Check-in [a87c836d6c]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Merged in trunk
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1-7
Files: files | file ages | folders
SHA1:a87c836d6cf3cddb816c05b7571db462cf64dbfb
User & Date: rkeene 2016-12-14 14:42:57
Context
2016-12-14
14:43
TclTLS 1.7.10 check-in: f0d0acd4b5 user: rkeene tags: tls-1-7, tls-1-7-10
14:42
Merged in trunk check-in: a87c836d6c user: rkeene tags: tls-1-7
14:40
Updated EOF while reading from the BIO to map to soft EOF check-in: 24ce678ecd user: rkeene tags: trunk
2016-12-13
20:23
TclTLS 1.7.9 check-in: 7b0845cfb3 user: rkeene tags: tls-1-7, tls-1-7-9
Changes

Changes to Makefile.in.

     1      1   CC = @CC@
     2      2   AR = @AR@
     3      3   RANLIB = @RANLIB@
     4      4   CFLAGS = @CFLAGS@ @SHOBJFLAGS@
     5      5   CPPFLAGS = @CPPFLAGS@ -I@srcdir@ -I. @DEFS@ @TCL_DEFS@
     6      6   LDFLAGS = @LDFLAGS@ @SHOBJLDFLAGS@
     7      7   LIBS = @LIBS@
     8         -INSTALL = @INSTALL@
     9      8   PACKAGE_VERSION = @PACKAGE_VERSION@
    10      9   prefix = @prefix@
    11     10   exec_prefix = @exec_prefix@
    12     11   libdir = @libdir@
    13     12   TCL_PACKAGE_PATH = @TCL_PACKAGE_PATH@
    14     13   PACKAGE_INSTALL_DIR = $(TCL_PACKAGE_PATH)/tcltls$(PACKAGE_VERSION)
           14  +INSTALL = @INSTALL@
           15  +INSTALL_PROGRAM = @INSTALL_PROGRAM@
           16  +INSTALL_DATA = @INSTALL_DATA@
    15     17   VPATH = @srcdir@
    16     18   
    17     19   all: @EXTENSION_TARGET@
    18     20   
    19     21   # The shared object target
    20     22   tcltls.@SHOBJEXT@: tls.o tlsBIO.o tlsIO.o tlsX509.o Makefile
    21     23   	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o tcltls.@SHOBJEXT@ tls.o tlsBIO.o tlsIO.o tlsX509.o $(LIBS)
................................................................................
    31     33   tlsBIO.o: @srcdir@/tlsBIO.c @srcdir@/tlsInt.h Makefile
    32     34   tlsIO.o: @srcdir@/tlsIO.c @srcdir@/tlsInt.h Makefile
    33     35   tlsX509.o: @srcdir@/tlsX509.c @srcdir@/tlsInt.h Makefile
    34     36   
    35     37   # Create a C-source-ified version of the script resources
    36     38   # for TclTLS so that we only need a single file to enable
    37     39   # this extension
    38         -tls.tcl.h: @srcdir@/tls.tcl
           40  +tls.tcl.h: @srcdir@/tls.tcl Makefile
    39     41   	od -A n -v -t xC < '@srcdir@/tls.tcl' > tls.tcl.h.new.1
    40     42   	sed 's@  *@@g;s@..@0x&, @g' < tls.tcl.h.new.1 > tls.tcl.h.new.2
    41     43   	rm -f tls.tcl.h.new.1
    42     44   	mv tls.tcl.h.new.2 tls.tcl.h
    43     45   
    44     46   # Create default DH parameters
    45     47   dh_params.h: @srcdir@/gen_dh_params Makefile
................................................................................
    50     52   # tree -- the default target will not match paths
    51     53   .c.o:
    52     54   	$(CC) $(CPPFLAGS) $(CFLAGS) -o "$@" -c "$<"
    53     55   
    54     56   # Install the extension
    55     57   install: @EXTENSION_TARGET@ pkgIndex.tcl
    56     58   	$(INSTALL) -d '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
    57         -	$(INSTALL) -c @EXTENSION_TARGET@ pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
           59  +	$(INSTALL_PROGRAM) @EXTENSION_TARGET@ '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
           60  +	$(INSTALL_DATA)    pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
           61  +
           62  +# A convienent helper to undo the installation just done
           63  +uninstall:
           64  +	rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/@EXTENSION_TARGET@'
           65  +	rm -f '$(DESTDIR)$(PACKAGE_INSTALL_DIR)/pkgIndex.tcl'
           66  +	-rmdir '$(DESTDIR)$(PACKAGE_INSTALL_DIR)'
    58     67   
    59     68   # Test target, run the automated test suite
    60     69   test: @EXTENSION_TARGET@
    61     70   	@TCLSH_PROG@ @srcdir@/tests/all.tcl $(TESTFLAGS) -load "lappend auto_path $(shell pwd)"
    62     71   
    63     72   # Clean the local build directory for rebuild against the same configuration
    64     73   clean:
    65     74   	rm -f tls.o tlsBIO.o tlsIO.o tlsX509.o
    66     75   	rm -f tcltls.@SHOBJEXT@
    67     76   	rm -f tcltls.@SHOBJEXT@.a tcltls.@SHOBJEXT@.def
    68     77   	rm -f tcltls.a.new tcltls.a
    69         -	rm -f tls.tcl.h.new.1 tls.tcl.h.new.2
    70         -	@if [ '@srcdir@' != '.' ]; then echo rm -f tls.tcl.h; rm -f tls.tcl.h; fi
           78  +	rm -f tls.tcl.h tls.tcl.h.new.1 tls.tcl.h.new.2
    71     79   
    72     80   # Clean the local build directory back to what it was after unpacking the
    73     81   # distribution tarball
    74     82   distclean: clean
    75     83   	rm -f config.log config.status
    76     84   	rm -f dh_params.h.new dh_params.h
    77     85   	rm -f Makefile pkgIndex.tcl
................................................................................
    79     87   
    80     88   # Clean the local build directory back to only thing things that exist in
    81     89   # version control system
    82     90   mrproper: distclean
    83     91   	rm -f @srcdir@/configure @srcdir@/config.sub @srcdir@/config.guess @srcdir@/install-sh
    84     92   	rm -f @srcdir@/aclocal.m4
    85     93   	rm -rf @srcdir@/autom4te.cache
    86         -	rm -f @srcdir@/tls.tcl.h
    87     94   
    88         -.PHONY: all install clean distclean mrproper test
           95  +.PHONY: all install uninstall clean distclean mrproper test

Changes to README.txt.

    12     12   Full filevent sematics should also be intact - see tests directory for
    13     13   blocking and non-blocking examples.
    14     14   
    15     15   The current release is TLS 1.6, with binaries built against OpenSSL 0.9.8g.
    16     16   For best security and function, always compile from source with the latest
    17     17   official release of OpenSSL (http://www.openssl.org/).
    18     18   
    19         -TLS requires Tcl 8.2.0+, with 8.3.2+ preferred.  The stacked channel
    20         -implementation in Tcl was originally introduced in 8.2.0 (previously the
    21         -Trf patch) and rewritten for 8.3.2+ due to inherent limitations in the
    22         -earlier implementation.  TLS should compile with any stubs-capable Tcl
    23         -interpreter, but will require 8.2+ when loaded.  There are known
    24         -limitations in the 8.2.0-8.3.1 stacked channel implementation, so it is
    25         -encouraged that people use TLS with an 8.3.2+ Tcl interpreter.  These
    26         -modifications are by Jeff Hobbs.
           19  +TLS 1.7 and newer require Tcl 8.4.0+, older versions may be used if older
           20  +versions of Tcl need to be used.
    27     21   
    28     22   Non-exclusive credits for TLS are:
    29     23      Original work: Matt Newman @ Novadigm
    30     24      Updates: Jeff Hobbs @ ActiveState
    31     25      Tcl Channel mechanism: Andreas Kupries
    32     26      Impetus/Related work: tclSSL (Colin McCormack, Shared Technology)
    33     27                            SSLtcl (Peter Antman)
    34     28   
    35     29   This code is licensed under the same terms as the Tcl Core.

Changes to tls.htm.

   201    201               client.(<strong>default</strong>: <em>false</em>)</dd>
   202    202           <dt><strong>-servername</strong> <em>host</em></dt>
   203    203           <dd>Only available if the OpenSSL library the package is linked
   204    204   	    against supports the TLS hostname extension for 'Server Name
   205    205   	    Indication' (SNI). Use to name the logical host we are talking
   206    206   	    to and expecting a certificate for</dd>
   207    207           <dt><strong>-ssl2</strong> <em>bool</em></dt>
   208         -        <dd>Enable use of SSL v2. (<strong>default</strong>: <em>true</em>
   209         -            unless -DNO_PATENTS was specified in build)</dd>
          208  +        <dd>Enable use of SSL v2. (<strong>default</strong>: <em>false</em>)</dd>
   210    209           <dt><strong>-ssl3 </strong><em>bool</em></dt>
   211         -        <dd>Enable use of SSL v3. (<strong>default</strong>: <em>true</em>)</dd>
          210  +        <dd>Enable use of SSL v3. (<strong>default</strong>: <em>false</em>)</dd>
   212    211           <dt>-<strong>tls1</strong> <em>bool</em></dt>
   213         -        <dd>Enable use of TLS v1. (<strong>default</strong>: <em>false</em>)</dd>
          212  +        <dd>Enable use of TLS v1. (<strong>default</strong>: <em>true</em>)</dd>
          213  +        <dt>-<strong>tls1.1</strong> <em>bool</em></dt>
          214  +        <dd>Enable use of TLS v1.1 (<strong>default</strong>: <em>true</em>)</dd>
          215  +        <dt>-<strong>tls1.2</strong> <em>bool</em></dt>
          216  +        <dd>Enable use of TLS v1.2 (<strong>default</strong>: <em>true</em>)</dd>
   214    217       </dl>
   215    218   </blockquote>
   216    219   
   217    220   <dl>
   218    221       <dt><a name="tls::unimport"><b>tls::unimport </b><i>channel</i></a></dt>
   219    222       <dd>Provided for symmetry to <strong>tls::import</strong>, this
   220    223         unstacks the SSL-enabling of a regular Tcl channel.  An error

Changes to tlsBIO.c.

   125    125   	tclErrno = Tcl_GetErrno();
   126    126   
   127    127   	dprintf("[chan=%p] BioWrite(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, Tcl_GetErrno());
   128    128   
   129    129   	BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
   130    130   
   131    131   	if (tclEofChan && ret <= 0) {
   132         -		dprintf("Got %i from Tcl_WriteRaw, and EOF is set; ret = -1", ret);
          132  +		dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
   133    133   		Tcl_SetErrno(ECONNRESET);
   134         -		ret = -1;
          134  +		ret = 0;
   135    135   	} else if (ret == 0) {
   136    136   		dprintf("Got 0 from Tcl_WriteRaw, and EOF is not set; ret = 0");
   137    137   		dprintf("Setting retry read flag");
   138    138   		BIO_set_retry_read(bio);
   139    139   	} else if (ret < 0) {
   140    140   		dprintf("We got some kind of I/O error");
   141    141   
................................................................................
   178    178   	tclErrno = Tcl_GetErrno();
   179    179   
   180    180   	dprintf("[chan=%p] BioRead(%d) -> %d [tclEof=%d; tclErrno=%d]", (void *) chan, bufLen, ret, tclEofChan, tclErrno);
   181    181   
   182    182   	BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
   183    183   
   184    184   	if (tclEofChan && ret <= 0) {
   185         -		dprintf("Got %i from Tcl_Read or Tcl_ReadRaw, and EOF is set; ret = -1", ret);
          185  +		dprintf("Got EOF while reading, returning a Connection Reset error which maps to Soft EOF");
   186    186   		Tcl_SetErrno(ECONNRESET);
   187         -		ret = -1;
          187  +		ret = 0;
   188    188   	} else if (ret == 0) {
   189    189   		dprintf("Got 0 from Tcl_Read or Tcl_ReadRaw, and EOF is not set; ret = 0");
   190    190   		dprintf("Setting retry read flag");
   191    191   		BIO_set_retry_read(bio);
   192    192   	} else if (ret < 0) {
   193    193   		dprintf("We got some kind of I/O error");
   194    194