Check-in [efc1e122f2]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added missing TLSv1.3 support
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | enhancement/tls-1.3
Files: files | file ages | folders
SHA3-256:efc1e122f2cb837c9fa5d5840e17b50476033457934e28fd7fe3dde2a6b78631
User & Date: rkeene 2018-11-07 23:51:48
Context
2018-11-08
00:23
Note that TLSv1.3 is a lot different in API, this branch is incomplete check-in: 7978a539fc user: rkeene tags: enhancement/tls-1.3
2018-11-07
23:51
Added missing TLSv1.3 support check-in: efc1e122f2 user: rkeene tags: enhancement/tls-1.3
23:27
Started adding support for TLSv1.3 check-in: e245d231ee user: rkeene tags: enhancement/tls-1.3
Changes

Changes to tls.c.

   740    740       char *CAdir		= NULL;
   741    741       char *DHparams	= NULL;
   742    742       char *model		= NULL;
   743    743   #ifndef OPENSSL_NO_TLSEXT
   744    744       char *servername	= NULL;	/* hostname for Server Name Indication */
   745    745   #endif
   746    746       int ssl2 = 0, ssl3 = 0;
   747         -    int tls1 = 1, tls1_1 = 1, tls1_2 = 1;
          747  +    int tls1 = 1, tls1_1 = 1, tls1_2 = 1, tls1_3 = 1;
   748    748       int proto = 0;
   749    749       int verify = 0, require = 0, request = 1;
   750    750   
   751    751       dprintf("Called");
   752    752   
   753    753   #if defined(NO_TLS1) && defined(NO_TLS1_1) && defined(NO_TLS1_2) && defined(NO_SSL3) && !defined(NO_SSL2)
   754    754       ssl2 = 1;
................................................................................
   760    760       tls1 = 0;
   761    761   #endif
   762    762   #if defined(NO_TLS1_1)
   763    763       tls1_1 = 0;
   764    764   #endif
   765    765   #if defined(NO_TLS1_2)
   766    766       tls1_2 = 0;
          767  +#endif
          768  +#if defined(NO_TLS1_3)
          769  +    tls1_3 = 0;
   767    770   #endif
   768    771   
   769    772       if (objc < 2) {
   770    773   	Tcl_WrongNumArgs(interp, 1, objv, "channel ?options?");
   771    774   	return TCL_ERROR;
   772    775       }
   773    776   
................................................................................
   804    807   #endif
   805    808   
   806    809   	OPTBOOL( "-ssl2", ssl2);
   807    810   	OPTBOOL( "-ssl3", ssl3);
   808    811   	OPTBOOL( "-tls1", tls1);
   809    812   	OPTBOOL( "-tls1.1", tls1_1);
   810    813   	OPTBOOL( "-tls1.2", tls1_2);
          814  +	OPTBOOL( "-tls1.3", tls1_3);
   811    815   
   812         -	OPTBAD( "option", "-cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2");
          816  +	OPTBAD( "option", "-cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
   813    817   
   814    818   	return TCL_ERROR;
   815    819       }
   816    820       if (request)	    verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
   817    821       if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
   818    822       if (verify == 0)	verify = SSL_VERIFY_NONE;
   819    823