Check-in [6aedc8c1b5]
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2019 Conference, Houston/TX, US, Nov 4-8
Send your abstracts to tclconference@googlegroups.com
or submit via the online form by Sep 9.

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Merged in several outstanding patches
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:6aedc8c1b555605ff77c607a68f2562c1582fe9c
User & Date: rkeene 2016-11-22 21:43:13
Context
2016-12-08
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
2016-11-22
22:07
Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk
21:36
Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix
17:58
Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded
17:58
Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile
17:58
Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate
2015-07-07
17:16
Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk
Changes

Changes to Makefile.in.

225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:







|







225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# library.  In most cases these object files will correspond to the
# source files above.
#========================================================================

$(PKG_LIB_FILE): $(PKG_OBJECTS)
	-rm -f $(PKG_LIB_FILE)
	${MAKE_LIB}
	-$(RANLIB) $(PKG_LIB_FILE)

#========================================================================
# We need to enumerate the list of .c to .o lines here.
#
# In the following lines, $(srcdir) refers to the toplevel directory
# containing your extension.  If your sources are in a subdirectory,
# you will have to modify the paths to reflect this:

Changes to configure.

1383
1384
1385
1386
1387
1388
1389

1390

1391
1392
1393
1394
1395
1396
1397
1398
1399

1400

1401
1402
1403
1404
1405
1406
1407
....
1678
1679
1680
1681
1682
1683
1684

1685

1686
1687
1688
1689
1690

1691

1692
1693
1694
1695
1696
1697
1698
.....
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
echo "${ECHO_T}$CYGPATH" >&6
else
  echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi

	    EXEEXT=".exe"

	    TEA_PLATFORM="windows"

	    ;;
	*CYGWIN_*)
	    CYGPATH=echo
	    EXEEXT=".exe"
	    # TEA_PLATFORM is determined later
	    ;;
	*)
	    CYGPATH=echo
	    EXEEXT=""

	    TEA_PLATFORM="unix"

	    ;;
    esac

    # Check if exec_prefix is set. If not use fall back to prefix.
    # Note when adjusted, so that TEA_PREFIX can correct for this.
    # This is needed for recursive configures, since autoconf propagates
    # $prefix, but not $exec_prefix (doh!).
................................................................................

    case "`uname -s`" in
	*CYGWIN_*)
	    echo "$as_me:$LINENO: checking for cygwin variant" >&5
echo $ECHO_N "checking for cygwin variant... $ECHO_C" >&6
	    case ${TCL_EXTRA_CFLAGS} in
		*-mwin32*|*-mno-cygwin*)

		    TEA_PLATFORM="windows"

		    CFLAGS="$CFLAGS -mwin32"
		    echo "$as_me:$LINENO: result: win32" >&5
echo "${ECHO_T}win32" >&6
		    ;;
		*)

		    TEA_PLATFORM="unix"

		    echo "$as_me:$LINENO: result: unix" >&5
echo "${ECHO_T}unix" >&6
		    ;;
	    esac
	    EXEEXT=".exe"
	    ;;
	*)
................................................................................
	PKG_LIBS="$PKG_LIBS $i"
    done


    fi
    if test -n "${OPENSSL}"; then

    vars="ssleay32.lib libeay32.lib"
    for i in $vars; do
	if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then
	    # Convert foo.lib to -lfoo for GCC.  No-op if not *.lib
	    i=`echo "$i" | sed -e 's/^\([^-].*\)\.lib$/-l\1/i'`
	fi
	PKG_LIBS="$PKG_LIBS $i"
    done







>
|
>









>
|
>







 







>
|
>





>
|
>







 







|







1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
....
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
.....
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
echo "${ECHO_T}$CYGPATH" >&6
else
  echo "$as_me:$LINENO: result: no" >&5
echo "${ECHO_T}no" >&6
fi

	    EXEEXT=".exe"
		if [ -z "${TEA_PLATFORM}" ]; then
			TEA_PLATFORM="windows"
		fi
	    ;;
	*CYGWIN_*)
	    CYGPATH=echo
	    EXEEXT=".exe"
	    # TEA_PLATFORM is determined later
	    ;;
	*)
	    CYGPATH=echo
	    EXEEXT=""
		if [ -z "${TEA_PLATFORM}" ]; then
			TEA_PLATFORM="unix"
		fi
	    ;;
    esac

    # Check if exec_prefix is set. If not use fall back to prefix.
    # Note when adjusted, so that TEA_PREFIX can correct for this.
    # This is needed for recursive configures, since autoconf propagates
    # $prefix, but not $exec_prefix (doh!).
................................................................................

    case "`uname -s`" in
	*CYGWIN_*)
	    echo "$as_me:$LINENO: checking for cygwin variant" >&5
echo $ECHO_N "checking for cygwin variant... $ECHO_C" >&6
	    case ${TCL_EXTRA_CFLAGS} in
		*-mwin32*|*-mno-cygwin*)
			if [ -z "${TEA_PLATFORM}" ]; then
				TEA_PLATFORM="windows"
			fi
		    CFLAGS="$CFLAGS -mwin32"
		    echo "$as_me:$LINENO: result: win32" >&5
echo "${ECHO_T}win32" >&6
		    ;;
		*)
			if [ -z "${TEA_PLATFORM}" ]; then
				TEA_PLATFORM="unix"
			fi
		    echo "$as_me:$LINENO: result: unix" >&5
echo "${ECHO_T}unix" >&6
		    ;;
	    esac
	    EXEEXT=".exe"
	    ;;
	*)
................................................................................
	PKG_LIBS="$PKG_LIBS $i"
    done


    fi
    if test -n "${OPENSSL}"; then

    vars="ssl.lib crypto.lib"
    for i in $vars; do
	if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then
	    # Convert foo.lib to -lfoo for GCC.  No-op if not *.lib
	    i=`echo "$i" | sed -e 's/^\([^-].*\)\.lib$/-l\1/i'`
	fi
	PKG_LIBS="$PKG_LIBS $i"
    done

Changes to tls.c.

1768
1769
1770
1771
1772
1773
1774

1775
1776
1777
1778
1779
1780
1781
1782
1783

1784
1785
1786
1787
1788
1789
1790
....
1823
1824
1825
1826
1827
1828
1829

1830

1831
1832
1833
 *------------------------------------------------------*
 */
static int
TlsLibInit ()
{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;
#endif
    int status=TCL_OK;

    if (!initialized) {
	Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;


	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }

................................................................................
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}
    	done:


	Tcl_MutexUnlock(&init_mx);

    }
    return status;
}







>


<
<





>







 







>

>



1768
1769
1770
1771
1772
1773
1774
1775
1776
1777


1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
....
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
 *------------------------------------------------------*
 */
static int
TlsLibInit ()
{
    int i;
    char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
    int status=TCL_OK;
#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
    size_t num_locks;



    if (!initialized) {
	Tcl_MutexLock(&init_mx);
	if (!initialized) {
	    initialized = 1;
#endif

	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
					 (void *(*)(void *, size_t))Tcl_Realloc,
					 (void(*)(void *))Tcl_Free) == 0) {
	       /* Not using Tcl's mem functions ... not critical */
	    }

................................................................................
		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
		}
		RAND_seed(rnd_seed, sizeof(rnd_seed));
	    } while (RAND_status() != 1);
	}
    	done:

#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
	Tcl_MutexUnlock(&init_mx);
#endif
    }
    return status;
}

Changes to tlsIO.c.

929
930
931
932
933
934
935



936
937
938
939
940
941
942
		    dprintf(stderr,"E! ");
		    *errorCodePtr = EAGAIN;
		    return -1;
		} else {
		    continue;
		}
	    } else if (err == 0) {



		dprintf(stderr,"CR! ");
		*errorCodePtr = ECONNRESET;
		return -1;
	    }
	    if (statePtr->flags & TLS_TCL_SERVER) {
		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {







>
>
>







929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
		    dprintf(stderr,"E! ");
		    *errorCodePtr = EAGAIN;
		    return -1;
		} else {
		    continue;
		}
	    } else if (err == 0) {
                if (Tcl_Eof(statePtr->self)) {
                    return 0;
                }
		dprintf(stderr,"CR! ");
		*errorCodePtr = ECONNRESET;
		return -1;
	    }
	    if (statePtr->flags & TLS_TCL_SERVER) {
		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {

Changes to tlsX509.c.

96
97
98
99
100
101
102

103
104
105
106
107
108

109
110
111
112
113
114
115
...
127
128
129
130
131
132
133







134
135
136
137
138
139
140
...
170
171
172
173
174
175
176





177
178
179
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];

#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif


    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;
................................................................................
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);








	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

................................................................................
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );






    return certPtr;
}







>






>







 







>
>
>
>
>
>
>







 







>
>
>
>
>



96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
...
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
...
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
    char certStr[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif

    certStr[0] = 0;
    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;
................................................................................
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);

        if (PEM_write_bio_X509(bio, cert)) {
            n = BIO_read(bio, certStr, min(BIO_pending(bio), BUFSIZ - 1));
            n = max(n, 0);
            certStr[n] = 0;
            BIO_flush(bio);
        }

	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

................................................................................
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "certificate", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( certStr, -1) );

    return certPtr;
}