Index: doc/tls.html ================================================================== --- doc/tls.html +++ doc/tls.html @@ -12,31 +12,31 @@ <body bgcolor="#FFFFFF"> <dl> <dd><a href="#NAME">NAME</a> <dl> - <dd><b>tls</b> - binding to <b>OpenSSL</b> toolkit.</dd> + <dd><b>tls</b> - binding to <b>OpenSSL</b> toolkit.</dd> </dl> </dd> <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd> <dd><dl> - <dd><b>package require Tcl</b> <em>?8.4?</em></dd> - <dd><b>package require tls</b></dd> - <dt> </dt> - <dd><b>tls::init</b> <em>?options?</em> </dd> - <dd><b>tls::socket</b> <em>?options? host port</em></dd> - <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> - <dd><b>tls::handshake</b> <em> channel</em></dd> - <dd><b>tls::status </b> <em>?-local? channel</em></dd> - <dd><b>tls::connection </b> <em>channel</em></dd> - <dd><b>tls::import</b> <em>channel ?options?</em></dd> - <dd><b>tls::unimport</b> <em>channel</em></dd> - <dt> </dt> - <dd><b>tls::ciphers </b> <em>protocol ?verbose? ?supported?</em></dd> - <dd><b>tls::protocols</b></dd> - <dd><b>tls::version</b></dd> - </dl> + <dd><b>package require Tcl</b> <em>?8.4?</em></dd> + <dd><b>package require tls</b></dd> + <dt> </dt> + <dd><b>tls::init</b> <em>?options?</em> </dd> + <dd><b>tls::socket</b> <em>?options? host port</em></dd> + <dd><b>tls::socket</b> <em> ?-server command? ?options? port</em></dd> + <dd><b>tls::handshake</b> <em> channel</em></dd> + <dd><b>tls::status </b> <em>?-local? channel</em></dd> + <dd><b>tls::connection </b> <em>channel</em></dd> + <dd><b>tls::import</b> <em>channel ?options?</em></dd> + <dd><b>tls::unimport</b> <em>channel</em></dd> + <dt> </dt> + <dd><b>tls::ciphers </b> <em>protocol ?verbose? ?supported?</em></dd> + <dd><b>tls::protocols</b></dd> + <dd><b>tls::version</b></dd> + </dl> </dd> <dd><a href="#COMMANDS">COMMANDS</a></dd> <dd><a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a></dd> <dd><a href="#HTTPS EXAMPLE">HTTPS EXAMPLE</a></dd> <dd><a href="#SEE ALSO">SPECIAL CONSIDERATIONS</a></dd> @@ -88,132 +88,136 @@ <dl> <dt><a name="tls::init"><b>tls::init </b><i>?options?</i></a></dt> <dd>Optional function to set the default options used by <strong>tls::socket</strong>. If you call <strong>tls::import</strong> - directly this routine has no effect. Any of the options - that <strong>tls::socket</strong> accepts can be set - using this command, though you should limit your options - to only TLS related ones.</dd> + directly this routine has no effect. Any of the options + that <strong>tls::socket</strong> accepts can be set + using this command, though you should limit your options + to only TLS related ones.</dd> <dt> </dt> <dt><a name="tls::socket"><b>tls::socket </b><em>?options? - host port</em></a></dt> + host port</em></a></dt> <dt><b>tls::socket</b><em> ?-server command? ?options? port</em></dt> <dd>This is a helper function that utilizes the underlying - commands (<strong>tls::import</strong>). It behaves - exactly the same as the native Tcl <strong>socket</strong> - command except that the options can include any of the - applicable <a href="#tls::import"><strong>tls:import</strong></a> - options with one additional option: + commands (<strong>tls::import</strong>). It behaves + exactly the same as the native Tcl <strong>socket</strong> + command except that the options can include any of the + applicable <a href="#tls::import"><strong>tls:import</strong></a> + options with one additional option: <blockquote> <dl> - <dt><strong>-autoservername</strong> <em>bool</em></dt> - <dd>Automatically send the -servername as the <em>host</em> argument - (default is <em>false</em>)</dd> + <dt><strong>-autoservername</strong> <em>bool</em></dt> + <dd>Automatically send the -servername as the <em>host</em> argument + (default is <em>false</em>)</dd> </dl> </blockquote> <dt><a name="tls::import"><b>tls::import </b><i>channel - ?options?</i></a></dt> + ?options?</i></a></dt> <dd>SSL-enable a regular Tcl channel - it need not be a - socket, but must provide bi-directional flow. Also - setting session parameters for SSL handshake.</dd> + socket, but must provide bi-directional flow. Also + setting session parameters for SSL handshake.</dd> <blockquote> <dl> - <dt><strong>-alpn</strong> <em>list</em></dt> - <dd>List of protocols to offer during Application-Layer + <dt><strong>-alpn</strong> <em>list</em></dt> + <dd>List of protocols to offer during Application-Layer Protocol Negotiation (ALPN). For example: h2, http/1.1, etc.</dd> - <dt><strong>-cadir</strong> <em>dir</em></dt> - <dd>Specify the directory containing the CA certificates. The - default directory is platform specific and can be set at - compile time. This can be overridden via the <b>SSL_CERT_DIR</b> - environment variable.</dd> - <dt><strong>-cafile </strong><em>filename</em></dt> - <dd>Specify the certificate authority (CA) file to use.</dd> - <dt><strong>-certfile</strong> <em>filename</em></dt> - <dd>Specify the filename containing the certificate to use. The - default name is <b>cert.pem</b>. This can be overridden via - the <b>SSL_CERT_FILE</b> environment variable.</dd> - <dt><strong>-cert</strong> <em>filename</em></dt> - <dd>Specify the contents of a certificate to use, as a DER + <dt><strong>-cadir</strong> <em>dir</em></dt> + <dd>Set the CA certificates path. The default directory is platform + specific and can be set at compile time. This can be overridden + via the <b>SSL_CERT_DIR</b> environment variable.</dd> + <dt><strong>-cafile </strong><em>filename</em></dt> + <dd>Set the certificate authority (CA) certificates file. The default + is the cert.pem file in the OpsnSSL directory. This can also be + overridden via the <b>SSL_CERT_FILE</b> environment variable.</dd> + <dt><strong>-certfile</strong> <em>filename</em></dt> + <dd>Specify the filename with the certificate to use.</dd> + <dt><strong>-cert</strong> <em>filename</em></dt> + <dd>Specify the contents of a certificate to use, as a DER encoded binary value (X.509 DER).</dd> - <dt><strong>-cipher</strong> <em>string</em></dt> - <dd>List of ciphers to use. String is a colon (":") separated list + <dt><strong>-cipher</strong> <em>string</em></dt> + <dd>List of ciphers to use. String is a colon (":") separated list of ciphers or cipher suites. Cipher suites can be combined using the <b>+</b> character. Prefixes can be used to permanently remove ("!"), delete ("-"), or move a cypher to the end of the list ("+"). Keywords <b>@STRENGTH</b> (sort by algorithm key length), <b>@SECLEVEL=</b><i>n</i> (set security level to n), and <b>DEFAULT</b> (use default cipher list, at start only) can also be specified. See OpenSSL documentation for the full list of valid values. (TLS 1.2 and earlier only)</dd> - <dt><strong>-ciphersuites</strong> <em>string</em></dt> - <dd>List of cipher suites to use. String is a colon (":") + <dt><strong>-ciphersuites</strong> <em>string</em></dt> + <dd>List of cipher suites to use. String is a colon (":") separated list of cipher suite names. (TLS 1.3 only)</dd> - <dt><strong>-command</strong> <em>callback</em></dt> - <dd>Callback to invoke at several points during the handshake. + <dt><strong>-command</strong> <em>callback</em></dt> + <dd>Callback to invoke at several points during the handshake. This is used to pass errors and tracing information, and it can allow Tcl scripts to perform their own certificate validation in place of the default validation provided by OpenSSL. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> for further discussion.</dd> - <dt><strong>-dhparams </strong><em>filename</em></dt> - <dd>Specify the Diffie-Hellman parameters file.</dd> - <dt><strong>-keyfile</strong> <em>filename</em></dt> - <dd>Specify the private key file. (default is - value of -certfile)</dd> - <dt><strong>-key</strong> <em>filename</em></dt> - <dd>Specify the private key to use as a DER encoded value (PKCS#1 DER)</dd> - <dt><strong>-model</strong> <em>channel</em></dt> - <dd>Force this channel to share the same <em><strong>SSL_CTX</strong></em> - structure as the specified <em>channel</em>, and - therefore share callbacks etc.</dd> - <dt><strong>-password</strong> <em>callback</em></dt> - <dd>Callback to invoke when OpenSSL needs to obtain a password, + <dt><strong>-dhparams </strong><em>filename</em></dt> + <dd>Specify the Diffie-Hellman parameters file.</dd> + <dt><strong>-keyfile</strong> <em>filename</em></dt> + <dd>Specify the private key file. (default is + value of -certfile)</dd> + <dt><strong>-key</strong> <em>filename</em></dt> + <dd>Specify the private key to use as a DER encoded value (PKCS#1 DER)</dd> + <dt><strong>-model</strong> <em>channel</em></dt> + <dd>Force this channel to share the same <em><strong>SSL_CTX</strong></em> + structure as the specified <em>channel</em>, and + therefore share callbacks etc.</dd> + <dt><strong>-password</strong> <em>callback</em></dt> + <dd>Callback to invoke when OpenSSL needs to obtain a password, typically to unlock the private key of a certificate. The - callback should return a string which represents the password - to be used. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> + callback should return a string which represents the password + to be used. See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> for further discussion.</dd> <dt><strong>-post_handshake</strong> <em>bool</em></dt> <dd>Allow post-handshake ticket updates.</dd> - <dt><strong>-request </strong><em>bool</em></dt> - <dd>Request a certificate from peer during SSL handshake. - (default is <em>true</em>)</dd> - <dt><strong>-require</strong> <em>bool</em></dt> - <dd>Require a valid certificate from peer during SSL handshake. + <dt><strong>-request </strong><em>bool</em></dt> + <dd>Request a certificate from peer during SSL handshake. + (default is <em>true</em>)</dd> + <dt><strong>-require</strong> <em>bool</em></dt> + <dd>Require a valid certificate from peer during SSL handshake. If this is set to true, then <strong>-request</strong> must - also be set to true. (default is <em>false</em>)</dd> - <dt><strong>-securitylevel</strong> <em>integer</em></dt> - <dd>Set security level. Must be 0 to 5. The security level affects + also be set to true. (default is <em>false</em>)</dd> + <dt><strong>-securitylevel</strong> <em>integer</em></dt> + <dd>Set security level. Must be 0 to 5. The security level affects cipher suite encryption algorithms, supported ECC curves, supported signature algorithms, DH parameter sizes, certificate key sizes and signature algorithms. The default is 1. Level 3 and higher disable support for session tickets and only accept cipher suites that provide forward secrecy.</dd> - <dt><strong>-server</strong> <em>bool</em></dt> - <dd>Handshake as server if true, else handshake as - client. (default is <em>false</em>)</dd> - <dt><strong>-servername</strong> <em>host</em></dt> - <dd>Specify server hostname. Only available if the OpenSSL library + <dt><strong>-server</strong> <em>bool</em></dt> + <dd>Handshake as server if true, else handshake as + client. (default is <em>false</em>)</dd> + <dt><strong>-servername</strong> <em>host</em></dt> + <dd>Specify server hostname. Only available if the OpenSSL library the package is linked against supports the TLS hostname extension for 'Server Name Indication' (SNI). Use to name the logical host we are talking to and expecting a certificate for.</dd> - <dt><strong>-session_id</strong> <em>string</em></dt> - <dd>Session id to resume session.</dd> - <dt><strong>-ssl2</strong> <em>bool</em></dt> - <dd>Enable use of SSL v2. (default is <em>false</em>)</dd> - <dt><strong>-ssl3 </strong><em>bool</em></dt> - <dd>Enable use of SSL v3. (default is <em>false</em>)</dd> - <dt>-<strong>tls1</strong> <em>bool</em></dt> - <dd>Enable use of TLS v1. (default is <em>true</em>)</dd> - <dt>-<strong>tls1.1</strong> <em>bool</em></dt> - <dd>Enable use of TLS v1.1 (default is <em>true</em>)</dd> - <dt>-<strong>tls1.2</strong> <em>bool</em></dt> - <dd>Enable use of TLS v1.2 (default is <em>true</em>)</dd> - <dt>-<strong>tls1.3</strong> <em>bool</em></dt> - <dd>Enable use of TLS v1.3 (default is <em>true</em>)</dd> + <dt><strong>-session_id</strong> <em>string</em></dt> + <dd>Session id to resume session.</dd> + <dt><strong>-ssl2</strong> <em>bool</em></dt> + <dd>Enable use of SSL v2. (default is <em>false</em>)</dd> + <dt><strong>-ssl3 </strong><em>bool</em></dt> + <dd>Enable use of SSL v3. (default is <em>false</em>)</dd> + <dt>-<strong>tls1</strong> <em>bool</em></dt> + <dd>Enable use of TLS v1. (default is <em>true</em>)</dd> + <dt>-<strong>tls1.1</strong> <em>bool</em></dt> + <dd>Enable use of TLS v1.1 (default is <em>true</em>)</dd> + <dt>-<strong>tls1.2</strong> <em>bool</em></dt> + <dd>Enable use of TLS v1.2 (default is <em>true</em>)</dd> + <dt>-<strong>tls1.3</strong> <em>bool</em></dt> + <dd>Enable use of TLS v1.3 (default is <em>true</em>)</dd> + <dt><strong>-validatecommand</strong> <em>callback</em></dt> + <dd>Callback to invoke to verify or validate protocol config + parameters during the protocol negotiation phase. See + <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> + for further discussion.</dd> </dl> </blockquote> <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt> <dd>Provided for symmetry to <strong>tls::import</strong>, this @@ -220,195 +224,196 @@ unstacks the SSL-enabling of a regular Tcl channel. An error is thrown if TLS is not the top stacked channel type.</dd> <dt> </dt> <dt><a name="tls::handshake"><strong>tls::handshake</strong> <em>channel</em></a></dt> <dd>Forces handshake to take place, and returns 0 if - handshake is still in progress (non-blocking), or 1 if - the handshake was successful. If the handshake failed - this routine will throw an error.</dd> + handshake is still in progress (non-blocking), or 1 if + the handshake was successful. If the handshake failed + this routine will throw an error.</dd> <dt> </dt> <dt><a name="tls::status"><strong>tls::status</strong> <em>?-local? channel</em></a></dt> <dd>Returns the current status of the certificate for an SSL channel. The result is a list of key-value pairs describing the certificate. If the result is an empty list then the - SSL handshake has not yet completed. If <em>-local</em> is + SSL handshake has not yet completed. If <em>-local</em> is specified, then the local certificate is used.</dd> <blockquote> <b>SSL Status</b> <dl> - <dt><strong>alpn</strong> <em>protocol</em></dt> - <dd>The protocol selected after Application-Layer Protocol + <dt><strong>alpn</strong> <em>protocol</em></dt> + <dd>The protocol selected after Application-Layer Protocol Negotiation (ALPN).</dd> - <dt><strong>cipher</strong> <em>cipher</em></dt> - <dd>The current cipher in use between the client and - server channels.</dd> - <dt><strong>peername</strong> <em>name</em></dt> - <dd>The peername from the certificate.</dd> - <dt><strong>protocol</strong> <em>version</em></dt> - <dd>The protocol version used for the connection: + <dt><strong>cipher</strong> <em>cipher</em></dt> + <dd>The current cipher in use between the client and + server channels.</dd> + <dt><strong>peername</strong> <em>name</em></dt> + <dd>The peername from the certificate.</dd> + <dt><strong>protocol</strong> <em>version</em></dt> + <dd>The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.</dd> - <dt><strong>sbits</strong> <em>n</em></dt> - <dd>The number of bits used for the session key.</dd> - <dt><strong>signatureHashAlgorithm</strong> <em>algorithm</em></dt> - <dd>The signature hash algorithm.</dd> - <dt><strong>signature_type</strong> <em>type</em></dt> - <dd>The signature type value.</dd> - <dt><strong>verification</strong> <em>result</em></dt> - <dd>Certificate verification result.</dd> - <dt><strong>ca_names</strong> <em>list</em></dt> - <dd>List of the Certificate Authorities used to create the certificate.</dd> + <dt><strong>sbits</strong> <em>n</em></dt> + <dd>The number of bits used for the session key.</dd> + <dt><strong>signatureHashAlgorithm</strong> <em>algorithm</em></dt> + <dd>The signature hash algorithm.</dd> + <dt><strong>signature_type</strong> <em>type</em></dt> + <dd>The signature type value.</dd> + <dt><strong>verification</strong> <em>result</em></dt> + <dd>Certificate verification result.</dd> + <dt><strong>ca_names</strong> <em>list</em></dt> + <dd>List of the Certificate Authorities used to create the certificate.</dd> </dl> </blockquote> <blockquote> <b>Certificate Status</b> <dl> - <dt><strong>all</strong> <em>string</em></dt> - <dd>Dump of all certificate info.</dd> - - <dt><strong>version</strong> <em>value</em></dt> - <dd>The certificate version.</dd> - <dt><strong>serialNumber</strong> <em>n</em></dt> - <dd>The serial number of the certificate as hex string.</dd> - <dt><strong>signature</strong> <em>algorithm</em></dt> - <dd>Cipher algorithm used for certificate signature.</dd> - <dt><strong>issuer</strong> <em>dn</em></dt> - <dd>The distinguished name (DN) of the certificate issuer.</dd> - <dt><strong>notBefore</strong> <em>date</em></dt> - <dd>The begin date for the validity of the certificate.</dd> - <dt><strong>notAfter</strong> <em>date</em></dt> - <dd>The expiration date for the certificate.</dd> - <dt><strong>subject</strong> <em>dn</em></dt> - <dd>The distinguished name (DN) of the certificate subject. + <dt><strong>all</strong> <em>string</em></dt> + <dd>Dump of all certificate info.</dd> + + <dt><strong>version</strong> <em>value</em></dt> + <dd>The certificate version.</dd> + <dt><strong>serialNumber</strong> <em>n</em></dt> + <dd>The serial number of the certificate as hex string.</dd> + <dt><strong>signature</strong> <em>algorithm</em></dt> + <dd>Cipher algorithm used for certificate signature.</dd> + <dt><strong>issuer</strong> <em>dn</em></dt> + <dd>The distinguished name (DN) of the certificate issuer.</dd> + <dt><strong>notBefore</strong> <em>date</em></dt> + <dd>The begin date for the validity of the certificate.</dd> + <dt><strong>notAfter</strong> <em>date</em></dt> + <dd>The expiration date for the certificate.</dd> + <dt><strong>subject</strong> <em>dn</em></dt> + <dd>The distinguished name (DN) of the certificate subject. Fields include: Common Name (CN), Organization (O), Locality or City (L), State or Province (S), and Country Name (C).</dd> - <dt><strong>issuerUniqueID</strong> <em>string</em></dt> - <dd>The issuer unique id.</dd> - <dt><strong>subjectUniqueID</strong> <em>string</em></dt> - <dd>The subject unique id.</dd> - - <dt><strong>num_extensions</strong> <em>n</em></dt> - <dd>Number of certificate extensions.</dd> - <dt><strong>extensions</strong> <em>list</em></dt> - <dd>List of certificate extension names.</dd> - <dt><strong>authorityKeyIdentifier</strong> <em>string</em></dt> - <dd>(AKI) Key identifier of the Issuing CA certificate that signed - the SSL certificate. This value matches the SKI value of the - Intermediate CA certificate.</dd> - <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt> - <dd>(SKI) Hash of the public key inside the certificate. Used to - identify certificates that contain a particular public key.</dd> - <dt><strong>subjectAltName</strong> <em>list</em></dt> - <dd>List of all of the alternative domain names, sub domains, + <dt><strong>issuerUniqueID</strong> <em>string</em></dt> + <dd>The issuer unique id.</dd> + <dt><strong>subjectUniqueID</strong> <em>string</em></dt> + <dd>The subject unique id.</dd> + + <dt><strong>num_extensions</strong> <em>n</em></dt> + <dd>Number of certificate extensions.</dd> + <dt><strong>extensions</strong> <em>list</em></dt> + <dd>List of certificate extension names.</dd> + <dt><strong>authorityKeyIdentifier</strong> <em>string</em></dt> + <dd>(AKI) Key identifier of the Issuing CA certificate that signed + the SSL certificate as hex string. This value matches the SKI + value of the Intermediate CA certificate.</dd> + <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt> + <dd>(SKI) Hash of the public key inside the certificate as hex + string. Used to identify certificates that contain a particular + public key.</dd> + <dt><strong>subjectAltName</strong> <em>list</em></dt> + <dd>List of all of the alternative domain names, sub domains, and IP addresses that are secured by the certificate.</dd> - <dt><strong>ocsp</strong> <em>list</em></dt> - <dd>List of all OCSP URLs.</dd> + <dt><strong>ocsp</strong> <em>list</em></dt> + <dd>List of all Online Certificate Status Protocol (OCSP) URLs.</dd> <dt><strong>certificate</strong> <em>cert</em></dt> - <dd>The PEM encoded certificate.</dd> - - <dt><strong>signatureAlgorithm</strong> <em>algorithm</em></dt> - <dd>Cipher algorithm used for certificate signature.</dd> - <dt><strong>signatureValue</strong> <em>string</em></dt> - <dd>Certificate signature as hex string.</dd> - <dt><strong>signatureDigest</strong> <em>version</em></dt> - <dd>Certificate signing digest.</dd> - <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt> - <dd>Certificate signature public key algorithm.</dd> - <dt><strong>publicKey</strong> <em>string</em></dt> - <dd>Certificate signature public key as hex string.</dd> - <dt><strong>bits</strong> <em>n</em></dt> - <dd>Number of bits used for certificate signature key</dd> - <dt><strong>self_signed</strong> <em>boolean</em></dt> - <dd>Is certificate signature self signed.</dd> - - <dt><strong>sha1_hash</strong> <em>hash</em></dt> - <dd>The SHA1 hash of the certificate as hex string.</dd> - <dt><strong>sha256_hash</strong> <em>hash</em></dt> - <dd>The SHA256 hash of the certificate as hex string.</dd> + <dd>The PEM encoded certificate.</dd> + + <dt><strong>signatureAlgorithm</strong> <em>algorithm</em></dt> + <dd>Cipher algorithm used for certificate signature.</dd> + <dt><strong>signatureValue</strong> <em>string</em></dt> + <dd>Certificate signature as hex string.</dd> + <dt><strong>signatureDigest</strong> <em>version</em></dt> + <dd>Certificate signing digest.</dd> + <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt> + <dd>Certificate signature public key algorithm.</dd> + <dt><strong>publicKey</strong> <em>string</em></dt> + <dd>Certificate signature public key as hex string.</dd> + <dt><strong>bits</strong> <em>n</em></dt> + <dd>Number of bits used for certificate signature key</dd> + <dt><strong>self_signed</strong> <em>boolean</em></dt> + <dd>Is certificate signature self signed.</dd> + + <dt><strong>sha1_hash</strong> <em>hash</em></dt> + <dd>The SHA1 hash of the certificate as hex string.</dd> + <dt><strong>sha256_hash</strong> <em>hash</em></dt> + <dd>The SHA256 hash of the certificate as hex string.</dd> </dl> </blockquote> <dt><a name="tls::connection"><strong>tls::connection</strong> <em>channel</em></a></dt> <dd>Returns the current connection status of an SSL channel. The - result is a list of key-value pairs describing the - connected peer.</dd> + result is a list of key-value pairs describing the + connected peer.</dd> <blockquote> <b>SSL Status</b> <dl> - <dt><strong>state</strong> <em>state</em></dt> - <dd>State of the connection.</dd> - <dt><strong>servername</strong> <em>name</em></dt> - <dd>The name of the connected to server.</dd> - <dt><strong>protocol</strong> <em>version</em></dt> - <dd>The protocol version used for the connection: + <dt><strong>state</strong> <em>state</em></dt> + <dd>State of the connection.</dd> + <dt><strong>servername</strong> <em>name</em></dt> + <dd>The name of the connected to server.</dd> + <dt><strong>protocol</strong> <em>version</em></dt> + <dd>The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.</dd> - <dt><strong>renegotiation</strong> <em>state</em></dt> - <dd>Whether protocol renegotiation is supported or not.</dd> - <dt><strong>securitylevel</strong> <em>level</em></dt> - <dd>The security level used for selection of ciphers, key size, etc.</dd> - <dt><strong>session_reused</strong> <em>boolean</em></dt> - <dd>Whether the session has been reused or not.</dd> - <dt><strong>is_server</strong> <em>boolean</em></dt> - <dd>Whether the connection configured as a server or client (false).</dd> - <dt><strong>compression</strong> <em>mode</em></dt> - <dd>Compression method.</dd> - <dt><strong>expansion</strong> <em>mode</em></dt> - <dd>Expansion method.</dd> + <dt><strong>renegotiation</strong> <em>boolean</em></dt> + <dd>Whether protocol renegotiation is supported or not.</dd> + <dt><strong>securitylevel</strong> <em>level</em></dt> + <dd>The security level used for selection of ciphers, key size, etc.</dd> + <dt><strong>session_reused</strong> <em>boolean</em></dt> + <dd>Whether the session has been reused or not.</dd> + <dt><strong>is_server</strong> <em>boolean</em></dt> + <dd>Whether the connection is configured as a server (1) or client (0).</dd> + <dt><strong>compression</strong> <em>mode</em></dt> + <dd>Compression method.</dd> + <dt><strong>expansion</strong> <em>mode</em></dt> + <dd>Expansion method.</dd> </dl> </blockquote> <blockquote> <b>Cipher Info</b> <dl> - <dt><strong>cipher</strong> <em>cipher</em></dt> - <dd>The current cipher in use for the connection.</dd> - <dt><strong>standard_name</strong> <em>name</em></dt> - <dd>The standard RFC name of cipher.</dd> - <dt><strong>bits</strong> <em>n</em></dt> - <dd>The number of processed bits used for cipher.</dd> - <dt><strong>secret_bits</strong> <em>n</em></dt> - <dd>The number of secret bits used for cipher.</dd> - <dt><strong>min_version</strong> <em>version</em></dt> - <dd>The minimum protocol version for cipher.</dd> - <dt><strong>id</strong> <em>id</em></dt> - <dd>The OpenSSL cipher id.</dd> - <dt><strong>description</strong> <em>string</em></dt> - <dd>A text description of the cipher.</dd> + <dt><strong>cipher</strong> <em>cipher</em></dt> + <dd>The current cipher in use for the connection.</dd> + <dt><strong>standard_name</strong> <em>name</em></dt> + <dd>The standard RFC name of cipher.</dd> + <dt><strong>bits</strong> <em>n</em></dt> + <dd>The number of processed bits used for cipher.</dd> + <dt><strong>secret_bits</strong> <em>n</em></dt> + <dd>The number of secret bits used for cipher.</dd> + <dt><strong>min_version</strong> <em>version</em></dt> + <dd>The minimum protocol version for cipher.</dd> + <dt><strong>id</strong> <em>id</em></dt> + <dd>The OpenSSL cipher id.</dd> + <dt><strong>description</strong> <em>string</em></dt> + <dd>A text description of the cipher.</dd> </dl> </blockquote> <blockquote> <b>Session Info</b> <dl> - <dt><strong>alpn</strong> <em>protocol</em></dt> - <dd>The protocol selected after Application-Layer Protocol + <dt><strong>alpn</strong> <em>protocol</em></dt> + <dd>The protocol selected after Application-Layer Protocol Negotiation (ALPN).</dd> - <dt><strong>resumable</strong> <em>boolean</em></dt> - <dd>Can the session be resumed or not.</dd> - <dt><strong>start_time</strong> <em>seconds</em></dt> - <dd>Time since session started in seconds since epoch.</dd> - <dt><strong>timeout</strong> <em>seconds</em></dt> - <dd>Max duration of session in seconds before time-out.</dd> - <dt><strong>lifetime</strong> <em>seconds</em></dt> - <dd>Session ticket lifetime hint in seconds.</dd> - <dt><strong>session_id</strong> <em>string</em></dt> - <dd>Unique session id for use in resuming the session.</dd> - <dt><strong>session_ticket</strong> <em>string</em></dt> - <dd>Unique session ticket for use in resuming the session.</dd> - <dt><strong>ticket_app_data</strong> <em>string</em></dt> - <dd>Unique session ticket application data.</dd> - <dt><strong>master_key</strong> <em>binary_string</em></dt> - <dd>Unique session master key.</dd> - <dt><strong>session_cache_mode</strong> <em>mode</em></dt> - <dd>Server cache mode (client, server, or both).</dd> + <dt><strong>resumable</strong> <em>boolean</em></dt> + <dd>Can the session be resumed or not.</dd> + <dt><strong>start_time</strong> <em>seconds</em></dt> + <dd>Time since session started in seconds since epoch.</dd> + <dt><strong>timeout</strong> <em>seconds</em></dt> + <dd>Max duration of session in seconds before time-out.</dd> + <dt><strong>lifetime</strong> <em>seconds</em></dt> + <dd>Session ticket lifetime hint in seconds.</dd> + <dt><strong>session_id</strong> <em>binary_string</em></dt> + <dd>Unique session id for use in resuming the session.</dd> + <dt><strong>session_ticket</strong> <em>binary_string</em></dt> + <dd>Unique session ticket for use in resuming the session.</dd> + <dt><strong>ticket_app_data</strong> <em>binary_string</em></dt> + <dd>Unique session ticket application data.</dd> + <dt><strong>master_key</strong> <em>binary_string</em></dt> + <dd>Unique session master key.</dd> + <dt><strong>session_cache_mode</strong> <em>mode</em></dt> + <dd>Server cache mode (client, server, or both).</dd> </dl> </blockquote> <dt><a name="tls::ciphers"><strong>tls::ciphers</strong> <em>protocol ?verbose? ?supported?</em></a></dt> <dd>Returns a list of supported ciphers available for <em>protocol</em>, - where protocol must be one of <b>ssl2, ssl3, tls1, tls1.1, + where protocol must be one of <b>ssl2, ssl3, tls1, tls1.1, tls1.2,</b> or <b>tls1.3</b>. If <em>verbose</em> is specified as true then a verbose, human readable list is returned with additional information on the cipher. If <em>supported</em> is specified as true, then only the ciphers supported for protocol will be listed.</dd> @@ -426,11 +431,12 @@ <h3><a name="CALLBACK OPTIONS">CALLBACK OPTIONS</a></h3> <p> As indicated above, individual channels can be given their own callbacks to handle intermediate processing by the OpenSSL library, using the -<em>-command</em> and <em>-password</em> options passed to either of +<strong>-command</strong>, <strong>-password</strong>, and +<strong>-validate_command</strong> options passed to either of <strong>tls::socket</strong> or <strong>tls::import</strong>. </p> <blockquote> <dl> @@ -437,80 +443,54 @@ <dt><strong>-command</strong> <em>callback</em></dt> <dd> Invokes the specified <em>callback</em> script at several points during the OpenSSL handshake. - Except as indicated below, values returned from the - callback are ignored. + Values returned from the callback are ignored. Arguments appended to the script upon callback take one of the following forms: <br> <br> <dl> - <dt> - <strong>alpn</strong> <em>protocol</em> - </dt> - <dd> - For servers, this form of callback is invoked when the client ALPN - header is received and the first <b>-alpn</b> specified protocol common - to the both the client and server is selected. If none, the first - client specified protocol is used. - </dd> - - <br> - <!-- This form of callback is disabled. <dt> <strong>error</strong> <em>channel message</em> </dt> <dd> The <em>message</em> argument contains an error message generated - by the OpenSSL function - <code>ERR_reason_error_string()</code>. + by the OpenSSL function <code>ERR_reason_error_string()</code>. </dd> <br> --> <dt> - <strong>hello</strong> <em>servername</em> - </dt> - <dd> - For servers, this form of callback is invoked during client hello - message processing. - </dd> - - <br> - - <dt> - <strong>info</strong> <em>channel major minor message</em> + <strong>info</strong> <em>channel major minor message type</em> </dt> <dd> This form of callback is invoked by the OpenSSL function <code>SSL_CTX_set_info_callback()</code>. <br> The <em>major</em> and <em>minor</em> arguments are used to represent the state information bitmask. - <dl> - <dt>Possible values for <em>major</em> are:</dt> - <dd><code>handshake, alert, connect, accept</code>.</dd> - <dt>Possible values for <em>minor</em> are:</dt> - <dd><code>start, done, read, write, loop, exit</code>.</dd> - </dl> - The <em>message</em> argument is a descriptive string which may - be generated either by - <code>SSL_state_string_long()</code> or by - <code>SSL_alert_desc_string_long()</code>, - depending on context. + <ul> + <li>Possible values for <em>major</em> are: + <code>handshake, alert, connect, accept</code>.</li> + <li>Possible values for <em>minor</em> are: + <code>start, done, read, write, loop, exit</code>.</li> + <li>The <em>message</em> argument is a descriptive string which may + be generated either by <code>SSL_state_string_long()</code> or by + <code>SSL_alert_desc_string_long()</code>, depending on context.</li> + <li>For alerts, the possible values for <em>type</em> are: + <code>warning, fatal, and unknown</code>.</li> + </ul> </dd> - <br> - <dt> <strong>session</strong> <em>session_id ticket lifetime</em> </dt> <dd> This form of callback is invoked by the OpenSSL function @@ -517,86 +497,119 @@ <code>SSL_CTX_sess_set_new_cb()</code>. Where <em>session_id</em> is the current session identifier, <em>ticket</em> is the session ticket info, and <em>lifetime</em> is the the ticket lifetime in seconds. </dd> - - <br> - - <dt> - <strong>sni</strong> <em>servername</em> - </dt> - <dd> - For servers, this form of callback is invoked when the SNI header - from the client is received. Where <i>servername</i> is the client - specified servername. This is used when a server supports multiple - names, so the right certificate can be used. - </dd> - - <br> - <br> - - <dt> - <strong>verify</strong> <em>channel depth cert status error</em> - </dt> - <dd> - This form of callback is invoked by OpenSSL when a new certificate - is received from the peer. It allows the client to check the - certificate verification result and choose whether to continue or not. - <br> - The <em>depth</em> argument is an integer representing the - current depth on the certificate chain, with - <code>0</code> as the subject certificate and higher values - denoting progressively more indirect issuer certificates. - <br> - The <em>cert</em> argument is a list of key-value pairs similar - to those returned by - <a href="#tls::status"><strong>tls::status</strong></a>. - <br> - The <em>status</em> argument is an integer representing the - current validity of the certificate. - A value of <code>0</code> means the certificate is deemed invalid. - A value of <code>1</code> means the certificate is deemed valid. - <br> - The <em>error</em> argument supplies the message, if any, generated - by <code>X509_STORE_CTX_get_error()</code>. - <br> - <br> - The callback may override normal validation processing by explicitly - returning one of the above <em>status</em> values. - </dd> - + <br> </dl> </dd> <br> <dt><strong>-password</strong> <em>callback</em></dt> <dd> Invokes the specified <em>callback</em> script when OpenSSL needs to - obtain a password. The callback should return a string which - represents the password to be used. + obtain a password. The callback should return the password as a string. No arguments are appended to the script upon callback. </dd> + + <br> + + + <dt><strong>-validatecommand</strong> <em>callback</em></dt> + <dd> + Invokes the specified <em>callback</em> script during handshake in + order to validate the provided value(s). + To reject the value and abort connection, the callback should return 0. + To accept the value, it should return 1. To reject the value, but + continue the connection, it should return 2. + + <br> + <br> + + <dl> + + <dt> + <strong>alpn</strong> <em>protocol</em> + </dt> + <dd> + For servers, this form of callback is invoked when the client ALPN + extension is received and the first <b>-alpn</b> specified protocol common + to the both the client and server is selected. If none, the first + client specified protocol is used. + </dd> + + <br> + + <dt> + <strong>hello</strong> <em>servername</em> + </dt> + <dd> + For servers, this form of callback is invoked during client hello + message processing. It is used to select an appropriate certificate to + present, and make other configuration adjustments relevant to that + server name and its configuration. Called before SNI and ALPN callbacks. + </dd> + + <br> + + <dt> + <strong>sni</strong> <em>servername</em> + </dt> + <dd> + For servers, this form of callback is invoked when the SNI extension + from the client is received. This is used when a server supports multiple + names, so the right certificate can be used. Called after hello + callback but before ALPN callback. + </dd> + + <br> + + <dt> + <strong>verify</strong> <em>channel depth cert status error</em> + </dt> + <dd> + This form of callback is invoked by OpenSSL when a new certificate + is received from the peer. It allows the client to check the + certificate chain verification results and choose whether to continue or not. + <ul> + <li>The <em>depth</em> argument is an integer representing the + current depth on the certificate chain, with + <code>0</code> as the peer certificate and higher values going + up to the Certificate Authority (CA).</li> + <li>The <em>cert</em> argument is a list of key-value pairs similar + to those returned by + <a href="#tls::status"><strong>tls::status</strong></a>.</li> + <li>The <em>status</em> argument is an boolean representing the + validity of the current certificate. + A value of <code>0</code> means the certificate is deemed invalid. + A value of <code>1</code> means the certificate is deemed valid.</li> + <li>The <em>error</em> argument supplies the message, if any, generated + by <code>X509_STORE_CTX_get_error()</code>.</li> + </ul> + </dd> + <br> + </dl> + </dd> </dl> </blockquote> <p> Reference implementations of these callbacks are provided in the -distribution as <strong>tls::callback</strong> and -<strong>tls::password</strong> respectively. Note that these are +distribution as <strong>tls::callback</strong>, <strong>tls::password</strong>, +and <strong>tls::validate_command</strong> respectively. Note that these are <em>sample</em> implementations only. In a more realistic deployment -you would specify your own callback scripts on each TLS channel -using the <em>-command</em> and <em>-password</em> options. +you would specify your own callback scripts on each TLS channel using the +<strong>-command</strong>, <strong>-password</strong>, and <strong>-validate_command</strong> options. </p> <p> -The default behavior when the <em>-command</em> option is not specified is for -TLS to process the associated library callbacks internally. -The default behavior when the <em>-password</em> option is not specified is for -TLS to process the associated library callbacks by attempting to call -<strong>tls::password</strong>. +The default behavior when the <strong>-command</strong> and <strong>-validate_command</strong> +options are not specified is for TLS to process the associated library callbacks +internally. The default behavior when the <strong>-password</strong> option is not +specified is for TLS to process the associated library callbacks by attempting +to call <strong>tls::password</strong>. The difference between these two behaviors is a consequence of maintaining compatibility with earlier implementations. </p> <p> @@ -607,13 +620,13 @@ certificate, even when it is invalid. </p> <p> <em> -The use of the reference callbacks <strong>tls::callback</strong> and -<strong>tls::password</strong> is not recommended. They may be removed -from future releases. +The use of the reference callbacks <strong>tls::callback</strong>, +<strong>tls::password</strong>, and <strong>tls::validate_command</strong> +is not recommended. They may be removed from future releases. </em> </p> <p> <em> @@ -624,11 +637,13 @@ <h3><a name="DEBUG">DEBUG</a></h3> TLS key logging can be enabled by setting the environment variable <b>SSLKEYLOGFILE</b> to the name of the file to log to. Then whenever TLS -key material is generated or received it will be logged to the file. +key material is generated or received it will be logged to the file. This +is useful for logging key data for network logging tools to use to +decrypt the data. <h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3> <p>This example uses a sample server.pem provided with the TLS release, courtesy of the <strong>OpenSSL</strong> project.</p> @@ -642,22 +657,15 @@ set tok [http::geturl https://www.tcl.tk/] </code></pre> <h3><a name="SPECIAL CONSIDERATIONS">SPECIAL CONSIDERATIONS</a></h3> -<p>The capabilities of this package can vary enormously based -upon how your OpenSSL library was configured and built. At the -most macro-level OpenSSL supports a "no patents" build, -which disables RSA, IDEA, RC(2,4,5) and SSL2 - if your OpenSSL is -configured this way then you will need to build TLS with the --DNO_PATENTS option - and the resultant module will function -correctly and also support ADH certificate-less encryption, -however you will be unable to utilize this to speak to normal Web -Servers, which typically require RSA support. Please see <a -href="http://www.openssl.org/">http://www.openssl.org/</a> for -more information on the whole issue of patents and US export -restrictions. </p> +<p>The capabilities of this package can vary enormously based upon how your +OpenSSL library was configured and built. New versions may obsolete older +protocol versions, add or remove ciphers, change default values, etc. Use the +<strong>tls::ciphers</strong> and <strong>tls::protocols</strong> commands to +obtain the supported versions.</p> <h3><a name="SEE ALSO">SEE ALSO</a></h3> <p><strong>socket</strong>, <strong>fileevent, </strong><a href="http://www.openssl.org/"><strong>OpenSSL</strong></a></p> Index: generic/tls.c ================================================================== --- generic/tls.c +++ generic/tls.c @@ -93,14 +93,60 @@ static int locksCount = 0; static Tcl_Mutex init_mx; #endif /* OPENSSL_THREADS */ #endif /* TCL_THREADS */ + /********************/ /* Callbacks */ /********************/ +/* + *------------------------------------------------------------------- + * + * Eval Callback Command -- + * + * Eval callback command and catch any errors + * + * Results: + * 0 = Command returned fail or eval returned TCL_ERROR + * 1 = Command returned success or eval returned TCL_OK + * + * Side effects: + * Evaluates callback command + * + *------------------------------------------------------------------- + */ +static int +EvalCallback(Tcl_Interp *interp, State *statePtr, Tcl_Obj *cmdPtr) { + int code, ok; + + Tcl_Preserve((ClientData) interp); + Tcl_Preserve((ClientData) statePtr); + + /* Eval callback with success for ok or return value 1, fail for error or return value 0 */ + code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); + if (code == TCL_OK) { + /* Check result for return value */ + Tcl_Obj *result = Tcl_GetObjResult(interp); + if (result == NULL || Tcl_GetIntFromObj(interp, result, &ok) != TCL_OK) { + ok = 1; + } + } else { + /* Error - reject the certificate */ + ok = 0; +#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) + Tcl_BackgroundError(interp); +#else + Tcl_BackgroundException(interp, code); +#endif + } + + Tcl_Release((ClientData) statePtr); + Tcl_Release((ClientData) interp); + return ok; +} /* *------------------------------------------------------------------- * * InfoCallback -- @@ -110,10 +156,11 @@ * Results: * None * * Side effects: * Calls callback (if defined) + * *------------------------------------------------------------------- */ static void InfoCallback(const SSL *ssl, int where, int ret) { State *statePtr = (State*)SSL_get_app_data((SSL *)ssl); @@ -124,21 +171,20 @@ dprintf("Called"); if (statePtr->callback == (Tcl_Obj*)NULL) return; - cmdPtr = Tcl_DuplicateObj(statePtr->callback); - #if 0 if (where & SSL_CB_ALERT) { sev = SSL_alert_type_string_long(ret); if (strcmp(sev, "fatal")==0) { /* Map to error */ Tls_Error(statePtr, SSL_ERROR(ssl, 0)); return; } } #endif + if (where & SSL_CB_HANDSHAKE_START) { major = "handshake"; minor = "start"; } else if (where & SSL_CB_HANDSHAKE_DONE) { major = "handshake"; @@ -154,129 +200,109 @@ else if (where & SSL_CB_LOOP) minor = "loop"; else if (where & SSL_CB_EXIT) minor = "exit"; else minor = "unknown"; } + /* Create command to eval */ + cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("info", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(major, -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(minor, -1)); - if (where & (SSL_CB_LOOP|SSL_CB_EXIT)) { + if (where & SSL_CB_ALERT) { + Tcl_ListObjAppendElement(interp, cmdPtr, + Tcl_NewStringObj(SSL_alert_desc_string_long(ret), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, - Tcl_NewStringObj(SSL_state_string_long(ssl), -1)); - } else if (where & SSL_CB_ALERT) { - const char *cp = (char *) SSL_alert_desc_string_long(ret); - - Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(cp, -1)); + Tcl_NewStringObj(SSL_alert_type_string_long(ret), -1)); } else { Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(SSL_state_string_long(ssl), -1)); + Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("info", -1)); } - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - (void) Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); + EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); } /* *------------------------------------------------------------------- * * VerifyCallback -- * - * Monitors SSL certificate validation process. - * This is called whenever a certificate is inspected - * or decided invalid. + * Monitors SSL certificate validation process. Used to control the + * behavior when the SSL_VERIFY_PEER flag is set. This is called + * whenever a certificate is inspected or decided invalid. + * + * Checks: + * certificate chain is checked starting with the deepest nesting level + * (the root CA certificate) and worked upward to the peer's certificate. + * All signatures are valid, current time is within first and last validity time. + * Check that the certificate is issued by the issuer certificate issuer. + * Check the revocation status for each certificate. + * Check the validity of the given CRL and the cert revocation status. + * Check the policies of all the certificates + * + * Args + * preverify_ok indicates whether the certificate verification passed (1) or not (0) * * Results: * A callback bound to the socket may return one of: - * 0 - the certificate is deemed invalid - * 1 - the certificate is deemed valid + * 0 - the certificate is deemed invalid, send verification + * failure alert to peer, and terminate handshake. + * 1 - the certificate is deemed valid, continue with handshake. * empty string - no change to certificate validation * * Side effects: * The err field of the currently operative State is set * to a string describing the SSL negotiation failure reason + * *------------------------------------------------------------------- */ static int VerifyCallback(int ok, X509_STORE_CTX *ctx) { - Tcl_Obj *cmdPtr, *result; - char *string; - int length; + Tcl_Obj *cmdPtr; SSL *ssl = (SSL*)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); X509 *cert = X509_STORE_CTX_get_current_cert(ctx); State *statePtr = (State*)SSL_get_app_data(ssl); Tcl_Interp *interp = statePtr->interp; int depth = X509_STORE_CTX_get_error_depth(ctx); int err = X509_STORE_CTX_get_error(ctx); - int code; dprintf("Verify: %d", ok); - if (statePtr->callback == (Tcl_Obj*)NULL) { + if (statePtr->vcmd == (Tcl_Obj*)NULL) { if (statePtr->vflags & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { return ok; } else { return 1; } } - cmdPtr = Tcl_DuplicateObj(statePtr->callback); + /* Create command to eval */ + cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("verify", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(depth)); Tcl_ListObjAppendElement(interp, cmdPtr, Tls_NewX509Obj(interp, cert)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewIntObj(ok)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj((char*)X509_verify_cert_error_string(err), -1)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - statePtr->flags |= TLS_TCL_CALLBACK; + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { - /* It got an error - reject the certificate. */ -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif - ok = 0; - } else { - result = Tcl_GetObjResult(interp); - string = Tcl_GetStringFromObj(result, &length); - /* An empty result leaves verification unchanged. */ - if (string != NULL && length > 0) { - code = Tcl_GetIntFromObj(interp, result, &ok); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif - ok = 0; - } - } - } + ok = EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); statePtr->flags &= ~(TLS_TCL_CALLBACK); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); - return(ok); /* By default, leave verification unchanged. */ + return(ok); /* By default, leave verification unchanged. */ } /* *------------------------------------------------------------------- * @@ -286,61 +312,41 @@ * what to do with errors. * * Side effects: * The err field of the currently operative State is set * to a string describing the SSL negotiation failure reason + * *------------------------------------------------------------------- */ void Tls_Error(State *statePtr, char *msg) { Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; - int code; dprintf("Called"); + + if (statePtr->callback == (Tcl_Obj*)NULL) + return; if (msg && *msg) { Tcl_SetErrorCode(interp, "SSL", msg, (char *)NULL); } else { msg = Tcl_GetStringFromObj(Tcl_GetObjResult(interp), NULL); } statePtr->err = msg; - if (statePtr->callback == (Tcl_Obj*)NULL) { - char buf[BUFSIZ]; - sprintf(buf, "SSL channel \"%s\": error: %s", - Tcl_GetChannelName(statePtr->self), msg); - Tcl_SetResult(interp, buf, TCL_VOLATILE); -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, TCL_ERROR); -#endif - return; - } + /* Create command to eval from callback */ cmdPtr = Tcl_DuplicateObj(statePtr->callback); - Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("error", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(msg, -1)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif - } + EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); } /* *------------------------------------------------------------------- * @@ -348,10 +354,11 @@ * * Write received key data to log file. * * Side effects: * none + * *------------------------------------------------------------------- */ void KeyLogCallback(const SSL *ssl, const char *line) { char *str = getenv(SSLKEYLOGFILE); FILE *fd; @@ -368,10 +375,11 @@ * Password Callback -- * * Called when a password is needed to unpack RSA and PEM keys. * Evals any bound password script and returns the result as * the password string. + * *------------------------------------------------------------------- */ static int PasswordCallback(char *buf, int size, int verify, void *udata) { State *statePtr = (State *) udata; @@ -389,15 +397,17 @@ } else { return -1; } } + /* Create command to eval */ cmdPtr = Tcl_DuplicateObj(statePtr->password); Tcl_Preserve((ClientData) interp); Tcl_Preserve((ClientData) statePtr); + /* Eval callback and success for ok, abort for error, continue for continue */ Tcl_IncrRefCount(cmdPtr); code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); if (code != TCL_OK) { #if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) Tcl_BackgroundError(interp); @@ -449,11 +459,10 @@ State *statePtr = (State*)SSL_get_app_data((SSL *)ssl); Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; const unsigned char *ticket; const unsigned char *session_id; - int code; size_t len2; unsigned int ulen; dprintf("Called"); @@ -461,10 +470,11 @@ return SSL_TLSEXT_ERR_OK; } else if (ssl == NULL) { return SSL_TLSEXT_ERR_NOACK; } + /* Create command to eval */ cmdPtr = Tcl_DuplicateObj(statePtr->callback); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("session", -1)); /* Session id */ session_id = SSL_SESSION_get_id(session, &ulen); @@ -476,35 +486,25 @@ /* Lifetime - number of seconds */ Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewLongObj((long) SSL_SESSION_get_ticket_lifetime_hint(session))); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif - } + EvalCallback(interp, statePtr, cmdPtr); Tcl_DecrRefCount(cmdPtr); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); return 0; + return 0; } /* *------------------------------------------------------------------- * - * ALPN Callback for Servers -- + * ALPN Callback for Servers and NPN Callback for Clients -- * - * Perform server-side protocol (http/1.1, h2, h3, etc.) selection for the - * incoming connection. Called after Hello and server callbacks + * Perform protocol (http/1.1, h2, h3, etc.) selection for the + * incoming connection. Called after Hello and server callbacks. + * Where 'out' is selected protocol and 'in' is the peer advertised list. * * Results: * None * * Side effects: @@ -527,55 +527,96 @@ Tcl_Obj *cmdPtr; int code, res; dprintf("Called"); - if (statePtr->callback == (Tcl_Obj*)NULL) { - return SSL_TLSEXT_ERR_OK; - } else if (ssl == NULL) { + if (ssl == NULL || arg == NULL) { return SSL_TLSEXT_ERR_NOACK; } /* Select protocol */ if (SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len, in, inlen) == OPENSSL_NPN_NEGOTIATED) { + /* Match found */ res = SSL_TLSEXT_ERR_OK; } else { - /* No overlap, so first client protocol used */ + /* OPENSSL_NPN_NO_OVERLAP = No overlap, so use first item from client protocol list */ res = SSL_TLSEXT_ERR_NOACK; } - cmdPtr = Tcl_DuplicateObj(statePtr->callback); + if (statePtr->vcmd == (Tcl_Obj*)NULL) { + return res; + } + + /* Create command to eval */ + cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif + if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) { + res = SSL_TLSEXT_ERR_NOACK; + } else if (code == 1) { + res = SSL_TLSEXT_ERR_OK; + } else { + res = SSL_TLSEXT_ERR_ALERT_FATAL; } Tcl_DecrRefCount(cmdPtr); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); return res; } /* *------------------------------------------------------------------- * + * Advertise Protocols Callback for Next Protocol Negotiation (NPN) in ServerHello -- + * + * called when a TLS server needs a list of supported protocols for Next + * Protocol Negotiation. + * + * Results: + * None + * + * Side effects: + * + * Return codes: + * SSL_TLSEXT_ERR_OK: NPN protocol selected. The connection continues. + * SSL_TLSEXT_ERR_NOACK: NPN protocol not selected. The connection continues. + * + *------------------------------------------------------------------- + */ +#ifdef USE_NPN +static int +NPNCallback(const SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg) { + State *statePtr = (State*)arg; + + dprintf("Called"); + + if (ssl == NULL || arg == NULL) { + return SSL_TLSEXT_ERR_NOACK; + } + + /* Set protocols list */ + if (statePtr->protos != NULL) { + *out = statePtr->protos; + *outlen = statePtr->protos_len; + } else { + *out = NULL; + *outlen = 0; + return SSL_TLSEXT_ERR_NOACK; + } + return SSL_TLSEXT_ERR_OK; +} +#endif + +/* + *------------------------------------------------------------------- + * * SNI Callback for Servers -- * - * Perform server-side SNI hostname selection after receiving SNI header. - * Called after hello callback but before ALPN callback. + * Perform server-side SNI hostname selection after receiving SNI extension + * in Client Hello. Called after hello callback but before ALPN callback. * * Results: * None * * Side effects: @@ -584,11 +625,11 @@ * Return codes: * SSL_TLSEXT_ERR_OK: SNI hostname is accepted. The connection continues. * SSL_TLSEXT_ERR_ALERT_FATAL: SNI hostname is not accepted. The connection * is aborted. Default for alert is SSL_AD_UNRECOGNIZED_NAME. * SSL_TLSEXT_ERR_ALERT_WARNING: SNI hostname is not accepted, warning alert - * sent (not in TLSv1.3). The connection continues. + * sent (not supported in TLSv1.3). The connection continues. * SSL_TLSEXT_ERR_NOACK: SNI hostname is not accepted and not acknowledged, * e.g. if SNI has not been configured. The connection continues. * *------------------------------------------------------------------- */ @@ -595,144 +636,147 @@ static int SNICallback(const SSL *ssl, int *alert, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; - int code; + int code, res; char *servername = NULL; dprintf("Called"); - if (statePtr->callback == (Tcl_Obj*)NULL) { - return SSL_TLSEXT_ERR_OK; - } else if (ssl == NULL) { + if (ssl == NULL || arg == NULL) { + return SSL_TLSEXT_ERR_NOACK; + } + + /* Only works for TLS 1.2 and earlier */ + servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (!servername || servername[0] == '\0') { return SSL_TLSEXT_ERR_NOACK; } - servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (!servername || servername[0] == '\0') { - return SSL_TLSEXT_ERR_NOACK; + if (statePtr->vcmd == (Tcl_Obj*)NULL) { + return SSL_TLSEXT_ERR_OK; } - cmdPtr = Tcl_DuplicateObj(statePtr->callback); + /* Create command to eval */ + cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("sni", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername , -1)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif + if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) { + res = SSL_TLSEXT_ERR_ALERT_WARNING; + *alert = SSL_AD_UNRECOGNIZED_NAME; /* Not supported by TLS 1.3 */ + } else if (code == 1) { + res = SSL_TLSEXT_ERR_OK; + } else { + res = SSL_TLSEXT_ERR_ALERT_FATAL; + *alert = SSL_AD_UNRECOGNIZED_NAME; /* Not supported by TLS 1.3 */ } Tcl_DecrRefCount(cmdPtr); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); - return SSL_TLSEXT_ERR_OK; + return res; } /* *------------------------------------------------------------------- * - * Hello Handshake Callback for Servers -- + * ClientHello Handshake Callback for Servers -- * * Used by server to examine the server name indication (SNI) extension * provided by the client in order to select an appropriate certificate to * present, and make other configuration adjustments relevant to that server * name and its configuration. This includes swapping out the associated * SSL_CTX pointer, modifying the server's list of permitted TLS versions, * changing the server's cipher list in response to the client's cipher list, etc. + * Called before SNI and ALPN callbacks. * * Results: * None * * Side effects: * Calls callback (if defined) * * Return codes: - * SSL_CLIENT_HELLO_RETRY = suspend the handshake, and the handshake function will return immediately - * SSL_CLIENT_HELLO_ERROR = failure, terminate connection. Set alert to error code. - * SSL_CLIENT_HELLO_SUCCESS = success + * SSL_CLIENT_HELLO_RETRY: suspend the handshake, and the handshake function will return immediately + * SSL_CLIENT_HELLO_ERROR: failure, terminate connection. Set alert to error code. + * SSL_CLIENT_HELLO_SUCCESS: success * *------------------------------------------------------------------- */ static int HelloCallback(const SSL *ssl, int *alert, void *arg) { State *statePtr = (State*)arg; Tcl_Interp *interp = statePtr->interp; Tcl_Obj *cmdPtr; - int code; + int code, res; const char *servername; const unsigned char *p; size_t len, remaining; dprintf("Called"); - if (statePtr->callback == (Tcl_Obj*)NULL) { + if (statePtr->vcmd == (Tcl_Obj*)NULL) { return SSL_CLIENT_HELLO_SUCCESS; - } else if (ssl == NULL) { + } else if (ssl == NULL || arg == NULL) { return SSL_CLIENT_HELLO_ERROR; } /* Get names */ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &p, &remaining) || remaining <= 2) { - return SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER; + return SSL_CLIENT_HELLO_ERROR; } /* Extract the length of the supplied list of names. */ len = (*(p++) << 8); len += *(p++); if (len + 2 != remaining) { - return SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER; + return SSL_CLIENT_HELLO_ERROR; } remaining = len; /* The list in practice only has a single element, so we only consider the first one. */ if (remaining == 0 || *p++ != TLSEXT_NAMETYPE_host_name) { - return SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_TLSV1_ALERT_INTERNAL_ERROR; + return SSL_CLIENT_HELLO_ERROR; } remaining--; /* Now we can finally pull out the byte array with the actual hostname. */ if (remaining <= 2) { - return SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_TLSV1_ALERT_INTERNAL_ERROR; + return SSL_CLIENT_HELLO_ERROR; } len = (*(p++) << 8); len += *(p++); if (len + 2 > remaining) { - return SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_TLSV1_ALERT_INTERNAL_ERROR; + return SSL_CLIENT_HELLO_ERROR; } remaining = len; servername = (const char *)p; - cmdPtr = Tcl_DuplicateObj(statePtr->callback); + /* Create command to eval */ + cmdPtr = Tcl_DuplicateObj(statePtr->vcmd); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("hello", -1)); Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(servername, (int) len)); - Tcl_Preserve((ClientData) interp); - Tcl_Preserve((ClientData) statePtr); - + /* Eval callback command */ Tcl_IncrRefCount(cmdPtr); - code = Tcl_EvalObjEx(interp, cmdPtr, TCL_EVAL_GLOBAL); - if (code != TCL_OK) { -#if (TCL_MAJOR_VERSION == 8) && (TCL_MINOR_VERSION < 6) - Tcl_BackgroundError(interp); -#else - Tcl_BackgroundException(interp, code); -#endif + if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) { + res = SSL_CLIENT_HELLO_RETRY; + *alert = SSL_R_TLSV1_ALERT_USER_CANCELLED; + } else if (code == 1) { + res = SSL_CLIENT_HELLO_SUCCESS; + } else { + res = SSL_CLIENT_HELLO_ERROR; + *alert = SSL_R_TLSV1_ALERT_INTERNAL_ERROR; } Tcl_DecrRefCount(cmdPtr); - - Tcl_Release((ClientData) statePtr); - Tcl_Release((ClientData) interp); - return SSL_CLIENT_HELLO_SUCCESS; + return res; } /********************/ /* Commands */ /********************/ @@ -827,11 +871,11 @@ #if defined(NO_TLS1_3) || defined(OPENSSL_NO_TLS1_3) Tcl_AppendResult(interp, protocols[index], ": protocol not supported", NULL); return TCL_ERROR; #else ctx = SSL_CTX_new(TLS_method()); - SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); + SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); break; #endif default: break; @@ -924,20 +968,20 @@ objPtr = Tcl_NewListObj(0, NULL); #if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(NO_SSL2) && !defined(OPENSSL_NO_SSL2) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_SSL2], -1)); #endif -#if !defined(NO_SSL3) && !defined(OPENSSL_NO_SSL3) +#if !defined(NO_SSL3) && !defined(OPENSSL_NO_SSL3) && !defined(OPENSSL_NO_SSL3_METHOD) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_SSL3], -1)); #endif -#if !defined(NO_TLS1) && !defined(OPENSSL_NO_TLS1) +#if !defined(NO_TLS1) && !defined(OPENSSL_NO_TLS1) && !defined(OPENSSL_NO_TLS1_METHOD) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1], -1)); #endif -#if !defined(NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1) +#if !defined(NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1) && !defined(OPENSSL_NO_TLS1_1_METHOD) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_1], -1)); #endif -#if !defined(NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2) +#if !defined(NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_2_METHOD) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_2], -1)); #endif #if !defined(NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_3) Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(protocols[TLS_TLS1_3], -1)); #endif @@ -1044,10 +1088,11 @@ Tcl_Channel chan; /* The channel to set a mode on. */ State *statePtr; /* client state for ssl socket */ SSL_CTX *ctx = NULL; Tcl_Obj *script = NULL; Tcl_Obj *password = NULL; + Tcl_Obj *vcmd = NULL; Tcl_DString upperChannelTranslation, upperChannelBlocking, upperChannelEncoding, upperChannelEOFChar; int idx, len; int flags = TLS_TCL_INIT; int server = 0; /* is connection incoming or outgoing? */ char *keyfile = NULL; @@ -1108,46 +1153,48 @@ char *opt = Tcl_GetStringFromObj(objv[idx], NULL); if (opt[0] != '-') break; + OPTOBJ("-alpn", alpn); OPTSTR("-cadir", CAdir); OPTSTR("-cafile", CAfile); + OPTBYTE("-cert", cert, cert_len); OPTSTR("-certfile", certfile); OPTSTR("-cipher", ciphers); OPTSTR("-ciphers", ciphers); OPTSTR("-ciphersuites", ciphersuites); OPTOBJ("-command", script); OPTSTR("-dhparams", DHparams); + OPTBYTE("-key", key, key_len); OPTSTR("-keyfile", keyfile); OPTSTR("-model", model); OPTOBJ("-password", password); OPTBOOL("-post_handshake", post_handshake); - OPTBOOL("-require", require); OPTBOOL("-request", request); + OPTBOOL("-require", require); OPTINT("-securitylevel", level); OPTBOOL("-server", server); OPTSTR("-servername", servername); OPTSTR("-session_id", session_id); - OPTOBJ("-alpn", alpn); OPTBOOL("-ssl2", ssl2); OPTBOOL("-ssl3", ssl3); OPTBOOL("-tls1", tls1); OPTBOOL("-tls1.1", tls1_1); OPTBOOL("-tls1.2", tls1_2); OPTBOOL("-tls1.3", tls1_3); - OPTBYTE("-cert", cert, cert_len); - OPTBYTE("-key", key, key_len); + OPTOBJ("-validatecommand", vcmd); + OPTOBJ("-vcmd", vcmd); - OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -securitylevel, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or -tls1.3"); + OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -securitylevel, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand"); return TCL_ERROR; } - if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER; - if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - if (request && post_handshake) verify |= SSL_VERIFY_POST_HANDSHAKE; - if (verify == 0) verify = SSL_VERIFY_NONE; + if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER; + if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + if (request && post_handshake) verify |= SSL_VERIFY_POST_HANDSHAKE; + if (verify == 0) verify = SSL_VERIFY_NONE; proto |= (ssl2 ? TLS_PROTO_SSL2 : 0); proto |= (ssl3 ? TLS_PROTO_SSL3 : 0); proto |= (tls1 ? TLS_PROTO_TLS1 : 0); proto |= (tls1_1 ? TLS_PROTO_TLS1_1 : 0); @@ -1189,10 +1236,19 @@ if (len) { statePtr->password = password; Tcl_IncrRefCount(statePtr->password); } } + + /* allocate validate command */ + if (vcmd) { + (void) Tcl_GetStringFromObj(vcmd, &len); + if (len) { + statePtr->vcmd = vcmd; + Tcl_IncrRefCount(statePtr->vcmd); + } + } if (model != NULL) { int mode; /* Get the "model" context */ chan = Tcl_GetChannel(interp, model, &mode); @@ -1265,23 +1321,24 @@ return TCL_ERROR; } /* Set host server name */ if (servername) { - /* Sets the server name indication (SNI) ClientHello extension */ + /* Sets the server name indication (SNI) in ClientHello extension */ + /* Per RFC 6066, hostname is a ASCII encoded string. */ if (!SSL_set_tlsext_host_name(statePtr->ssl, servername) && require) { Tcl_AppendResult(interp, "setting TLS host name extension failed", (char *) NULL); - Tls_Free((char *) statePtr); - return TCL_ERROR; - } + Tls_Free((char *) statePtr); + return TCL_ERROR; + } /* Configure server host name checks in the SSL client. Set DNS hostname to name for peer certificate checks. SSL_set1_host has limitations. */ if (!SSL_add1_host(statePtr->ssl, servername)) { Tcl_AppendResult(interp, "setting DNS host name failed", (char *) NULL); - Tls_Free((char *) statePtr); - return TCL_ERROR; + Tls_Free((char *) statePtr); + return TCL_ERROR; } } /* Resume session id */ if (session_id && strlen(session_id) <= SSL_MAX_SID_CTX_LENGTH) { @@ -1292,11 +1349,11 @@ return TCL_ERROR; } } if (alpn) { - /* Convert a Tcl list into a protocol-list in wire-format */ + /* Convert a TCL list into a protocol-list in wire-format */ unsigned char *protos, *p; unsigned int protos_len = 0; int i, len, cnt; Tcl_Obj **list; @@ -1346,40 +1403,58 @@ /* * SSL Callbacks */ SSL_set_app_data(statePtr->ssl, (void *)statePtr); /* point back to us */ SSL_set_verify(statePtr->ssl, verify, VerifyCallback); - SSL_CTX_set_info_callback(statePtr->ctx, InfoCallback); + SSL_set_info_callback(statePtr->ssl, InfoCallback); /* Create Tcl_Channel BIO Handler */ statePtr->p_bio = BIO_new_tcl(statePtr, BIO_NOCLOSE); statePtr->bio = BIO_new(BIO_f_ssl()); if (server) { /* Server callbacks */ - SSL_CTX_set_alpn_select_cb(statePtr->ctx, ALPNCallback, (void *)statePtr); SSL_CTX_set_tlsext_servername_arg(statePtr->ctx, (void *)statePtr); SSL_CTX_set_tlsext_servername_callback(statePtr->ctx, SNICallback); SSL_CTX_set_client_hello_cb(statePtr->ctx, HelloCallback, (void *)statePtr); + if (statePtr->protos != NULL) { + SSL_CTX_set_alpn_select_cb(statePtr->ctx, ALPNCallback, (void *)statePtr); +#ifdef USE_NPN + if (tls1_2 == 0 && tls1_3 == 0) { + SSL_CTX_set_next_protos_advertised_cb(statePtr->ctx, NPNCallback, (void *)statePtr); + } +#endif + } /* Enable server to send cert request after handshake (TLS 1.3 only) */ + /* A write operation must take place for the Certificate Request to be + sent to the client, this can be done with SSL_do_handshake(). */ if (request && post_handshake) { SSL_verify_client_post_handshake(statePtr->ssl); } + /* Set server mode */ statePtr->flags |= TLS_TCL_SERVER; SSL_set_accept_state(statePtr->ssl); } else { + /* Client callbacks */ +#ifdef USE_NPN + if (statePtr->protos != NULL && tls1_2 == 0 && tls1_3 == 0) { + SSL_CTX_set_next_proto_select_cb(statePtr->ctx, ALPNCallback, (void *)statePtr); + } +#endif + /* Session caching */ SSL_CTX_set_session_cache_mode(statePtr->ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE); SSL_CTX_sess_set_new_cb(statePtr->ctx, SessionCallback); /* Enable post handshake Authentication extension. TLS 1.3 only, not http/2. */ if (request && post_handshake) { SSL_set_post_handshake_auth(statePtr->ssl, 1); } + /* Set client mode */ SSL_set_connect_state(statePtr->ssl); } SSL_set_bio(statePtr->ssl, statePtr->p_bio, statePtr->p_bio); BIO_set_ssl(statePtr->bio, statePtr->ssl, BIO_NOCLOSE); @@ -1566,12 +1641,12 @@ #endif break; } ERR_clear_error(); + ctx = SSL_CTX_new(method); - if (!ctx) { return(NULL); } if (getenv(SSLKEYLOGFILE)) { @@ -1592,24 +1667,24 @@ SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */ SSL_CTX_set_options(ctx, SSL_OP_ALL); /* all SSL bug workarounds */ SSL_CTX_set_options(ctx, off); /* disable protocol versions */ #if OPENSSL_VERSION_NUMBER < 0x10101000L - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); /* handle new handshakes in background */ + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); /* handle new handshakes in background. On by default in OpenSSL 1.1.1. */ #endif SSL_CTX_sess_set_cache_size(ctx, 128); /* Set user defined ciphers, cipher suites, and security level */ if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) { - Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL); - SSL_CTX_free(ctx); - return NULL; + Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL); + SSL_CTX_free(ctx); + return NULL; } if ((ciphersuites != NULL) && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { - Tcl_AppendResult(interp, "Set cipher suites failed: No valid ciphers", (char *) NULL); - SSL_CTX_free(ctx); - return NULL; + Tcl_AppendResult(interp, "Set cipher suites failed: No valid ciphers", (char *) NULL); + SSL_CTX_free(ctx); + return NULL; } /* Set security level */ if (level > -1 && level < 6) { /* SSL_set_security_level */ @@ -1822,10 +1897,12 @@ Tcl_AppendResult(interp, "bad channel \"", Tcl_GetChannelName(chan), "\": not a TLS channel", NULL); return TCL_ERROR; } statePtr = (State *) Tcl_GetChannelInstanceData(chan); + + /* Get certificate for peer or self */ if (objc == 2) { peer = SSL_get_peer_certificate(statePtr->ssl); } else { peer = SSL_get_certificate(statePtr->ssl); } @@ -1850,11 +1927,11 @@ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewIntObj(SSL_get_cipher_bits(statePtr->ssl, NULL))); ciphers = (char*)SSL_get_cipher(statePtr->ssl); if ((ciphers != NULL) && (strcmp(ciphers, "(NONE)") != 0)) { Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("cipher", -1)); - Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_get_cipher(statePtr->ssl), -1)); + Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(ciphers, -1)); } /* Verify the X509 certificate presented by the peer */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("verification", -1)); Tcl_ListObjAppendElement(interp, objPtr, @@ -1975,11 +2052,11 @@ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("bits", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewIntObj(bits)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("secret_bits", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewIntObj(alg_bits)); /* alg_bits is actual key secret bits. If use bits and secret (algorithm) bits differ, - the rest of the bits are fixed, i.e. for limited export ciphers (bits < 56) */ + the rest of the bits are fixed, i.e. for limited export ciphers (bits < 56) */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("min_version", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj(SSL_CIPHER_get_version(cipher), -1)); /* Get OpenSSL-specific ID, not IANA ID */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("id", -1)); @@ -2002,10 +2079,17 @@ /* Report the selected protocol as a result of the ALPN negotiation */ SSL_SESSION_get0_alpn_selected(session, &proto, &len2); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("alpn", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj((char *)proto, (int) len2)); + + /* Report the selected protocol as a result of the NPN negotiation */ +#ifdef USE_NPN + SSL_get0_next_proto_negotiated(ssl, &proto, &ulen); + Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("npn", -1)); + Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj((char *)proto, (int) ulen)); +#endif /* Resumable session */ Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewStringObj("resumable", -1)); Tcl_ListObjAppendElement(interp, objPtr, Tcl_NewIntObj(SSL_SESSION_is_resumable(session))); @@ -2406,10 +2490,14 @@ } if (statePtr->password) { Tcl_DecrRefCount(statePtr->password); statePtr->password = NULL; } + if (statePtr->vcmd) { + Tcl_DecrRefCount(statePtr->vcmd); + statePtr->vcmd = NULL; + } dprintf("Returning"); } /* @@ -2516,39 +2604,39 @@ #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) size_t num_locks; #endif if (uninitialize) { - if (!initialized) { - dprintf("Asked to uninitialize, but we are not initialized"); - - return(TCL_OK); - } - - dprintf("Asked to uninitialize"); - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexLock(&init_mx); - - if (locks) { - free(locks); - locks = NULL; - locksCount = 0; - } -#endif - initialized = 0; - -#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) - Tcl_MutexUnlock(&init_mx); -#endif - - return(TCL_OK); + if (!initialized) { + dprintf("Asked to uninitialize, but we are not initialized"); + + return(TCL_OK); + } + + dprintf("Asked to uninitialize"); + +#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) + Tcl_MutexLock(&init_mx); + + if (locks) { + free(locks); + locks = NULL; + locksCount = 0; + } +#endif + initialized = 0; + +#if defined(OPENSSL_THREADS) && defined(TCL_THREADS) + Tcl_MutexUnlock(&init_mx); +#endif + + return(TCL_OK); } if (initialized) { - dprintf("Called, but using cached value"); - return(status); + dprintf("Called, but using cached value"); + return(status); } dprintf("Called"); #if defined(OPENSSL_THREADS) && defined(TCL_THREADS) Index: generic/tlsInt.h ================================================================== --- generic/tlsInt.h +++ generic/tlsInt.h @@ -112,26 +112,27 @@ * This structure describes the per-instance state of an SSL channel. * * The SSL processing context is maintained here, in the ClientData */ typedef struct State { - Tcl_Channel self; /* this socket channel */ + Tcl_Channel self; /* this socket channel */ Tcl_TimerToken timer; - int flags; /* see State.flags above */ - int watchMask; /* current WatchProc mask */ - int mode; /* current mode of parent channel */ - - Tcl_Interp *interp; /* interpreter in which this resides */ - Tcl_Obj *callback; /* script called for tracing, verifying and errors */ - Tcl_Obj *password; /* script called for certificate password */ - - int vflags; /* verify flags */ - SSL *ssl; /* Struct for SSL processing */ - SSL_CTX *ctx; /* SSL Context */ - BIO *bio; /* Struct for SSL processing */ - BIO *p_bio; /* Parent BIO (that is layered on Tcl_Channel) */ + int flags; /* see State.flags above */ + int watchMask; /* current WatchProc mask */ + int mode; /* current mode of parent channel */ + + Tcl_Interp *interp; /* interpreter in which this resides */ + Tcl_Obj *callback; /* script called for tracing, info, and errors */ + Tcl_Obj *password; /* script called for certificate password */ + Tcl_Obj *vcmd; /* script called to verify or validate protocol config */ + + int vflags; /* verify flags */ + SSL *ssl; /* Struct for SSL processing */ + SSL_CTX *ctx; /* SSL Context */ + BIO *bio; /* Struct for SSL processing */ + BIO *p_bio; /* Parent BIO (that is layered on Tcl_Channel) */ char *protos; /* List of supported protocols in protocol format */ unsigned int protos_len; /* Length of protos */ char *err; Index: library/tls.tcl ================================================================== --- library/tls.tcl +++ library/tls.tcl @@ -30,10 +30,11 @@ variable socketOptionRules { {0 -async sopts 0} {* -myaddr sopts 1} {0 -myport sopts 1} {* -type sopts 1} + {* -alpn iopts 1} {* -cadir iopts 1} {* -cafile iopts 1} {* -cert iopts 1} {* -certfile iopts 1} {* -cipher iopts 1} @@ -41,23 +42,26 @@ {* -command iopts 1} {* -dhparams iopts 1} {* -key iopts 1} {* -keyfile iopts 1} {* -password iopts 1} + {* -post_handshake iopts 1} {* -request iopts 1} {* -require iopts 1} {* -securitylevel iopts 1} {* -autoservername discardOpts 1} + {* -server iopts 1} {* -servername iopts 1} {* -session_id iopts 1} - {* -alpn iopts 1} {* -ssl2 iopts 1} {* -ssl3 iopts 1} {* -tls1 iopts 1} {* -tls1.1 iopts 1} {* -tls1.2 iopts 1} {* -tls1.3 iopts 1} + {* -validatecommand iopts 1} + {* -vcmd iopts 1} } # tls::socket and tls::init options as a humane readable string variable socketOptionsNoServer variable socketOptionsServer @@ -307,10 +311,11 @@ error $err $::errorInfo $::errorCode } else { log 2 "tls::_accept - called \"$callback\" succeeded" } } + # # Sample callback for hooking: - # # error # verify @@ -320,16 +325,65 @@ variable debug #log 2 [concat $option $args] switch -- $option { - "error" { + "error" { foreach {chan msg} $args break log 0 "TLS/$chan: error: $msg" } - "verify" { + "info" { + # poor man's lassign + foreach {chan major minor state msg type} $args break + + if {$msg != ""} { + append state ": $msg" + } + # For tracing + upvar #0 tls::$chan cb + set cb($major) $minor + + log 2 "TLS/$chan: $major/$minor: $state" + } + "session" { + foreach {session_id ticket lifetime} $args break + + log 0 "TLS/$chan: error: $msg" + } + default { + return -code error "bad option \"$option\":\ + must be one of error, info, or session" + } + } +} + +# +# Sample callback when return value is needed +# +proc tls::validate_command {option args} { + variable debug + + #log 2 [concat $option $args] + + switch -- $option { + "alpn" { + foreach {protocol} $args break + + log 0 "TLS/$chan: alpn: $protocol" + } + "hello" { + foreach {servername} $args break + + log 0 "TLS/$chan: hello: $servername" + } + "sni" { + foreach {servername} $args break + + log 0 "TLS/$chan: sni: $servername" + } + "verify" { # poor man's lassign foreach {chan depth cert rc err} $args break array set c $cert @@ -342,28 +396,16 @@ return 1; # FORCE OK } else { return $rc } } - "info" { - # poor man's lassign - foreach {chan major minor state msg} $args break - - if {$msg != ""} { - append state ": $msg" - } - # For tracing - upvar #0 tls::$chan cb - set cb($major) $minor - - log 2 "TLS/$chan: $major/$minor: $state" - } default { return -code error "bad option \"$option\":\ - must be one of error, info, or verify" + must be one of alpn, info, or verify" } } + return 1 } proc tls::xhandshake {chan} { upvar #0 tls::$chan cb