Overview
Comment: | In password callback, added check for password > max size. Also added null terminator. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
3866a025e0d0aa35865a2372f19a0933 |
User & Date: | bohagan on 2024-02-28 04:42:13 |
Other Links: | manifest | tags |
Context
2024-03-02
| ||
00:02 | Added check for ssl.h file when checking for valid --opensslincludedir path. Added status message with find ssl.h result. check-in: 65406cadf6 user: bohagan tags: trunk | |
2024-02-28
| ||
05:26 | Merged changes from master check-in: bfb516156c user: bohagan tags: crypto | |
04:42 | In password callback, added check for password > max size. Also added null terminator. check-in: 3866a025e0 user: bohagan tags: trunk | |
04:25 | Updated acinclude.m4 file to add include path check for Mac installs. Corrected check for not null to instead check for not zero length variables. Fixed variable delimiter syntax error. check-in: 881da2c51a user: bohagan tags: trunk | |
Changes
Modified generic/tls.c
from [0e25730e3b]
to [074ad76419].
︙ | |||
30 31 32 33 34 35 36 | 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | - - - | #include <openssl/safestack.h> /* Min OpenSSL version */ #if OPENSSL_VERSION_NUMBER < 0x10101000L #error "Only OpenSSL v1.1.1 or later is supported" #endif |
︙ | |||
338 339 340 341 342 343 344 | 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 | - + | * * Monitors SSL certificate validation process. Used to control the * behavior when the SSL_VERIFY_PEER flag is set. This is called * whenever a certificate is inspected or decided invalid. Called for * each certificate in the cert chain. * * Checks: |
︙ | |||
418 419 420 421 422 423 424 | 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 | - + | } /* *------------------------------------------------------------------- * * Tls_Error -- * |
︙ | |||
493 494 495 496 497 498 499 | 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 | - - - + + + + - - - + + + + + + + | } /* *------------------------------------------------------------------- * * Password Callback -- * |
︙ | |||
553 554 555 556 557 558 559 | 555 556 557 558 559 560 561 562 563 564 565 566 567 568 | - | } Tcl_DecrRefCount(cmdPtr); Tcl_Release((ClientData) statePtr); /* If successful, pass back password string and truncate if too long */ if (code == TCL_OK) { |
︙ | |||
629 630 631 632 633 634 635 636 637 638 639 640 641 642 | 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 | + + | Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewLongObj((long) SSL_SESSION_get_ticket_lifetime_hint(session))); /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); /* Return 0 for now until session handling is complete */ return 0; } /* *------------------------------------------------------------------- * * ALPN Callback for Servers and NPN Callback for Clients -- |
︙ | |||
1557 1558 1559 1560 1561 1562 1563 | 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 | - + | char *str = Tcl_GetStringFromObj(list[j], &len); *p++ = (unsigned char) len; memcpy(p, str, (size_t) len); p += len; } /* SSL_set_alpn_protos makes a copy of the protocol-list */ |
︙ |