Changes In Branch feature-dump-keys Excluding Merge-Ins
This is equivalent to a diff from b5c41cdeb6 to e0f002ecb1
2024-01-25
| ||
22:22 | Somewhat better TEA support, not complete yet. Make this the continuation of the tls-1.7 branch. main/trunk will continue with 1.8.0 check-in: b7b0bd5a8f user: jan.nijtmans tags: tls-1.7 | |
2024-01-24
| ||
14:35 | First changes needed for Tcl 9.0 check-in: 3057d6e2e0 user: jan.nijtmans tags: nijtmans | |
2023-03-04
| ||
16:14 | Merge feature-dump-keys into main check-in: bed86d3303 user: bohagan tags: trunk | |
15:44 | Merge add-support-alpn into main check-in: 4b4daeada4 user: bohagan tags: trunk | |
14:51 | Added doc update Closed-Leaf check-in: e0f002ecb1 user: bohagan tags: feature-dump-keys | |
2022-05-30
| ||
16:14 | Bug [8de7f5aa07]: Add support for dumping SSL keys check-in: 2c773b9a38 user: schelte tags: feature-dump-keys | |
16:12 | Create new branch named "feature-dump-keys" check-in: f6b9f887ef user: rkeene tags: feature-dump-keys | |
16:08 | Bug [e1f9a21c67]: Start of ALPN support check-in: 07bafe02de user: schelte tags: add-support-alpn | |
16:07 | Create new branch named "add-support-alpn" check-in: 283dc6f133 user: rkeene tags: add-support-alpn | |
2021-01-14
| ||
12:56 | Ticket [604bb68b5c] : rudimentary nmake build system check-in: b5c41cdeb6 user: oehhar tags: trunk | |
2020-10-15
| ||
10:54 | Corrected instructions. Removed already applied patch Closed-Leaf check-in: b6aa13660a user: oehhar tags: bug-604bb68b5c-nmake | |
2020-10-12
| ||
20:32 | add "version" element with SSL/TLS protocol version to tls::status check-in: 9c32a526ed user: resuna tags: trunk | |
Modified build/post.sh
from [cb645c3205]
to [256b2f5d84].
︙ | ︙ |
Modified build/pre.sh
from [a8f310fb41]
to [5b92f77928].
Modified gen_dh_params
from [c005dd2aeb]
to [2613dfd476].
︙ | ︙ |
Modified tests/remote.tcl
from [c8f880a3e5]
to [b1e4530462].
︙ | ︙ |
Modified tests/simpleClient.tcl
from [abd896c23b]
to [5b2a6112d2].
︙ | ︙ |
Modified tests/simpleServer.tcl
from [ca9a28f88d]
to [1570c8544f].
︙ | ︙ |
Modified tests/tlsIO.test
from [1df3d39a1f]
to [40d48fe813].
︙ | ︙ |
Modified tls.c
from [b7a88587d1]
to [6b3fa216e0].
︙ | ︙ | |||
72 73 74 75 76 77 78 79 80 81 82 83 84 85 | #define TLS_PROTO_SSL3 0x02 #define TLS_PROTO_TLS1 0x04 #define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) /* * Static data structures */ #ifndef OPENSSL_NO_DH #include "dh_params.h" #endif | > > | 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | #define TLS_PROTO_SSL3 0x02 #define TLS_PROTO_TLS1 0x04 #define TLS_PROTO_TLS1_1 0x08 #define TLS_PROTO_TLS1_2 0x10 #define TLS_PROTO_TLS1_3 0x20 #define ENABLED(flag, mask) (((flag) & (mask)) == (mask)) #define SSLKEYLOGFILE "SSLKEYLOGFILE" /* * Static data structures */ #ifndef OPENSSL_NO_DH #include "dh_params.h" #endif |
︙ | ︙ | |||
400 401 402 403 404 405 406 407 408 409 410 411 412 413 | Tcl_BackgroundError(statePtr->interp); } Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); Tcl_Release((ClientData) statePtr->interp); } /* *------------------------------------------------------------------- * * PasswordCallback -- * * Called when a password is needed to unpack RSA and PEM keys. | > > > > > > > > > > | 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 | Tcl_BackgroundError(statePtr->interp); } Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); Tcl_Release((ClientData) statePtr->interp); } void KeyLogCallback(const SSL *ssl, const char *line) { char *str = getenv(SSLKEYLOGFILE); FILE *fd; if (str) { fd = fopen(str, "a"); fprintf(fd, "%s\n",line); fclose(fd); } } /* *------------------------------------------------------------------- * * PasswordCallback -- * * Called when a password is needed to unpack RSA and PEM keys. |
︙ | ︙ | |||
1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 | } ctx = SSL_CTX_new (method); if (!ctx) { return(NULL); } #if !defined(NO_TLS1_3) if (proto == TLS_PROTO_TLS1_3) { SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION); } #endif | > > > > | 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 | } ctx = SSL_CTX_new (method); if (!ctx) { return(NULL); } if (getenv(SSLKEYLOGFILE)) { SSL_CTX_set_keylog_callback(ctx, KeyLogCallback); } #if !defined(NO_TLS1_3) if (proto == TLS_PROTO_TLS1_3) { SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION); } #endif |
︙ | ︙ |
Modified tls.htm
from [54230bffc5]
to [d386ab8299].
︙ | ︙ | |||
405 406 407 408 409 410 411 412 413 414 415 416 417 418 | <p> <em> The use of the variable <strong>tls::debug</strong> is not recommended. It may be removed from future releases. </em> </p> <h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3> <p>This example uses a sample server.pem provided with the TLS release, courtesy of the <strong>OpenSSL</strong> project.</p> <pre><code> package require http | > > > > > > | 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 | <p> <em> The use of the variable <strong>tls::debug</strong> is not recommended. It may be removed from future releases. </em> </p> <h3><a name="DEBUG">DEBUG</a></h3> TLS key logging can be enabled by setting the environment variable <b>SSLKEYLOGFILE</b> to the name of the file to log to. Then whenever TLS key material is generated or received it will be logged to the file. <h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3> <p>This example uses a sample server.pem provided with the TLS release, courtesy of the <strong>OpenSSL</strong> project.</p> <pre><code> package require http |
︙ | ︙ |
Modified win/README.txt
from [c9eebede2e]
to [8e3c348717].
︙ | ︙ |
Modified win/makefile.vc
from [88282c8491]
to [2103458bde].
︙ | ︙ |
Modified win/targets.vc
from [77a0a274fa]
to [a9dacf9516].
︙ | ︙ |