Overview
Comment: | Added signature hash and type to connection status Changed validation result to verification. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
e02e24c84af6ff3bc296d8e89afe7c69 |
User & Date: | bohagan on 2023-06-17 23:09:12 |
Other Links: | branch diff | manifest | tags |
Context
2023-06-18
| ||
21:47 | Added post handshake cert request option check-in: fec0e414e9 user: bohagan tags: status_x509 | |
2023-06-17
| ||
23:09 | Added signature hash and type to connection status Changed validation result to verification. check-in: e02e24c84a user: bohagan tags: status_x509 | |
2023-06-16
| ||
18:04 | Change to use NULL for empty pointers check-in: ee0728f6d6 user: bohagan tags: status_x509 | |
Changes
Modified doc/tls.html
from [1823f47826]
to [afa8cd9482].
︙ | |||
269 270 271 272 273 274 275 | 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 | - - + + + + + + + + | <dt><strong>peername</strong> <em>name</em></dt> <dd>The peername from the certificate.</dd> <dt><strong>sbits</strong> <em>n</em></dt> <dd>The number of bits used for the session key.</dd> <dt><strong>cipher</strong> <em>cipher</em></dt> <dd>The current cipher in use between the client and server channels.</dd> |
︙ | |||
358 359 360 361 362 363 364 | 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 | - + + | additional information on the cipher. If <em>supported</em> is specified as true, then only the ciphers supported for protocol will be listed.</dd> <dt><a name="tls::protocols"><strong>tls::protocols</strong></a></dt> <dd>Returns a list of supported protocols. Valid values are: <b>ssl2</b>, <b>ssl3</b>, <b>tls1</b>, <b>tls1.1</b>, <b>tls1.2</b>, |
︙ | |||
394 395 396 397 398 399 400 | 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 | - - - + + + + | <dl> <dt> <strong>alpn</strong> <em>protocol</em> </dt> <dd> |
︙ | |||
419 420 421 422 423 424 425 | 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 | - + + | <br> --> <dt> <strong>hello</strong> <em>servername</em> </dt> <dd> |
︙ | |||
465 466 467 468 469 470 471 | 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 | - - - - + + + + - - + + + | <br> <dt> <strong>sni</strong> <em>servername</em> </dt> <dd> |
︙ |
Modified generic/tls.c
from [03a1400f39]
to [15b3de1fe1].
︙ | |||
1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 | 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 | + | X509 *peer; Tcl_Obj *objPtr; Tcl_Channel chan; char *channelName, *ciphers; int mode; const unsigned char *proto; unsigned int len; int nid; dprintf("Called"); switch (objc) { case 2: channelName = Tcl_GetStringFromObj(objv[1], NULL); break; |
︙ | |||
1844 1845 1846 1847 1848 1849 1850 | 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 | - + - - - - - - - + + + + + + + + + + + + + + + + | ciphers = (char*)SSL_get_cipher(statePtr->ssl); if ((ciphers != NULL) && (strcmp(ciphers, "(NONE)") != 0)) { Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("cipher", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_get_cipher(statePtr->ssl), -1)); } /* Verify the X509 certificate presented by the peer */ |
︙ |
Modified generic/tlsInt.h
from [a2b6326281]
to [c6bd77ee65].
︙ | |||
146 147 148 149 150 151 152 153 154 155 156 157 158 159 | 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 | + | /* * Forward declarations */ Tcl_ChannelType *Tls_ChannelType(void); Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags); Tcl_Obj *Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert); Tcl_Obj *Tls_NewCAObj(Tcl_Interp *interp, const SSL *ssl, int peer); void Tls_Error(State *statePtr, char *msg); void Tls_Free(char *blockPtr); void Tls_Clean(State *statePtr); int Tls_WaitForConnect(State *statePtr, int *errorCodePtr, int handshakeFailureIsPermanent); BIO *BIO_new_tcl(State* statePtr, int flags); |
︙ |
Modified generic/tlsX509.c
from [7a553a48a5]
to [22c3621c28].
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | + | /* * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman <matt@sensus.org> * Copyright (C) 2023 Brian O'Hagan */ #include <tcl.h> #include <stdio.h> #include <openssl/bio.h> #include <openssl/sha.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/asn1.h> #include "tlsInt.h" /* * Ensure these are not macros - known to be defined on Win32 */ #ifdef min |
︙ |