Overview
Comment: | Backport changes from crypto branch including change -securitylevel option to -security_level. Optimized binary to hex conversion. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
d351d796429d9ad0dee505c316910554 |
User & Date: | bohagan on 2023-11-27 02:15:12 |
Other Links: | manifest | tags |
Context
2023-12-11
| ||
10:37 | Updated to latest tclconfig changes check-in: 98e3157245 user: bohagan tags: trunk | |
2023-11-27
| ||
02:15 | Backport changes from crypto branch including change -securitylevel option to -security_level. Optimized binary to hex conversion. check-in: d351d79642 user: bohagan tags: trunk | |
2023-11-22
| ||
22:18 | Fix to IO test missing set blocking value. See https://core.tcl-lang.org/tcltls/tktview/bb7085cfdc check-in: 104e43c85e user: bohagan tags: trunk | |
Changes
Modified doc/tls.html
from [9494c1c42e]
to [ec5645fd47].
︙ | |||
179 180 181 182 183 184 185 | 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 | - + | <dt><strong>-request </strong><em>bool</em></dt> <dd>Request a certificate from peer during SSL handshake. (default is <em>true</em>)</dd> <dt><strong>-require</strong> <em>bool</em></dt> <dd>Require a valid certificate from peer during SSL handshake. If this is set to true, then <strong>-request</strong> must also be set to true. (default is <em>false</em>)</dd> |
︙ |
Modified generic/tls.c
from [f4a59d7949]
to [d44fcd8515].
︙ | |||
1324 1325 1326 1327 1328 1329 1330 | 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 | - + - + | OPTBYTE("-key", key, key_len); OPTSTR("-keyfile", keyfile); OPTSTR("-model", model); OPTOBJ("-password", password); OPTBOOL("-post_handshake", post_handshake); OPTBOOL("-request", request); OPTBOOL("-require", require); |
︙ | |||
1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 | 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 | + + + + | } #endif /* Force cipher selection order by server */ if (!isServer) { SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); } #if OPENSSL_VERSION_NUMBER < 0x10100000L OpenSSL_add_all_algorithms(); /* Load ciphers and digests */ #endif SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */ SSL_CTX_set_options(ctx, SSL_OP_ALL); /* all SSL bug workarounds */ SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* disable compression even if supported */ SSL_CTX_set_options(ctx, off); /* disable protocol versions */ #if OPENSSL_VERSION_NUMBER < 0x10101000L SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); /* handle new handshakes in background. On by default in OpenSSL 1.1.1. */ |
︙ | |||
2213 2214 2215 2216 2217 2218 2219 | 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 | - + | /* Get protocol */ LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1); /* Renegotiation allowed */ LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support(ssl)); /* Get security level */ |
︙ |
Modified generic/tlsX509.c
from [a931d05109]
to [37e1c520a1].
︙ | |||
16 17 18 19 20 21 22 | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | - + + + + - + + - + | /* Define maximum certificate size. Max PEM size 100kB and DER size is 24kB. */ #define CERT_STR_SIZE 32768 /* * Binary string to hex string */ |
︙ |