Check-in [b9edfb2437]
Overview
Comment:made more relevant for 1.6 release
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: b9edfb24370ccd1e0c2970fe30f68cbcb0c50c05
User & Date: hobbs2 on 2008-03-19 22:49:12
Other Links: manifest | tags
Context
2008-03-19
22:57
(dist): update to include win/ and file.srl check-in: 8ab8bc9333 user: hobbs2 tags: trunk
22:49
made more relevant for 1.6 release check-in: b9edfb2437 user: hobbs2 tags: trunk
22:38
* win/makefile.vc: bump version to 1.6 * configure.in: use -L and -R where necessary. [Bug 1742859] check-in: 7530d26995 user: hobbs2 tags: trunk
Changes
1
2



3
4

5
6
7
8
9
10
11
12
13
14
15
16



17
18
19
20
21
22
23
24
25








26
27
28
29



30
31

32
33
34


35
36
37
38
39
40
41
42
43
44
45
46


1
2
3
4

5
6
7
8
9
10
11
12
13
14



15
16
17
18








19
20
21
22
23
24
25
26

27


28
29
30


31



32
33
34
35










-
-
+
+
+

-
+









-
-
-
+
+
+

-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-

-
-
+
+
+
-
-
+
-
-
-
+
+


-
-
-
-
-
-
-
-
-
-
Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1 Copyright (C) 2000 Ajuba Solutions
Original TLS Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
TLS 1.4.1    Copyright (C) 2000 Ajuba Solutions
TLS 1.6      Copyright (C) 2008 ActiveState Software Inc.

$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.6 2004/02/17 21:27:20 razzell Exp $
$Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/README.txt,v 1.7 2008/03/19 22:49:12 hobbs2 Exp $

TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.

Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.

Full filevent sematics should also be intact - see tests directory for
blocking and non-blocking examples.

The current release is TLS 1.5.0, with binaries built against OpenSSL 0.9.7c.
For best security and function, always compile from source use the latest
official release of OpenSSL.
The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).

The TLS 1.4 release requires Tcl 8.2.0+, with 8.3.2+ preferred.  The
stacked channel implementation in Tcl was originally introduced in 8.2.0
(previously the Trf patch) and rewritten for 8.3.2+ due to inherent
limitations in the earlier implementation.  TLS 1.4 should compile with
any stubs-capable Tcl interpreter, but will require 8.2+ when loaded.
There are known limitations in the 8.2.0-8.3.1 stacked channel
implementation, so it is encouraged that people use TLS 1.4+ with an
8.3.2+ Tcl interpreter.  These modifications are by Jeff Hobbs
TLS requires Tcl 8.2.0+, with 8.3.2+ preferred.  The stacked channel
implementation in Tcl was originally introduced in 8.2.0 (previously the
Trf patch) and rewritten for 8.3.2+ due to inherent limitations in the
earlier implementation.  TLS should compile with any stubs-capable Tcl
interpreter, but will require 8.2+ when loaded.  There are known
limitations in the 8.2.0-8.3.1 stacked channel implementation, so it is
encouraged that people use TLS with an 8.3.2+ Tcl interpreter.  These
modifications are by Jeff Hobbs.
<jeff@hobbs.org>.

Addition credit is due for Andreas Kupries (a.kupries@westend.com), for
providing the Tcl_ReplaceChannel mechanism and working closely with me
Non-exclusive credits for TLS are:
   Original work: Matt Newman @ Novadigm
   Updates: Jeff Hobbs @ ActiveState
to enhance it to support full fileevent semantics.

   Tcl Channel mechanism: Andreas Kupries
Also work done by the follow people provided the impetus to do this "right":-
tclSSL (Colin McCormack, Shared Technology)
SSLtcl (Peter Antman)
   Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
                         SSLtcl (Peter Antman)

This code is licensed under the same terms as the Tcl Core.

I would also like to acknowledge the input of Marshall Rose, who convinced 
me that people need to be able to switch-to-encrypted mode part way
through a conversation.

Also I would like to acknowledge the kind support of Novadigm Inc, my
current employer, which made this possible.


Matt Newman