Index: Makefile.in
==================================================================
--- Makefile.in
+++ Makefile.in
@@ -3,17 +3,19 @@
RANLIB = @RANLIB@
CFLAGS = @CFLAGS@ @SHOBJFLAGS@
CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ @TCL_DEFS@
LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@
LIBS = @LIBS@
-INSTALL = @INSTALL@
PACKAGE_VERSION = @PACKAGE_VERSION@
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@
PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)
+INSTALL = @INSTALL@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_DATA = @INSTALL_DATA@
VPATH = @srcdir@
all: @EXTENSION_TARGET@
# The shared object target
@@ -33,11 +35,11 @@
tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h Makefile
# Create a C-source-ified version of the script resources
# for TclTLS so that we only need a single file to enable
# this extension
-tls.tcl.h: @srcdir@/tls.tcl
+tls.tcl.h: @srcdir@/tls.tcl Makefile
od -A n -v -t xC < '@srcdir@/tls.tcl' > tls.tcl.h.new.1
sed 's@ *@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2
rm -f tls.tcl.h.new.1
mv tls.tcl.h.new.2 tls.tcl.h
@@ -52,11 +54,18 @@
$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"
# Install the extension
install: @EXTENSION_TARGET@ pkgIndex.tcl
$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
- $(INSTALL) -c @EXTENSION_TARGET@ pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
+ $(INSTALL_PROGRAM) @EXTENSION_TARGET@ '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
+ $(INSTALL_DATA) pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
+
+# A convienent helper to undo the installation just done
+uninstall:
+ rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/@EXTENSION_TARGET@'
+ rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/pkgIndex.tcl'
+ -rmdir '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
# Test target, run the automated test suite
test: @EXTENSION_TARGET@
@TCLSH_PROG@ @srcdir@/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)"
@@ -64,12 +73,11 @@
clean:
rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
rm -f tcltls.@SHOBJEXT@
rm -f tcltls.@SHOBJEXT@.a tcltls.@SHOBJEXT@.def
rm -f tcltls.a.new tcltls.a
- rm -f tls.tcl.h.new.1 tls.tcl.h.new.2
- @if [ '@srcdir@' != '.' ]; then echo rm -f tls.tcl.h; rm -f tls.tcl.h; fi
+ rm -f tls.tcl.h tls.tcl.h.new.1 tls.tcl.h.new.2
# Clean the local build directory back to what it was after unpacking the
# distribution tarball
distclean: clean
rm -f config.log config.status
@@ -81,8 +89,7 @@
# version control system
mrproper: distclean
rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh
rm -f @srcdir@/aclocal.m4
rm -rf @srcdir@/autom4te.cache
- rm -f @srcdir@/tls.tcl.h
-.PHONY: all install clean distclean mrproper test
+.PHONY: all install uninstall clean distclean mrproper test
Index: README.txt
==================================================================
--- README.txt
+++ README.txt
@@ -14,18 +14,12 @@
The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
For best security and function, always compile from source with the latest
official release of OpenSSL (http://www.openssl.org/).
-TLS requires Tcl 8.2.0+, with 8.3.2+ preferred. The stacked channel
-implementation in Tcl was originally introduced in 8.2.0 (previously the
-Trf patch) and rewritten for 8.3.2+ due to inherent limitations in the
-earlier implementation. TLS should compile with any stubs-capable Tcl
-interpreter, but will require 8.2+ when loaded. There are known
-limitations in the 8.2.0-8.3.1 stacked channel implementation, so it is
-encouraged that people use TLS with an 8.3.2+ Tcl interpreter. These
-modifications are by Jeff Hobbs.
+TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
+versions of Tcl need to be used.
Non-exclusive credits for TLS are:
Original work: Matt Newman @ Novadigm
Updates: Jeff Hobbs @ ActiveState
Tcl Channel mechanism: Andreas Kupries
Index: tls.htm
==================================================================
--- tls.htm
+++ tls.htm
@@ -203,16 +203,19 @@
Only available if the OpenSSL library the package is linked
against supports the TLS hostname extension for 'Server Name
Indication' (SNI). Use to name the logical host we are talking
to and expecting a certificate for
-ssl2 bool
- Enable use of SSL v2. (default: true
- unless -DNO_PATENTS was specified in build)
+ Enable use of SSL v2. (default: false)
-ssl3 bool
- Enable use of SSL v3. (default: true)
+ Enable use of SSL v3. (default: false)
-tls1 bool
- Enable use of TLS v1. (default: false)
+ Enable use of TLS v1. (default: true)
+ -tls1.1 bool
+ Enable use of TLS v1.1 (default: true)
+ -tls1.2 bool
+ Enable use of TLS v1.2 (default: true)
- tls::unimport channel
Index: tlsBIO.c
==================================================================
--- tlsBIO.c
+++ tlsBIO.c
@@ -127,13 +127,13 @@
dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());
BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
- dprintf("Got %i from Tcl_WriteRaw, and EOF is set; ret = -1", ret);
+ dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
Tcl_SetErrno(ECONNRESET);
- ret = -1;
+ ret = 0;
} else if (ret == 0) {
dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
dprintf("Setting retry read flag");
BIO_set_retry_read(bio);
} else if (ret < 0) {
@@ -180,13 +180,13 @@
dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);
BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
if (tclEofChan && ret <= 0) {
- dprintf("Got %i from Tcl_Read or Tcl_ReadRaw, and EOF is set; ret = -1", ret);
+ dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
Tcl_SetErrno(ECONNRESET);
- ret = -1;
+ ret = 0;
} else if (ret == 0) {
dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0");
dprintf("Setting retry read flag");
BIO_set_retry_read(bio);
} else if (ret < 0) {