15 16 17 18 19 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } # The build dir is added as the first element of $PATH | < < | 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import ::tcltest::* } # The build dir is added as the first element of $PATH package require tls # One of these should == 1, depending on what type of ssl library # tls was compiled against. (RSA BSAFE SSL-C or OpenSSL). # set ::tcltest::testConstraints(rsabsafe) 0 set ::tcltest::testConstraints(openssl) [string match "OpenSSL*" [tls::version]] |
︙ | ︙ |
Modified tests/keytest1.tcl
from [d7e22b5f32]
to [897f9f74ad].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #!/bin/sh # The next line is executed by /bin/sh, but not tcl \ exec tclsh "$0" ${1+"$@"} package require tls proc creadable {s} { puts "LINE=[gets $s]" after 2000 exit } proc myserv {s args} { fileevent $s readable [list creadable $s] } tls::misc req 1024 $keyfile $certfile [list C CCC ST STTT L LLLL O OOOO OU OUUUU CN CNNNN Email some@email.com days 730 serial 12] tls::socket -keyfile $keyfile -certfile $certfile -server myserv 12300 puts "Now run keytest2.tcl" vwait forever | > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | #!/bin/sh # The next line is executed by /bin/sh, but not tcl \ exec tclsh "$0" ${1+"$@"} set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]] package require tls proc creadable {s} { puts "LINE=[gets $s]" after 2000 exit } proc myserv {s args} { fileevent $s readable [list creadable $s] } close [file tempfile keyfile] close [file tempfile certfile] tls::misc req 1024 $keyfile $certfile [list C CCC ST STTT L LLLL O OOOO OU OUUUU CN CNNNN Email some@email.com days 730 serial 12] tls::socket -keyfile $keyfile -certfile $certfile -server myserv 12300 puts "Now run keytest2.tcl" vwait forever |
Modified tests/keytest2.tcl
from [24f9bfe9d5]
to [9ae291a22a].
1 2 3 4 5 6 7 | package require tls set s [tls::socket 127.0.0.1 12300] puts $s "A line" flush $s puts [join [tls::status $s] \n] exit | > > > < | 1 2 3 4 5 6 7 8 9 10 | #! /usr/bin/env tclsh set auto_path [linsert $auto_path 0 [file normalize [file join [file dirname [info script]] ..]]] package require tls set s [tls::socket 127.0.0.1 12300] puts $s "A line" flush $s puts [join [tls::status $s] \n] exit |
Modified tests/oldTests/tls.tcl
from [d3ab0f3fc4]
to [3ec4a78d72].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # set dir [file dirname [info script]] regsub {\.} [info tclversion] {} vshort if {$tcl_platform(platform) == "windows"} { if {[info exists tcl_platform(debug)]} { load $dir/../win/Debug$vshort/tls.dll } else { load $dir/../win/Release$vshort/tls.dll |
︙ | ︙ |
Modified tests/oldTests/tlsAuto.tcl
from [af559bc2dc]
to [c6f69ae9dc].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # set dir [file dirname [info script]] cd $dir source tls.tcl proc fromServer {chan} { if {[catch {read $chan 10} data]} { |
︙ | ︙ |
Modified tests/oldTests/tlsBlocking.tcl
from [10a9ce36e6]
to [272e10e79e].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # set dir [file dirname [info script]] cd $dir source tls.tcl proc bgerror {msg} {tclLog "BG: $msg"} |
︙ | ︙ |
Modified tests/oldTests/tlsCiphers.tcl
from [015cebb2a4]
to [fc1b7f572b].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # set dir [file dirname [info script]] cd $dir source tls.tcl if {[llength $argv] == 0} { puts stderr "Usage: ciphers protocol ?verbose?" |
︙ | ︙ |
Modified tests/oldTests/tlsHttp.tcl
from [a70dbb3194]
to [a53b6ea2fa].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # package require base64 set dir [file dirname [info script]] cd $dir source tls.tcl package require http |
︙ | ︙ |
Modified tests/oldTests/tlsSrv.tcl
from [94376e17c0]
to [03126ed641].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # # Sample Tls-enabled server # set dir [file dirname [info script]] cd $dir source tls.tcl #lappend auto_path d:/tcl80/lib #package require tls |
︙ | ︙ |
Modified tests/oldTests/tlsSrv2.tcl
from [55ffa72ce8]
to [26eb405e56].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # # Sample Tls-enabled server # set dir [file dirname [info script]] cd $dir source tls.tcl #lappend auto_path d:/tcl80/lib #package require tls |
︙ | ︙ |
Modified tests/oldTests/tlsUpload.tcl
from [82c9e6c118]
to [7d5a3a1baa].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # set dir [file dirname [info script]] cd $dir source tls.tcl proc fromServer {chan} { if {[catch {read $chan 10} data]} { |
︙ | ︙ |
Modified tests/tlsIO.test
from [29322e679c]
to [eaefd1ceb9].
︙ | ︙ | |||
66 67 68 69 70 71 72 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import -force ::tcltest::* } # The build dir is added as the first element of $PATH | < | | 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 | if {[lsearch [namespace children] ::tcltest] == -1} { package require tcltest namespace import -force ::tcltest::* } # The build dir is added as the first element of $PATH # Load the tls package package require tls set tlsServerPort 8048 # Specify where the certificates are set certsDir [file join [file dirname [info script]] certs] set serverCert [file join $certsDir server.pem] |
︙ | ︙ | |||
300 301 302 303 304 305 306 307 | test tlsIO-1.12 {arg parsing for socket command} {socket} { list [catch {tls::socket foo badport} msg] $msg } {1 {expected integer but got "badport"}} test tlsIO-2.1 {tcp connection} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 | test tlsIO-1.12 {arg parsing for socket command} {socket} { list [catch {tls::socket foo badport} msg] $msg } {1 {expected integer but got "badport"}} test tlsIO-2.1 {tcp connection} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x timed_out"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]" puts $f { proc accept {file addr port} { global x |
︙ | ︙ | |||
342 343 344 345 346 347 348 349 | } else { set port [expr {$tlsServerPort + [pid]%1024}] } test tlsIO-2.2 {tcp connection with client port specified} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 | } else { set port [expr {$tlsServerPort + [pid]%1024}] } test tlsIO-2.2 {tcp connection with client port specified} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8829 \]" puts $f { proc accept {sock addr port} { global x |
︙ | ︙ | |||
382 383 384 385 386 387 388 389 | close $f set x } [list ready "hello $port"] test tlsIO-2.3 {tcp connection with client interface specified} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 | close $f set x } [list ready "hello $port"] test tlsIO-2.3 {tcp connection with client interface specified} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8830 \]" puts $f { proc accept {sock addr port} { global x |
︙ | ︙ | |||
420 421 422 423 424 425 426 427 | close $f set x } {ready {hello 127.0.0.1}} test tlsIO-2.4 {tcp connection with server interface specified} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 | close $f set x } {ready {hello 127.0.0.1}} test tlsIO-2.4 {tcp connection with server interface specified} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey -myaddr [info hostname] 8831 \]" puts $f { proc accept {sock addr port} { global x |
︙ | ︙ | |||
457 458 459 460 461 462 463 464 | close $f set x } {ready hello} test tlsIO-2.5 {tcp connection with redundant server port} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 | close $f set x } {ready hello} test tlsIO-2.5 {tcp connection with redundant server port} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8832 \]" puts $f { proc accept {sock addr port} { global x |
︙ | ︙ | |||
504 505 506 507 508 509 510 511 | } set status } ok test tlsIO-2.7 {echo server, one line} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 | } set status } ok test tlsIO-2.7 {echo server, one line} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x done"] } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8834 \]" puts $f { proc accept {s a p} { fileevent $s readable [list echo $s] |
︙ | ︙ | |||
548 549 550 551 552 553 554 555 | set y [gets $f] close $f list $x $y } {{hello abcdefghijklmnop} done} test tlsIO-2.8 {echo server, loop 50 times, single connection} {socket stdio} { set f [open script w] puts $f { | > < | 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 | set y [gets $f] close $f list $x $y } {{hello abcdefghijklmnop} done} test tlsIO-2.8 {echo server, loop 50 times, single connection} {socket stdio} { set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8835 \]" puts $f { proc accept {s a p} { fileevent $s readable [list echo $s] fconfigure $s -buffering line |
︙ | ︙ | |||
600 601 602 603 604 605 606 607 | set x } {done 50} test tlsIO-2.9 {socket conflict} {socket stdio} { set s [tls::socket -server accept 8828] removeFile script set f [open script w] puts -nonewline $f { | > < | 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 | set x } {done 50} test tlsIO-2.9 {socket conflict} {socket stdio} { set s [tls::socket -server accept 8828] removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts -nonewline $f { package require tls tls::socket -server accept 8828 } close $f set f [open "|[list $::tcltest::tcltest script]" r] gets $f after 100 |
︙ | ︙ | |||
687 688 689 690 691 692 693 694 | test tlsIO-2.12 {tcp connection; no certificates specified} \ {socket stdio unixOnly} { # There is a debug assertion on Windows/SSL that causes a crash when the # certificate isn't specified. removeFile script set f [open script w] puts $f { | > < | 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 | test tlsIO-2.12 {tcp connection; no certificates specified} \ {socket stdio unixOnly} { # There is a debug assertion on Windows/SSL that causes a crash when the # certificate isn't specified. removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set timer [after 2000 "set x timed_out"] set f [tls::socket -server accept 8828] proc accept {file addr port} { global x set x done close $file |
︙ | ︙ | |||
720 721 722 723 724 725 726 727 | close $f set x } {ready done {}} test tlsIO-3.1 {socket conflict} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 | close $f set x } {ready done {}} test tlsIO-3.1 {socket conflict} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "set f \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]" puts $f { puts ready gets stdin close $f |
︙ | ︙ | |||
745 746 747 748 749 750 751 752 | close $f set x } {1 {couldn't open socket: address already in use}} test tlsIO-3.2 {server with several clients} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 | close $f set x } {1 {couldn't open socket: address already in use}} test tlsIO-3.2 {server with several clients} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls set t1 [after 30000 "set x timed_out"] set t2 [after 31000 "set x timed_out"] set t3 [after 32000 "set x timed_out"] set counter 0 } puts $f "set s \[tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828 \]" |
︙ | ︙ | |||
814 815 816 817 818 819 820 821 | set x } {ready done} test tlsIO-4.1 {server with several clients} {socket stdio} { # have seen intermittent hangs on Windows removeFile script set f [open script w] puts $f { | > < | 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 | set x } {ready done} test tlsIO-4.1 {server with several clients} {socket stdio} { # have seen intermittent hangs on Windows removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls gets stdin } puts $f "set s \[tls::socket -certfile $clientCert -cafile $caCert -keyfile $clientKey 127.0.0.1 8828 \]" puts $f { fconfigure $s -buffering line for {set i 0} {$i < 100} {incr i} { |
︙ | ︙ | |||
922 923 924 925 926 927 928 929 | } {couldn't open socket: not owner} test tlsIO-6.1 {accept callback error} {socket stdio} { # There is a debug assertion on Windows/SSL that causes a crash when the # certificate isn't specified. removeFile script set f [open script w] puts $f { | > < | 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 | } {couldn't open socket: not owner} test tlsIO-6.1 {accept callback error} {socket stdio} { # There is a debug assertion on Windows/SSL that causes a crash when the # certificate isn't specified. removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls gets stdin } puts $f [list tls::socket -cafile $caCert 127.0.0.1 8848] close $f set f [open "|[list $::tcltest::tcltest script]" r+] proc bgerror args { |
︙ | ︙ | |||
950 951 952 953 954 955 956 957 | rename bgerror {} set x } {{divide by zero}} test tlsIO-7.1 {testing socket specific options} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 | rename bgerror {} set x } {{divide by zero}} test tlsIO-7.1 {testing socket specific options} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f [list tls::socket -server accept \ -certfile $serverCert -cafile $caCert -keyfile $serverKey 8820] puts $f { proc accept args { global x |
︙ | ︙ | |||
984 985 986 987 988 989 990 991 | lappend l [string compare [lindex $p 2] 8820] lappend l [llength $p] } {0 0 3} test tlsIO-7.2 {testing socket specific options} {socket stdio} { removeFile script set f [open script w] puts $f { | > < | 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 | lappend l [string compare [lindex $p 2] 8820] lappend l [llength $p] } {0 0 3} test tlsIO-7.2 {testing socket specific options} {socket stdio} { removeFile script set f [open script w] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "tls::socket -server accept -certfile $serverCert -cafile $caCert -keyfile $serverKey 8821" puts $f { proc accept args { global x set x done |
︙ | ︙ | |||
1756 1757 1758 1759 1760 1761 1762 1763 | # Script2 creates the server socket, launches script1, # waits a second, and exits. The server socket will now # be closed unless script1 inherited it. set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f { | > < | 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 | # Script2 creates the server socket, launches script1, # waits a second, and exits. The server socket will now # be closed unless script1 inherited it. set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "set f \[tls::socket -server accept \ -certfile $serverCert -cafile $caCert -keyfile $serverKey 8828\]" puts $f { proc accept { file addr port } { close $file |
︙ | ︙ | |||
1813 1814 1815 1816 1817 1818 1819 1820 | # Script2 opens the client socket and writes to it. It then # launches script1 and exits. If the child process inherited the # client socket, the socket will still be open. set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f { | > < | 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 | # Script2 opens the client socket and writes to it. It then # launches script1 and exits. If the child process inherited the # client socket, the socket will still be open. set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "set f \[tls::socket -certfile $clientCert -cafile $caCert \ -keyfile $clientKey 127.0.0.1 8829\]" puts $f { exec $tclsh script1 & puts $f testing |
︙ | ︙ | |||
1874 1875 1876 1877 1878 1879 1880 1881 | after 10000 exit vwait forever } close $f set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f { | > < | 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 | after 10000 exit vwait forever } close $f set f [open script2 w] puts $f [list set tclsh $::tcltest::tcltest] puts $f [list set auto_path $auto_path] puts $f { package require tls } puts $f "set f \[tls::socket -server accept \ -certfile $serverCert -cafile $caCert -keyfile $serverKey 8930\]" puts $f { proc accept { file host port } { global tclsh |
︙ | ︙ | |||
1926 1927 1928 1929 1930 1931 1932 | test tlsIO-13.1 {Testing use of shared socket between two threads} \ {socket testthread} { # HOBBS: never tested removeFile script threadReap makeFile { | < | 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 | test tlsIO-13.1 {Testing use of shared socket between two threads} \ {socket testthread} { # HOBBS: never tested removeFile script threadReap makeFile { package require tls set f [tls::socket -server accept 8828] proc accept {s a p} { fileevent $s readable [list echo $s] fconfigure $s -buffering line } proc echo {s} { |
︙ | ︙ |
Modified tls.c
from [15a7d7809d]
to [898daed710].
1 2 3 4 5 6 7 | /* * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com> * some modifications: * Copyright (C) 2000 Ajuba Solutions * Copyright (C) 2002 ActiveState Corporation * Copyright (C) 2004 Starfish Systems * | < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 | /* * Copyright (C) 1997-1999 Matt Newman <matt@novadigm.com> * some modifications: * Copyright (C) 2000 Ajuba Solutions * Copyright (C) 2002 ActiveState Corporation * Copyright (C) 2004 Starfish Systems * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built (almost) from scratch based upon observation of * OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for |
︙ | ︙ | |||
63 64 65 66 67 68 69 | static int UnimportObjCmd _ANSI_ARGS_ ((ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[])); static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, char *key, char *cert, char *CAdir, char *CAfile, char *ciphers, char *DHparams)); | | < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | static int UnimportObjCmd _ANSI_ARGS_ ((ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[])); static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, char *key, char *cert, char *CAdir, char *CAfile, char *ciphers, char *DHparams)); static int TlsLibInit _ANSI_ARGS_ ((void)) ; #define TLS_PROTO_SSL2 0x01 #define TLS_PROTO_SSL3 0x02 #define TLS_PROTO_TLS1 0x04 #define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) /* * Static data structures */ #ifndef OPENSSL_NO_DH #include "dh_params.h" #endif /* * Defined in Tls_Init to determine what kind of channels we are using * (old-style 8.2.0-8.3.1 or new-style 8.3.2+). */ int channelTypeVersion; |
︙ | ︙ | |||
166 167 168 169 170 171 172 | /* * Threaded operation requires locking callbacks * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL. */ static Tcl_Mutex locks[CRYPTO_NUM_LOCKS]; static Tcl_Mutex init_mx; | < | 121 122 123 124 125 126 127 128 129 130 131 132 133 134 | /* * Threaded operation requires locking callbacks * Based from /crypto/cryptlib.c of OpenSSL and NSOpenSSL. */ static Tcl_Mutex locks[CRYPTO_NUM_LOCKS]; static Tcl_Mutex init_mx; static void CryptoThreadLockCallback (int mode, int n, const char *file, int line); static unsigned long CryptoThreadIdCallback (void); static void CryptoThreadLockCallback(int mode, int n, const char *file, int line) { |
︙ | ︙ | |||
1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 | *------------------------------------------------------------------- */ int Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is * to be made available. */ { int major, minor, patchlevel, release; /* * The original 8.2.0 stacked channel implementation (and the patch * that preceded it) had problems with scalability and robustness. * These were address in 8.3.2 / 8.4a2, so we now require that as a * minimum for TLS 1.4+. We only support 8.2+ now (8.3.2+ preferred). | > > > > | 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 | *------------------------------------------------------------------- */ int Tls_Init(Tcl_Interp *interp) /* Interpreter in which the package is * to be made available. */ { const unsigned char tlsTclInitScript[] = { #include "tls.tcl.h" }; int major, minor, patchlevel, release; /* * The original 8.2.0 stacked channel implementation (and the patch * that preceded it) had problems with scalability and robustness. * These were address in 8.3.2 / 8.4a2, so we now require that as a * minimum for TLS 1.4+. We only support 8.2+ now (8.3.2+ preferred). |
︙ | ︙ | |||
1717 1718 1719 1720 1721 1722 1723 | Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); | > > > > | | 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 | Tcl_CreateObjCommand(interp, "tls::version", VersionObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); Tcl_CreateObjCommand(interp, "tls::misc", MiscObjCmd, (ClientData) 0, (Tcl_CmdDeleteProc *) NULL); if (interp) { Tcl_Eval(interp, tlsTclInitScript); } return Tcl_PkgProvide(interp, "tls", PACKAGE_VERSION); } /* *------------------------------------------------------* * * Tls_SafeInit -- * |
︙ | ︙ | |||
1763 1764 1765 1766 1767 1768 1769 | * initilizes SSL library * * Result: * none * *------------------------------------------------------* */ | | | < | > > > > | 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 | * initilizes SSL library * * Result: * none * *------------------------------------------------------* */ static int TlsLibInit (void) { static int initialized = 0; int i; char rnd_seed[16] = "GrzSlplKqUdnnzP!"; /* 16 bytes */ int status=TCL_OK; #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) size_t num_locks; if (initialized) { return status; } Tcl_MutexLock(&init_mx); if (!initialized) { initialized = 1; #else { #endif if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc, (void *(*)(void *, size_t))Tcl_Realloc, (void(*)(void *))Tcl_Free) == 0) { /* Not using Tcl's mem functions ... not critical */ } |
︙ | ︙ | |||
1821 1822 1823 1824 1825 1826 1827 | do { for (i = 0; i < 16; i++) { rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); } while (RAND_status() != 1); } | > | < | 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 | do { for (i = 0; i < 16; i++) { rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0)); } RAND_seed(rnd_seed, sizeof(rnd_seed)); } while (RAND_status() != 1); } done: #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) Tcl_MutexUnlock(&init_mx); #endif return status; } |
Modified tls.h
from [dc96a1623e]
to [6362c4c989].
1 2 3 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * | < < | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me |
︙ | ︙ |
Modified tls.tcl
from [3192efd07b]
to [90f08f912e].
1 2 3 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # | < < | 1 2 3 4 5 6 7 8 9 10 | # # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> # namespace eval tls { variable logcmd tclLog variable debug 0 # Default flags passed to tls::import variable defaults {} |
︙ | ︙ |
Modified tlsBIO.c
from [66eac232ea]
to [b90d32218c].
1 2 3 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * | < < | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * * Provides BIO layer to interface openssl to Tcl. */ #include "tlsInt.h" /* * Forward declarations |
︙ | ︙ |
Modified tlsIO.c
from [ed5e46f5ea]
to [d9df3786b9].
1 2 3 4 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * Copyright (C) 2000 Ajuba Solutions * | < < | 1 2 3 4 5 6 7 8 9 10 11 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * Copyright (C) 2000 Ajuba Solutions * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me |
︙ | ︙ |
Modified tlsInt.h
from [aca790a765]
to [337abc57f7].
1 2 3 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * | < < | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com> * * TLS (aka SSL) Channel - can be layered on any bi-directional * Tcl_Channel (Note: Requires Trf Core Patch) * * This was built from scratch based upon observation of OpenSSL 0.9.2B * * Addition credit is due for Andreas Kupries (a.kupries@westend.com), for * providing the Tcl_ReplaceChannel mechanism and working closely with me |
︙ | ︙ |
Modified tlsX509.c
from [24e0063023]
to [a24085972c].
1 2 3 | /* * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman <matt@sensus.org> | < < | 1 2 3 4 5 6 7 8 9 10 | /* * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman <matt@sensus.org> */ #include "tlsInt.h" /* * Ensure these are not macros - known to be defined on Win32 */ #ifdef min |
︙ | ︙ |
Deleted win/makefile.vc version [91ee39841d].
Deleted win/nmakehlp.c version [892a643209].
Deleted win/rules.vc version [ead277b0fc].
Deleted win/tls.rc version [93d9423ff3].