Changes On Branch feature-dump-keys

Changes In Branch feature-dump-keys Excluding Merge-Ins

This is equivalent to a diff from b5c41cdeb6 to e0f002ecb1

2024-01-25
22:22
Somewhat better TEA support, not complete yet. Make this the continuation of the tls-1.7 branch. main/trunk will continue with 1.8.0 check-in: b7b0bd5a8f user: jan.nijtmans tags: tls-1.7
2024-01-24
14:35
First changes needed for Tcl 9.0 check-in: 3057d6e2e0 user: jan.nijtmans tags: nijtmans
2023-03-04
16:14
Merge feature-dump-keys into main check-in: bed86d3303 user: bohagan tags: trunk
15:44
Merge add-support-alpn into main check-in: 4b4daeada4 user: bohagan tags: trunk
14:51
Added doc update Closed-Leaf check-in: e0f002ecb1 user: bohagan tags: feature-dump-keys
2022-05-30
16:14
Bug [8de7f5aa07]: Add support for dumping SSL keys check-in: 2c773b9a38 user: schelte tags: feature-dump-keys
16:12
Create new branch named "feature-dump-keys" check-in: f6b9f887ef user: rkeene tags: feature-dump-keys
16:08
Bug [e1f9a21c67]: Start of ALPN support check-in: 07bafe02de user: schelte tags: add-support-alpn
16:07
Create new branch named "add-support-alpn" check-in: 283dc6f133 user: rkeene tags: add-support-alpn
2021-01-14
12:56
Ticket [604bb68b5c] : rudimentary nmake build system check-in: b5c41cdeb6 user: oehhar tags: trunk
2020-10-15
10:54
Corrected instructions. Removed already applied patch Closed-Leaf check-in: b6aa13660a user: oehhar tags: bug-604bb68b5c-nmake
2020-10-12
20:32
add "version" element with SSL/TLS protocol version to tls::status check-in: 9c32a526ed user: resuna tags: trunk

Modified tls.c from [b7a88587d1] to [6b3fa216e0].
72
73
74
75
76
77
78


79
80
81
82
83
84
85
#define TLS_PROTO_SSL3		0x02
#define TLS_PROTO_TLS1		0x04
#define TLS_PROTO_TLS1_1	0x08
#define TLS_PROTO_TLS1_2	0x10
#define TLS_PROTO_TLS1_3	0x20
#define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))



/*
 * Static data structures
 */

#ifndef OPENSSL_NO_DH
#include "dh_params.h"
#endif







>
>







72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#define TLS_PROTO_SSL3		0x02
#define TLS_PROTO_TLS1		0x04
#define TLS_PROTO_TLS1_1	0x08
#define TLS_PROTO_TLS1_2	0x10
#define TLS_PROTO_TLS1_3	0x20
#define ENABLED(flag, mask)	(((flag) & (mask)) == (mask))

#define SSLKEYLOGFILE		"SSLKEYLOGFILE"

/*
 * Static data structures
 */

#ifndef OPENSSL_NO_DH
#include "dh_params.h"
#endif
400
401
402
403
404
405
406










407
408
409
410
411
412
413
	Tcl_BackgroundError(statePtr->interp);
    }
    Tcl_DecrRefCount(cmdPtr);

    Tcl_Release((ClientData) statePtr);
    Tcl_Release((ClientData) statePtr->interp);
}











/*
 *-------------------------------------------------------------------
 *
 * PasswordCallback -- 
 *
 *	Called when a password is needed to unpack RSA and PEM keys.







>
>
>
>
>
>
>
>
>
>







402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
	Tcl_BackgroundError(statePtr->interp);
    }
    Tcl_DecrRefCount(cmdPtr);

    Tcl_Release((ClientData) statePtr);
    Tcl_Release((ClientData) statePtr->interp);
}

void KeyLogCallback(const SSL *ssl, const char *line) {
    char *str = getenv(SSLKEYLOGFILE);
    FILE *fd;
    if (str) {
	fd = fopen(str, "a");
	fprintf(fd, "%s\n",line);
	fclose(fd);
    }
}

/*
 *-------------------------------------------------------------------
 *
 * PasswordCallback -- 
 *
 *	Called when a password is needed to unpack RSA and PEM keys.
1199
1200
1201
1202
1203
1204
1205




1206
1207
1208
1209
1210
1211
1212
    }
    
    ctx = SSL_CTX_new (method);

    if (!ctx) {
        return(NULL);
    }





#if !defined(NO_TLS1_3)
    if (proto == TLS_PROTO_TLS1_3) {
        SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION);
        SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION);
    }
#endif







>
>
>
>







1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
    }
    
    ctx = SSL_CTX_new (method);

    if (!ctx) {
        return(NULL);
    }

    if (getenv(SSLKEYLOGFILE)) {
	SSL_CTX_set_keylog_callback(ctx, KeyLogCallback);
    }

#if !defined(NO_TLS1_3)
    if (proto == TLS_PROTO_TLS1_3) {
        SSL_CTX_set_min_proto_version (ctx, TLS1_3_VERSION);
        SSL_CTX_set_max_proto_version (ctx, TLS1_3_VERSION);
    }
#endif
Modified tls.htm from [54230bffc5] to [d386ab8299].
405
406
407
408
409
410
411






412
413
414
415
416
417
418
<p>
<em>
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>







<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>

<p>This example uses a sample server.pem provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http







>
>
>
>
>
>







405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
<p>
<em>
The use of the variable <strong>tls::debug</strong> is not recommended.
It may be removed from future releases.
</em>
</p>

<h3><a name="DEBUG">DEBUG</a></h3>

TLS key logging can be enabled by setting the environment variable
<b>SSLKEYLOGFILE</b> to the name of the file to log to. Then whenever TLS
key material is generated or received it will be logged to the file.

<h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>

<p>This example uses a sample server.pem provided with the TLS release,
courtesy of the <strong>OpenSSL</strong> project.</p>

<pre><code>
package require http