Overview
Comment: | Updated ciphers command to use current APIs and added an option to return only ciphers as would be sent in ClientHello. Updated test suite to use OpenSSL executable to get ciphers comparison data. Added more test cases. Addresses defects: https://core.tcl-lang.org/tcltls/tktview/688788a45c and https://sourceforge.net/p/tls/bugs/36/ |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
05b2dd47be4c743293b9826f044395cb |
User & Date: | bohagan on 2023-05-24 01:18:52 |
Other Links: | branch diff | manifest | tags |
Context
2023-05-24
| ||
02:40 | Added new option -ciphersuites to set ciphers suites for TLS 1.3. Addresses defect: https://core.tcl-lang.org/tcltls/tktview/d0518a5645 check-in: cd11c125e8 user: bohagan tags: status_x509 | |
01:18 | Updated ciphers command to use current APIs and added an option to return only ciphers as would be sent in ClientHello. Updated test suite to use OpenSSL executable to get ciphers comparison data. Added more test cases. Addresses defects: https://core.tcl-lang.org/tcltls/tktview/688788a45c and https://sourceforge.net/p/tls/bugs/36/ check-in: 05b2dd47be user: bohagan tags: status_x509 | |
2023-05-22
| ||
19:25 | Updated all.tcl test script to produce an exit code. This is needed for use by test automation suites. check-in: af2c6346c9 user: bohagan tags: status_x509 | |
Changes
Modified doc/tls.html
from [1f01ff8ecc]
to [d2eae2e68e].
︙ | |||
26 27 28 29 30 31 32 | 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | - + | <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> <dd><b>tls::handshake</b> <em> channel</em></dd> <dd><b>tls::status </b> <em>?-local? channel</em></dd> <dd><b>tls::connection </b> <em>channel</em></dd> <dd><b>tls::import</b> <em>channel ?options?</em></dd> <dd><b>tls::unimport</b> <em>channel</em></dd> <dt> </dt> |
︙ | |||
59 60 61 62 63 64 65 | 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | - + | <a href="#tls::socket"><b>tls::socket</b> <i>?-server command? ?options? port</i></a><br> <a href="#tls::status"><b>tls::status</b> <i>?-local? channel</i></a><br> <a href="#tls::connection"><b>tls::connection</b> <i>channel</i></a><br> <a href="#tls::handshake"><b>tls::handshake</b> <i>channel</i></a><br> <a href="#tls::import"><b>tls::import</b> <i>channel ?options?</i></a><br> <a href="#tls::unimport"><b>tls::unimport</b> <i>channel</i></a><br> <br> |
︙ | |||
133 134 135 136 137 138 139 | 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 | + + + + + + + - - + + | <dd>Specify the filename containing the certificate to use. The default name is <b>cert.pem</b>. This can be overridden via the <b>SSL_CERT_FILE</b> environment variable.</dd> <dt><strong>-cert</strong> <em>filename</em></dt> <dd>Specify the contents of a certificate to use, as a DER encoded binary value (X.509 DER).</dd> <dt><strong>-cipher</strong> <em>string</em></dt> <dd>List of ciphers to use. String is a colon (":") separated list of ciphers or cipher suites. Cipher suites can be combined using the <b>+</b> character. Prefixes can be used to permanently remove ("!"), delete ("-"), or move a cypher to the end of the list ("+"). Keywords <b>@STRENGTH</b> (sort by algorithm key length), <b>@SECLEVEL=</b><i>n</i> (set security level to n), and <b>DEFAULT</b> (use default cipher list, at start only) |
︙ | |||
281 282 283 284 285 286 287 | 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 | - + - + + + | Negotiation (ALPN).</dd> <dt><strong>session_reused</strong> <em>boolean</em></dt> <dd>Whether the session has been reused or not.</dd> </dl> </blockquote> <dt><a name="tls::ciphers"><strong>tls::ciphers</strong> |
︙ |
Modified generic/tls.c
from [138bbe9b64]
to [f33536e873].
︙ | |||
496 497 498 499 500 501 502 | 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 | - + - + - - + + + + + + - + | }; enum protocol { TLS_SSL2, TLS_SSL3, TLS_TLS1, TLS_TLS1_1, TLS_TLS1_2, TLS_TLS1_3, TLS_NONE }; static int CiphersObjCmd(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *const objv[]) { |
︙ | |||
568 569 570 571 572 573 574 575 576 577 578 579 580 | 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 | + - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + - - - + - + + + | default: break; } if (ctx == NULL) { Tcl_AppendResult(interp, REASON(), NULL); return TCL_ERROR; } ssl = SSL_new(ctx); if (ssl == NULL) { Tcl_AppendResult(interp, REASON(), NULL); SSL_CTX_free(ctx); return TCL_ERROR; } |
︙ | |||
635 636 637 638 639 640 641 | 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 | - + | if (objc != 1) { Tcl_WrongNumArgs(interp, 1, objv, ""); return TCL_ERROR; } objPtr = Tcl_NewListObj(0, NULL); |
︙ | |||
988 989 990 991 992 993 994 | 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 | - + - + - + - + | Tls_Free((char *) statePtr); return TCL_ERROR; } } if (alpn) { /* Convert a Tcl list into a protocol-list in wire-format */ unsigned char *protos, *p; |
︙ |
Added tests/README.txt version [673cb36188].
Added tests/ciphers.csv version [f4aff3652a].
Modified tests/ciphers.test
from [9bef3a5541]
to [212c1bf055].
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 | - - - - - - - + - - + - - - - + - - + + + - + - - - - - + + + + + + + + + + + + - + - - - - - - - - + - - - + + + + - - - - - - - - + + + + - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + - - + + - - - - - - - - - - - - - - - - - - - - + + + + - - + + - - + + - - - + + + + + + + + - - - - - - - - - - + + + + + - - - - - + + + + + + + + + - - - - - + + - - - - - + + + - - - - - - + + + + - - - + - - - - - + + + + + - + |
|
Added tests/make_test_files.tcl version [c31b96320d].