Check-in [6aedc8c1b5]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Merged in several outstanding patches
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:6aedc8c1b555605ff77c607a68f2562c1582fe9c
User & Date: rkeene 2016-11-22 21:43:13
Context
2016-12-08
04:26
Merged in work for TclTLS 1.7 to trunk check-in: 0409513536 user: rkeene tags: trunk
2016-11-22
22:07
Create new branch named "tcltls-2" check-in: ae164b967d user: rkeene tags: tls-1-7
21:43
Merged in several outstanding patches check-in: 6aedc8c1b5 user: rkeene tags: trunk
21:36
Applied patch Closed-Leaf check-in: 4ec3fe7449 user: rkeene tags: rkeene-eoffix
17:58
Applied patch Closed-Leaf check-in: db95f55e95 user: rkeene tags: rkeene-unthreaded
17:58
Applied patch Closed-Leaf check-in: a141858eec user: rkeene tags: rkeene-fixcrosscompile
17:58
Applied patch Closed-Leaf check-in: 0c7fd93cac user: rkeene tags: rkeene-peercertificate
2015-07-07
17:16
Updated with dhparam.2.patch for tls ticket #59. check-in: 2aadaa4c28 user: andreas_kupries tags: trunk
Changes

Changes to Makefile.in.

   225    225   # library.  In most cases these object files will correspond to the
   226    226   # source files above.
   227    227   #========================================================================
   228    228   
   229    229   $(PKG_LIB_FILE): $(PKG_OBJECTS)
   230    230   	-rm -f $(PKG_LIB_FILE)
   231    231   	${MAKE_LIB}
   232         -	$(RANLIB) $(PKG_LIB_FILE)
          232  +	-$(RANLIB) $(PKG_LIB_FILE)
   233    233   
   234    234   #========================================================================
   235    235   # We need to enumerate the list of .c to .o lines here.
   236    236   #
   237    237   # In the following lines, $(srcdir) refers to the toplevel directory
   238    238   # containing your extension.  If your sources are in a subdirectory,
   239    239   # you will have to modify the paths to reflect this:

Changes to configure.

  1383   1383   echo "${ECHO_T}$CYGPATH" >&6
  1384   1384   else
  1385   1385     echo "$as_me:$LINENO: result: no" >&5
  1386   1386   echo "${ECHO_T}no" >&6
  1387   1387   fi
  1388   1388   
  1389   1389   	    EXEEXT=".exe"
  1390         -	    TEA_PLATFORM="windows"
         1390  +		if [ -z "${TEA_PLATFORM}" ]; then
         1391  +			TEA_PLATFORM="windows"
         1392  +		fi
  1391   1393   	    ;;
  1392   1394   	*CYGWIN_*)
  1393   1395   	    CYGPATH=echo
  1394   1396   	    EXEEXT=".exe"
  1395   1397   	    # TEA_PLATFORM is determined later
  1396   1398   	    ;;
  1397   1399   	*)
  1398   1400   	    CYGPATH=echo
  1399   1401   	    EXEEXT=""
  1400         -	    TEA_PLATFORM="unix"
         1402  +		if [ -z "${TEA_PLATFORM}" ]; then
         1403  +			TEA_PLATFORM="unix"
         1404  +		fi
  1401   1405   	    ;;
  1402   1406       esac
  1403   1407   
  1404   1408       # Check if exec_prefix is set. If not use fall back to prefix.
  1405   1409       # Note when adjusted, so that TEA_PREFIX can correct for this.
  1406   1410       # This is needed for recursive configures, since autoconf propagates
  1407   1411       # $prefix, but not $exec_prefix (doh!).
................................................................................
  1678   1682   
  1679   1683       case "`uname -s`" in
  1680   1684   	*CYGWIN_*)
  1681   1685   	    echo "$as_me:$LINENO: checking for cygwin variant" >&5
  1682   1686   echo $ECHO_N "checking for cygwin variant... $ECHO_C" >&6
  1683   1687   	    case ${TCL_EXTRA_CFLAGS} in
  1684   1688   		*-mwin32*|*-mno-cygwin*)
  1685         -		    TEA_PLATFORM="windows"
         1689  +			if [ -z "${TEA_PLATFORM}" ]; then
         1690  +				TEA_PLATFORM="windows"
         1691  +			fi
  1686   1692   		    CFLAGS="$CFLAGS -mwin32"
  1687   1693   		    echo "$as_me:$LINENO: result: win32" >&5
  1688   1694   echo "${ECHO_T}win32" >&6
  1689   1695   		    ;;
  1690   1696   		*)
  1691         -		    TEA_PLATFORM="unix"
         1697  +			if [ -z "${TEA_PLATFORM}" ]; then
         1698  +				TEA_PLATFORM="unix"
         1699  +			fi
  1692   1700   		    echo "$as_me:$LINENO: result: unix" >&5
  1693   1701   echo "${ECHO_T}unix" >&6
  1694   1702   		    ;;
  1695   1703   	    esac
  1696   1704   	    EXEEXT=".exe"
  1697   1705   	    ;;
  1698   1706   	*)
................................................................................
 10312  10320   	PKG_LIBS="$PKG_LIBS $i"
 10313  10321       done
 10314  10322   
 10315  10323   
 10316  10324       fi
 10317  10325       if test -n "${OPENSSL}"; then
 10318  10326   
 10319         -    vars="ssleay32.lib libeay32.lib"
        10327  +    vars="ssl.lib crypto.lib"
 10320  10328       for i in $vars; do
 10321  10329   	if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then
 10322  10330   	    # Convert foo.lib to -lfoo for GCC.  No-op if not *.lib
 10323  10331   	    i=`echo "$i" | sed -e 's/^\([^-].*\)\.lib$/-l\1/i'`
 10324  10332   	fi
 10325  10333   	PKG_LIBS="$PKG_LIBS $i"
 10326  10334       done

Changes to tls.c.

  1768   1768    *------------------------------------------------------*
  1769   1769    */
  1770   1770   static int
  1771   1771   TlsLibInit ()
  1772   1772   {
  1773   1773       int i;
  1774   1774       char rnd_seed[16] = "GrzSlplKqUdnnzP!";	/* 16 bytes */
         1775  +    int status=TCL_OK;
  1775   1776   #if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
  1776   1777       size_t num_locks;
  1777         -#endif
  1778         -    int status=TCL_OK;
  1779   1778   
  1780   1779       if (!initialized) {
  1781   1780   	Tcl_MutexLock(&init_mx);
  1782   1781   	if (!initialized) {
  1783   1782   	    initialized = 1;
         1783  +#endif
  1784   1784   
  1785   1785   	    if (CRYPTO_set_mem_functions((void *(*)(size_t))Tcl_Alloc,
  1786   1786   					 (void *(*)(void *, size_t))Tcl_Realloc,
  1787   1787   					 (void(*)(void *))Tcl_Free) == 0) {
  1788   1788   	       /* Not using Tcl's mem functions ... not critical */
  1789   1789   	    }
  1790   1790   
................................................................................
  1823   1823   		    rnd_seed[i] = 1 + (char) (255.0 * rand()/(RAND_MAX+1.0));
  1824   1824   		}
  1825   1825   		RAND_seed(rnd_seed, sizeof(rnd_seed));
  1826   1826   	    } while (RAND_status() != 1);
  1827   1827   	}
  1828   1828       	done:
  1829   1829   
         1830  +#if defined(OPENSSL_THREADS) && defined(TCL_THREADS)
  1830   1831   	Tcl_MutexUnlock(&init_mx);
         1832  +#endif
  1831   1833       }
  1832   1834       return status;
  1833   1835   }

Changes to tlsIO.c.

   929    929   		    dprintf(stderr,"E! ");
   930    930   		    *errorCodePtr = EAGAIN;
   931    931   		    return -1;
   932    932   		} else {
   933    933   		    continue;
   934    934   		}
   935    935   	    } else if (err == 0) {
          936  +                if (Tcl_Eof(statePtr->self)) {
          937  +                    return 0;
          938  +                }
   936    939   		dprintf(stderr,"CR! ");
   937    940   		*errorCodePtr = ECONNRESET;
   938    941   		return -1;
   939    942   	    }
   940    943   	    if (statePtr->flags & TLS_TCL_SERVER) {
   941    944   		err = SSL_get_verify_result(statePtr->ssl);
   942    945   		if (err != X509_V_OK) {

Changes to tlsX509.c.

    96     96       int n;
    97     97       unsigned long flags;
    98     98       char subject[BUFSIZ];
    99     99       char issuer[BUFSIZ];
   100    100       char serial[BUFSIZ];
   101    101       char notBefore[BUFSIZ];
   102    102       char notAfter[BUFSIZ];
          103  +    char certStr[BUFSIZ];
   103    104   #ifndef NO_SSL_SHA
   104    105       int shai;
   105    106       char sha_hash[SHA_DIGEST_LENGTH*2];
   106    107       const char *shachars="0123456789ABCDEF";
   107    108   #endif
   108    109   
          110  +    certStr[0] = 0;
   109    111       if ((bio = BIO_new(BIO_s_mem())) == NULL) {
   110    112   	subject[0] = 0;
   111    113   	issuer[0]  = 0;
   112    114   	serial[0]  = 0;
   113    115       } else {
   114    116   	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
   115    117   	flags &= ~ASN1_STRFLGS_ESC_MSB;
................................................................................
   127    129   	BIO_flush(bio);
   128    130   
   129    131   	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
   130    132   	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
   131    133   	n = max(n, 0);
   132    134   	serial[n] = 0;
   133    135   	BIO_flush(bio);
          136  +
          137  +        if (PEM_write_bio_X509(bio, cert)) {
          138  +            n = BIO_read(bio, certStr, min(BIO_pending(bio), BUFSIZ - 1));
          139  +            n = max(n, 0);
          140  +            certStr[n] = 0;
          141  +            BIO_flush(bio);
          142  +        }
   134    143   
   135    144   	BIO_free(bio);
   136    145       }
   137    146   
   138    147       strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
   139    148       strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));
   140    149   
................................................................................
   170    179       Tcl_ListObjAppendElement( interp, certPtr,
   171    180   	    Tcl_NewStringObj( notAfter, -1) );
   172    181   
   173    182       Tcl_ListObjAppendElement( interp, certPtr,
   174    183   	    Tcl_NewStringObj( "serial", -1) );
   175    184       Tcl_ListObjAppendElement( interp, certPtr,
   176    185   	    Tcl_NewStringObj( serial, -1) );
          186  +
          187  +    Tcl_ListObjAppendElement( interp, certPtr,
          188  +	    Tcl_NewStringObj( "certificate", -1) );
          189  +    Tcl_ListObjAppendElement( interp, certPtr,
          190  +	    Tcl_NewStringObj( certStr, -1) );
   177    191   
   178    192       return certPtr;
   179    193   }