Codebase list tcltls / c8af8ff
New upstream version 1.6.7+dfsg Muammar El Khatib authored 8 years ago Sergei Golovan committed 6 years ago
10 changed file(s) with 185 addition(s) and 66 deletion(s). Raw diff Collapse all Expand all
+8
-0
ChangeLog less more
0 2015-05-01 Andreas Kupries <andreask@activestate.com>
1
2 * configure.in: Bump to version 1.6.5.
3 * win/makefile.vc:
4 * configure: regen with ac-2.59
5 * tls.c: Accepted SF TLS [bug/patch #57](https://sourceforge.net/p/tls/bugs/57/).
6 * tlsIO.c: Accepted core Tcl patch in [ticket](http://core.tcl.tk/tcl/tktview/0f94f855cafed92d0e174b7d835453a02831b4dd).
7
08 2014-12-05 Andreas Kupries <andreask@activestate.com>
19
210 * configure.in: Bump to version 1.6.4.
+9
-9
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.59 for tls 1.6.4.
2 # Generated by GNU Autoconf 2.59 for tls 1.6.7.
33 #
44 # Copyright (C) 2003 Free Software Foundation, Inc.
55 # This configure script is free software; the Free Software Foundation
266266 # Identity of this package.
267267 PACKAGE_NAME='tls'
268268 PACKAGE_TARNAME='tls'
269 PACKAGE_VERSION='1.6.4'
270 PACKAGE_STRING='tls 1.6.4'
269 PACKAGE_VERSION='1.6.7'
270 PACKAGE_STRING='tls 1.6.7'
271271 PACKAGE_BUGREPORT=''
272272
273273 # Factoring default headers for most tests.
776776 # Omit some internal or obsolete options to make the list less imposing.
777777 # This message is too long to be a string in the A/UX 3.1 sh.
778778 cat <<_ACEOF
779 \`configure' configures tls 1.6.4 to adapt to many kinds of systems.
779 \`configure' configures tls 1.6.7 to adapt to many kinds of systems.
780780
781781 Usage: $0 [OPTION]... [VAR=VALUE]...
782782
833833
834834 if test -n "$ac_init_help"; then
835835 case $ac_init_help in
836 short | recursive ) echo "Configuration of tls 1.6.4:";;
836 short | recursive ) echo "Configuration of tls 1.6.7:";;
837837 esac
838838 cat <<\_ACEOF
839839
969969 test -n "$ac_init_help" && exit 0
970970 if $ac_init_version; then
971971 cat <<\_ACEOF
972 tls configure 1.6.4
972 tls configure 1.6.7
973973 generated by GNU Autoconf 2.59
974974
975975 Copyright (C) 2003 Free Software Foundation, Inc.
983983 This file contains any messages produced by compilers while
984984 running configure, to aid debugging if configure makes a mistake.
985985
986 It was created by tls $as_me 1.6.4, which was
986 It was created by tls $as_me 1.6.7, which was
987987 generated by GNU Autoconf 2.59. Invocation command line was
988988
989989 $ $0 $@
1081010810 } >&5
1081110811 cat >&5 <<_CSEOF
1081210812
10813 This file was extended by tls $as_me 1.6.4, which was
10813 This file was extended by tls $as_me 1.6.7, which was
1081410814 generated by GNU Autoconf 2.59. Invocation command line was
1081510815
1081610816 CONFIG_FILES = $CONFIG_FILES
1086510865
1086610866 cat >>$CONFIG_STATUS <<_ACEOF
1086710867 ac_cs_version="\\
10868 tls config.status 1.6.4
10868 tls config.status 1.6.7
1086910869 configured by $0, generated by GNU Autoconf 2.59,
1087010870 with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
1087110871
+2
-2
configure.in less more
1010 dnl obtained from RSA Data Scurity Inc., San Mateo, California, USA.
1111 dnl Their home page on the web is "www.rsasecurity.com".
1212 #
13 # RCS: @(#) $Id: configure.in,v 1.28 2014/12/08 19:09:06 andreas_kupries Exp $
13 # RCS: @(#) $Id: configure.in,v 1.31 2015/07/07 17:16:02 andreas_kupries Exp $
1414
1515
1616 #--------------------------------------------------------------------
1717 # macro used to verify that the configure script can find the sources
1818 #--------------------------------------------------------------------
1919
20 AC_INIT([tls], [1.6.4])
20 AC_INIT([tls], [1.6.7])
2121
2222 TEA_INIT([3.8])
2323
+33
-1
tests/tlsIO.test less more
99 # See the file "license.terms" for information on usage and redistribution
1010 # of this file, and for a DISCLAIMER OF ALL WARRANTIES.
1111 #
12 # RCS: @(#) $Id: tlsIO.test,v 1.23 2008/03/19 22:06:13 hobbs2 Exp $
12 # RCS: @(#) $Id: tlsIO.test,v 1.24 2015/06/06 09:07:08 apnadkarni Exp $
1313
1414 # Running socket tests with a remote server:
1515 # ------------------------------------------
20272027 [catch {close $s} err] $err
20282028 } {{} 0 {} 0 {}}
20292029
2030 test tls-bug58-1.0 {test protocol negotiation failure} {socket} {
2031 # Following code is based on what was reported in bug #58. Prior
2032 # to fix the program would crash with a segfault.
2033 proc Accept {sock args} {
2034 fconfigure $sock -blocking 0;
2035 fileevent $sock readable [list Handshake $sock]
2036 }
2037 proc Handshake {sock} {
2038 set ::done HAND
2039 catch {tls::handshake $sock} msg
2040 set ::done $msg
2041 }
2042 # NOTE: when doing an in-process client/server test, both sides need
2043 # to be non-blocking for the TLS handshake
2044
2045 # Server - Only accept TLS 1 or higher
2046 set s [tls::socket \
2047 -certfile $serverCert -cafile $caCert -keyfile $serverKey \
2048 -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1 \
2049 -server Accept 8831]
2050 # Client - Only propose SSL3
2051 set c [tls::socket -async \
2052 -cafile $caCert \
2053 -request 0 -require 0 -ssl2 0 -ssl3 1 -tls1 0 -tls1.1 0 -tls1.2 0 \
2054 [info hostname] 8831]
2055 fconfigure $c -blocking 0
2056 puts $c a ; flush $c
2057 after 5000 [list set ::done timeout]
2058 vwait ::done
2059 set ::done
2060 } {handshake failed: wrong version number}
2061
20302062 # cleanup
20312063 if {[string match sock* $commandSocket] == 1} {
20322064 puts $commandSocket exit
+90
-29
tls.c less more
44 * Copyright (C) 2002 ActiveState Corporation
55 * Copyright (C) 2004 Starfish Systems
66 *
7 * $Header: /cvsroot/tls/tls/tls.c,v 1.35 2014/12/08 19:09:06 andreas_kupries Exp $
7 * $Header: /cvsroot/tls/tls/tls.c,v 1.37 2015/07/07 17:16:02 andreas_kupries Exp $
88 *
99 * TLS (aka SSL) Channel - can be layered on any bi-directional
1010 * Tcl_Channel (Note: Requires Trf Core Patch)
6363 Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]));
6464
6565 static SSL_CTX *CTX_Init _ANSI_ARGS_((State *statePtr, int proto, char *key,
66 char *cert, char *CAdir, char *CAfile, char *ciphers));
66 char *cert, char *CAdir, char *CAfile, char *ciphers,
67 char *DHparams));
6768
6869 static int TlsLibInit _ANSI_ARGS_ (()) ;
6970
7879 * Static data structures
7980 */
8081
81 #ifndef NO_DH
82 /* from openssl/apps/s_server.c */
83
84 static unsigned char dh512_p[]={
85 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
86 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
87 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
88 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
89 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
90 0x47,0x74,0xE8,0x33,
82 #ifndef OPENSSL_NO_DH
83 /* code derived from output of 'openssl dhparam -C 2048' */
84
85 static unsigned char dh2048_p[]={
86 0xEC,0xFD,0x6F,0x66,0xD8,0xBC,0xB4,0xCB,0xD7,0xE7,0xB4,0xAE,
87 0xEC,0xC0,0x06,0x25,0x40,0x9F,0x3F,0xC4,0xAC,0x34,0x19,0x36,
88 0x8A,0xAB,0xA9,0xF6,0x45,0x36,0x87,0x1F,0x10,0x35,0x3F,0x90,
89 0x00,0xC6,0x7A,0xE8,0x51,0xF4,0x7F,0x50,0x0F,0xC2,0x82,0x91,
90 0xAD,0x60,0x1B,0x49,0xB1,0x0B,0x23,0xC3,0x37,0xAE,0x0D,0x2C,
91 0x49,0xC6,0xFB,0x60,0x9D,0x50,0x2F,0x8C,0x2F,0xDE,0xE6,0x5F,
92 0x53,0x8B,0x5F,0xF9,0x70,0x16,0xEE,0x51,0xD1,0xAB,0x02,0x48,
93 0x61,0xF1,0xA0,0xD7,0xBD,0x04,0x24,0xF0,0xE4,0xD1,0x0A,0x4C,
94 0x28,0xDC,0x22,0x78,0x7C,0xED,0x2A,0xFA,0xF4,0x57,0x7C,0xAE,
95 0xDF,0x52,0xC6,0xA2,0x11,0x28,0xC5,0x3B,0xB8,0x2F,0x95,0x3F,
96 0x1E,0x05,0x66,0xFE,0x7D,0x1A,0x73,0xA0,0x45,0xF8,0xBB,0x8C,
97 0x64,0xB9,0xA9,0x4D,0x23,0xBE,0x20,0x60,0xA2,0xF7,0xC7,0xD8,
98 0xD8,0x49,0x28,0x9A,0x81,0xAC,0xF9,0x7F,0x3C,0xFC,0xBE,0x25,
99 0x5B,0x1D,0xB6,0xAB,0x08,0x06,0x11,0x8D,0x94,0x69,0x3C,0x68,
100 0x98,0x5A,0x90,0xF8,0xEB,0x19,0xCA,0x9F,0x1C,0x50,0x96,0x53,
101 0xEF,0xEC,0x1B,0x93,0x4F,0x53,0xB7,0xD9,0x04,0x8E,0x48,0x99,
102 0x6E,0x24,0xFF,0x66,0xF5,0xB0,0xDF,0x00,0xBA,0x22,0xE2,0xB6,
103 0xE3,0x3A,0xC2,0x95,0xB1,0x14,0x68,0xFB,0xA5,0x37,0x22,0x78,
104 0x56,0x5C,0xA4,0x23,0x31,0x02,0x97,0x7D,0xA9,0x84,0x0B,0x12,
105 0x26,0x58,0x2F,0x86,0x10,0xAD,0xB0,0xAB,0xB9,0x7B,0x05,0x9A,
106 0xDE,0x11,0xF1,0xE7,0x34,0xC7,0x95,0x42,0x1C,0x4F,0xA9,0xA8,
107 0x92,0xDF,0x3F,0x7B,
91108 };
92 static unsigned char dh512_g[]={
109 static unsigned char dh2048_g[]={
93110 0x02,
94111 };
95112
96 static DH *get_dh512()
113
114 static DH *get_dh2048()
97115 {
98116 DH *dh=NULL;
99117
100118 if ((dh=DH_new()) == NULL) return(NULL);
101119
102 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
103 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
120 dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
121 dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
104122
105123 if ((dh->p == NULL) || (dh->g == NULL))
106124 return(NULL);
730748 char *ciphers = NULL;
731749 char *CAfile = NULL;
732750 char *CAdir = NULL;
751 char *DHparams = NULL;
733752 char *model = NULL;
734753 #ifndef OPENSSL_NO_TLSEXT
735754 char *servername = NULL; /* hostname for Server Name Indication */
777796 OPTSTR( "-certfile", cert);
778797 OPTSTR( "-cipher", ciphers);
779798 OPTOBJ( "-command", script);
799 OPTSTR( "-dhparams", DHparams);
780800 OPTSTR( "-keyfile", key);
781801 OPTSTR( "-model", model);
782802 OPTOBJ( "-password", password);
793813 OPTBOOL( "-tls1.1", tls1_1);
794814 OPTBOOL( "-tls1.2", tls1_2);
795815
796 OPTBAD( "option", "-cadir, -cafile, -certfile, -cipher, -command, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2");
816 OPTBAD( "option", "-cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2");
797817
798818 return TCL_ERROR;
799819 }
808828 proto |= (tls1_2 ? TLS_PROTO_TLS1_2 : 0);
809829
810830 /* reset to NULL if blank string provided */
811 if (cert && !*cert) cert = NULL;
812 if (key && !*key) key = NULL;
813 if (ciphers && !*ciphers) ciphers = NULL;
814 if (CAfile && !*CAfile) CAfile = NULL;
815 if (CAdir && !*CAdir) CAdir = NULL;
831 if (cert && !*cert) cert = NULL;
832 if (key && !*key) key = NULL;
833 if (ciphers && !*ciphers) ciphers = NULL;
834 if (CAfile && !*CAfile) CAfile = NULL;
835 if (CAdir && !*CAdir) CAdir = NULL;
836 if (DHparams && !*DHparams) DHparams = NULL;
816837
817838 /* new SSL state */
818839 statePtr = (State *) ckalloc((unsigned) sizeof(State));
863884 }
864885 ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx;
865886 } else {
866 if ((ctx = CTX_Init(statePtr, proto, key, cert, CAdir, CAfile, ciphers))
867 == (SSL_CTX*)0) {
887 if ((ctx = CTX_Init(statePtr, proto, key, cert, CAdir, CAfile, ciphers,
888 DHparams)) == (SSL_CTX*)0) {
868889 Tls_Free((char *) statePtr);
869890 return TCL_ERROR;
870891 }
10241045 */
10251046
10261047 static SSL_CTX *
1027 CTX_Init(statePtr, proto, key, cert, CAdir, CAfile, ciphers)
1048 CTX_Init(statePtr, proto, key, cert, CAdir, CAfile, ciphers, DHparams)
10281049 State *statePtr;
10291050 int proto;
10301051 char *key;
10321053 char *CAdir;
10331054 char *CAfile;
10341055 char *ciphers;
1056 char *DHparams;
10351057 {
10361058 Tcl_Interp *interp = statePtr->interp;
10371059 SSL_CTX *ctx = NULL;
11221144 #endif
11231145 break;
11241146 }
1125
1147
11261148 ctx = SSL_CTX_new (method);
11271149
11281150 SSL_CTX_set_app_data( ctx, (VOID*)interp); /* remember the interpreter */
11401162 SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)statePtr);
11411163 #endif
11421164
1143 #ifndef NO_DH
1165 /* read a Diffie-Hellman parameters file, or use the built-in one */
1166 #ifdef OPENSSL_NO_DH
1167 if (DHparams != NULL) {
1168 Tcl_AppendResult(interp,
1169 "DH parameter support not available", (char *) NULL);
1170 SSL_CTX_free(ctx);
1171 return (SSL_CTX *)0;
1172 }
1173 #else
11441174 {
1145 DH* dh = get_dh512();
1175 DH* dh;
1176 if (DHparams != NULL) {
1177 BIO *bio;
1178 Tcl_DStringInit(&ds);
1179 bio = BIO_new_file(F2N(DHparams, &ds), "r");
1180 if (!bio) {
1181 Tcl_DStringFree(&ds);
1182 Tcl_AppendResult(interp,
1183 "Could not find DH parameters file", (char *) NULL);
1184 SSL_CTX_free(ctx);
1185 return (SSL_CTX *)0;
1186 }
1187
1188 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1189 BIO_free(bio);
1190 Tcl_DStringFree(&ds);
1191 if (!dh) {
1192 Tcl_AppendResult(interp,
1193 "Could not read DH parameters from file", (char *) NULL);
1194 SSL_CTX_free(ctx);
1195 return (SSL_CTX *)0;
1196 }
1197 } else {
1198 dh = get_dh2048();
1199 }
11461200 SSL_CTX_set_tmp_dh(ctx, dh);
11471201 DH_free(dh);
11481202 }
12161270 return (SSL_CTX *)0;
12171271 #endif
12181272 }
1219 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file( F2N(CAfile, &ds) ));
1273
1274 /* https://sourceforge.net/p/tls/bugs/57/ */
1275 if ( CAfile != NULL ) {
1276 STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file( F2N(CAfile, &ds) );
1277 if ( certNames != NULL ) {
1278 SSL_CTX_set_client_CA_list(ctx, certNames );
1279 }
1280 }
12201281
12211282 Tcl_DStringFree(&ds);
12221283 Tcl_DStringFree(&ds1);
+8
-12
tls.htm less more
1818 </dd>
1919 <dd><a href="#SYNOPSIS">SYNOPSIS</a> </dd>
2020 <dd><dl>
21 <dd><b>package require Tcl </b><em>?8.2?</em></dd>
22 <dd><b>package require tls </b><em>?1.5?</em></dd>
21 <dd><b>package require Tcl </b><em>?8.4?</em></dd>
22 <dd><b>package require tls </b><em>?1.6?</em></dd>
2323 <dt>&nbsp;</dt>
2424 <dd><b>tls::init </b><i>?options?</i> </dd>
2525 <dd><b>tls::socket </b><em>?options? host port</em></dd>
4949
5050 <h3><a name="SYNOPSIS">SYNOPSIS</a></h3>
5151
52 <p><b>package require Tcl 8.2</b><br>
52 <p><b>package require Tcl 8.4</b><br>
5353 <b>package require tls 1.6</b><br>
5454 <br>
5555 <a href="#tls::init"><b>tls::init </b><i>?options?</i><br>
7474 API for Tcl 8.2 and higher. The sockets behave exactly the same
7575 as channels created using Tcl's built-in <strong>socket</strong>
7676 command with additional options for controlling the SSL session.
77 To use TLS with an earlier version of Tcl than 8.2, please obtain
78 TLS 1.3. Please note that there are known limitations with the
79 stacked channel implementation prior to 8.3.2, so it is recommended
80 that TLS is used with an 8.3.2+ interpreter. The current version
81 of TLS will work with Tcl 8.2+, it is just more stable with 8.3.2+.
77 To use TLS with an earlier version of Tcl than 8.4, please obtain
78 TLS 1.3.
8279 </p>
8380
8481 <h3><a name="COMMANDS">COMMANDS</a></h3>
173170 <br>
174171 See <a href="#CALLBACK OPTIONS">CALLBACK OPTIONS</a> for
175172 further discussion.</dd>
173 <dt><strong>-dhparams </strong><em>filename</em></dt>
174 <dd>Provide a Diffie-Hellman parameters file.</dd>
176175 <dt><strong>-keyfile</strong> <em>filename</em></dt>
177176 <dd>Provide the private key file. (<strong>default</strong>:
178177 value of -certfile)</dd>
390389
391390 <h3><a name="HTTPS EXAMPLE">HTTPS EXAMPLE</a></h3>
392391
393 <p>This example requires a patch to the <strong>http</strong>
394 module that ships with Tcl - this patch has been submitted for
395 inclusion in Tcl 8.2.1, but is also provided in the tls directory
396 if needed. A sample server.pem is provided with the TLS release,
392 <p>This example uses a sample server.pem provided with the TLS release,
397393 courtesy of the <strong>OpenSSL</strong> project.</p>
398394
399395 <pre><code>
+4
-3
tls.tcl less more
00 #
11 # Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
22 #
3 # $Header: /cvsroot/tls/tls/tls.tcl,v 1.13 2014/12/08 19:09:06 andreas_kupries Exp $
3 # $Header: /cvsroot/tls/tls/tls.tcl,v 1.14 2015/07/07 17:16:03 andreas_kupries Exp $
44 #
55 namespace eval tls {
66 variable logcmd tclLog
7070 set args [lreplace $args $idx [expr {$idx+1}]]
7171
7272 set usage "wrong # args: should be \"tls::socket -server command ?options? port\""
73 set options "-cadir, -cafile, -certfile, -cipher, -command, -keyfile, -myaddr, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2"
73 set options "-cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -myaddr, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2"
7474 } else {
7575 set server 0
7676
7777 set usage "wrong # args: should be \"tls::socket ?options? host port\""
78 set options "-async, -cadir, -cafile, -certfile, -cipher, -command, -keyfile, -myaddr, -myport, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2"
78 set options "-async, -cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -myaddr, -myport, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2"
7979 }
8080 set argc [llength $args]
8181 set sopts {}
9393 *,-certfile -
9494 *,-cipher -
9595 *,-command -
96 *,-dhparams -
9697 *,-keyfile -
9798 *,-password -
9899 *,-request -
+22
-4
tlsIO.c less more
11 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
22 * Copyright (C) 2000 Ajuba Solutions
33 *
4 * $Header: /cvsroot/tls/tls/tlsIO.c,v 1.17 2014/12/08 19:09:06 andreas_kupries Exp $
4 * $Header: /cvsroot/tls/tls/tlsIO.c,v 1.19 2015/06/06 09:07:08 apnadkarni Exp $
55 *
66 * TLS (aka SSL) Channel - can be layered on any bi-directional
77 * Tcl_Channel (Note: Requires Trf Core Patch)
344344 if (!SSL_is_init_finished(statePtr->ssl)) {
345345 bytesRead = Tls_WaitForConnect(statePtr, errorCodePtr);
346346 if (bytesRead <= 0) {
347 if (*errorCodePtr == ECONNRESET) {
348 /* Soft EOF */
349 *errorCodePtr = 0;
350 bytesRead = 0;
351 }
347352 goto input;
348353 }
349354 }
883888
884889 dprintf(stderr,"\nWaitForConnect(0x%x)", (unsigned int) statePtr);
885890
891 if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) {
892 /*
893 * We choose ECONNRESET over ECONNABORTED here because some server
894 * side code, on the wiki for example, sets up a read handler that
895 * does a read and if eof closes the channel. There is no catch/try
896 * around the reads so exceptions will result in potentially many
897 * dangling channels hanging around that should have been closed.
898 * (Backgroun: ECONNABORTED maps to a Tcl exception and
899 * ECONNRESET maps to graceful EOF).
900 */
901 *errorCodePtr = ECONNRESET;
902 return -1;
903 }
904
886905 for (;;) {
887906 /* Not initialized yet! */
888907 if (statePtr->flags & TLS_TCL_SERVER) {
901920 if (rc == SSL_ERROR_SSL) {
902921 Tls_Error(statePtr,
903922 (char *)ERR_reason_error_string(ERR_get_error()));
923 statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
904924 *errorCodePtr = ECONNABORTED;
905925 return -1;
906926 } else if (BIO_should_retry(statePtr->bio)) {
912932 continue;
913933 }
914934 } else if (err == 0) {
915 if (Tcl_Eof(statePtr->self)) {
916 return 0;
917 }
918935 dprintf(stderr,"CR! ");
919936 *errorCodePtr = ECONNRESET;
920937 return -1;
924941 if (err != X509_V_OK) {
925942 Tls_Error(statePtr,
926943 (char *)X509_verify_cert_error_string(err));
944 statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
927945 *errorCodePtr = ECONNABORTED;
928946 return -1;
929947 }
+4
-1
tlsInt.h less more
00 /*
11 * Copyright (C) 1997-2000 Matt Newman <matt@novadigm.com>
22 *
3 * $Header: /cvsroot/tls/tls/tlsInt.h,v 1.16 2014/12/08 19:09:06 andreas_kupries Exp $
3 * $Header: /cvsroot/tls/tls/tlsInt.h,v 1.17 2015/06/06 09:07:08 apnadkarni Exp $
44 *
55 * TLS (aka SSL) Channel - can be layered on any bi-directional
66 * Tcl_Channel (Note: Requires Trf Core Patch)
9999 #define TLS_TCL_DEBUG (1<<3) /* Show debug tracing */
100100 #define TLS_TCL_CALLBACK (1<<4) /* In a callback, prevent update
101101 * looping problem. [Bug 1652380] */
102 #define TLS_TCL_HANDSHAKE_FAILED (1<<5) /* Set on handshake failures and once
103 * set, all further I/O will result
104 * in ECONNABORTED errors. */
102105
103106 #define TLS_TCL_DELAY (5)
104107
+5
-5
win/makefile.vc less more
1717 # Copyright (c) 2003-2006 Pat Thoyts
1818 #
1919 #-------------------------------------------------------------------------
20 # RCS: @(#)$Id: makefile.vc,v 1.11 2014/12/08 19:09:06 andreas_kupries Exp $
20 # RCS: @(#)$Id: makefile.vc,v 1.14 2015/06/06 09:07:08 apnadkarni Exp $
2121 #-------------------------------------------------------------------------
2222
2323 # Check to see we are configured to build with MSVC (MSDEVDIR or MSVCDIR)
163163 #PROJECT_REQUIRES_TK=1
164164 !include "rules.vc"
165165
166 DOTVERSION = 1.6.4
166 DOTVERSION = 1.6.6
167167 VERSION = $(DOTVERSION:.=)
168168 STUBPREFIX = $(PROJECT)stub
169169
191191 SSL_LIB_DIR = $(OPENSSL)\lib
192192 !endif
193193
194 SSL_LIBS =-libpath:"$(SSL_LIB_DIR)" ssleay32s.lib libeay32s.lib
194 SSL_LIBS =-libpath:"$(SSL_LIB_DIR)" ssleay32.lib libeay32.lib
195195
196196 SSL_CFLAGS =-DNO_IDEA=1 -DNO_RC5=1
197197
198 !if !exist("$(SSL_LIB_DIR)\ssleay32s.lib")
198 !if !exist("$(SSL_LIB_DIR)\ssleay32.lib")
199199 MSG = ^
200 Failed to locate "$(SSL_LIB_DIR)\ssleay32s.lib"
200 Failed to locate "$(SSL_LIB_DIR)\ssleay32.lib"
201201 You must provide the path to your OpenSSL library....
202202 !error $(MSG)
203203 !endif