Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests.
PR: 275160
- Loading branch information
Mikhail Teterin
authored and
Mikhail Teterin
committed
Nov 20, 2023
1 parent
d2a64b7
commit 2ed62c7
Showing
7 changed files
with
123 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
TIMESTAMP = 1556815670 | ||
SHA256 (tcltls-1.7.18.tar.gz) = 6b21e7a4343bf8ae87358f933e98c61ea9c22162b916f35c9433e053a8f19b49 | ||
SIZE (tcltls-1.7.18.tar.gz) = 163473 | ||
TIMESTAMP = 1700353727 | ||
SHA256 (tcltls-1.7.22.tar.gz) = e84e2b7a275ec82c4aaa9d1b1f9786dbe4358c815e917539ffe7f667ff4bc3b4 | ||
SIZE (tcltls-1.7.22.tar.gz) = 165206 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* | ||
* OpenSSL no longer offers the "-C" option for its dhparam | ||
* subcommand, so we keep our own C-code here... | ||
*/ | ||
|
||
static DH * get_dhParams(void) { | ||
static unsigned char dhp_2048[] = { | ||
#include "generateddh.txt" | ||
}; | ||
static unsigned char dhg_2048[] = { | ||
0x02 | ||
}; | ||
DH *dh = DH_new(); | ||
BIGNUM *p, *g; | ||
|
||
if (dh == NULL) | ||
return NULL; | ||
p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), NULL); | ||
g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), NULL); | ||
if (p == NULL || g == NULL | ||
|| !DH_set0_pqg(dh, p, NULL, g)) { | ||
DH_free(dh); | ||
BN_free(p); | ||
BN_free(g); | ||
return NULL; | ||
} | ||
return dh; | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
See bug-report: | ||
|
||
https://core.tcl-lang.org/tcltls/tktview/88c0c84969 | ||
|
||
--- tls.c 2020-10-12 16:39:22.000000000 -0400 | ||
+++ tls.c 2023-11-19 21:44:39.676318000 -0500 | ||
@@ -1215,4 +1214,7 @@ | ||
SSL_CTX_set_options( ctx, SSL_OP_ALL); /* all SSL bug workarounds */ | ||
SSL_CTX_set_options( ctx, off); /* all SSL bug workarounds */ | ||
+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF | ||
+ SSL_CTX_set_options( ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); | ||
+#endif | ||
SSL_CTX_sess_set_cache_size( ctx, 128); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
See bug-reports: | ||
|
||
https://core.tcl-lang.org/tcltls/tktview/bb7085cfdc | ||
https://core.tcl-lang.org/tcltls/tktview/c6b35cf0e3 | ||
https://core.tcl-lang.org/tcltls/tktview/64cdb76212 | ||
|
||
--- tests/tlsIO.test 2020-10-12 16:39:22.000000000 -0400 | ||
+++ tests/tlsIO.test 2023-11-19 21:03:22.658062000 -0500 | ||
@@ -1106,4 +1106,5 @@ | ||
# need update to complete TLS handshake in-process | ||
update | ||
+ fconfigure $s1 -blocking 1 | ||
set z [gets $s1] | ||
close $s | ||
@@ -2027,5 +2028,5 @@ | ||
} {{} 0 {} 0 {}} | ||
|
||
-test tls-bug58-1.0 {test protocol negotiation failure} {socket} { | ||
+test tls-bug58-1.0 {test protocol negotiation failure} -constraints {socket} -body { | ||
# Following code is based on what was reported in bug #58. Prior | ||
# to fix the program would crash with a segfault. | ||
@@ -2062,5 +2063,5 @@ | ||
} | ||
set ::done | ||
-} {handshake failed: wrong version number} | ||
+} -result {handshake failed: *} -match glob | ||
|
||
# cleanup | ||
--- tests/all.tcl 2020-10-12 16:39:22.000000000 -0400 | ||
+++ tests/all.tcl 2023-11-19 21:19:34.128221000 -0500 | ||
@@ -55,5 +55,5 @@ | ||
# cleanup | ||
puts stdout "\nTests ended at [eval $timeCmd]" | ||
+set failCount [llength $::tcltest::failFiles] | ||
::tcltest::cleanupTests 1 | ||
-return | ||
- | ||
+exit [expr $failCount > 0] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
See bug-report: | ||
|
||
https://core.tcl-lang.org/tcltls/tktview/539d25f105 | ||
|
||
--- tls.c 2020-10-12 16:39:22.000000000 -0400 | ||
+++ tls.c 2023-11-19 21:30:03.357601000 -0500 | ||
@@ -62,5 +62,5 @@ | ||
Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]); | ||
|
||
-static SSL_CTX *CTX_Init(State *statePtr, int isServer, int proto, char *key, | ||
+static SSL_CTX *CTX_Init(State *statePtr, int proto, char *key, | ||
char *certfile, unsigned char *key_asn1, unsigned char *cert_asn1, | ||
int key_asn1_len, int cert_asn1_len, char *CAdir, char *CAfile, | ||
@@ -897,5 +897,5 @@ | ||
ctx = ((State *)Tcl_GetChannelInstanceData(chan))->ctx; | ||
} else { | ||
- if ((ctx = CTX_Init(statePtr, server, proto, keyfile, certfile, key, | ||
+ if ((ctx = CTX_Init(statePtr, proto, keyfile, certfile, key, | ||
cert, key_len, cert_len, CAdir, CAfile, ciphers, | ||
DHparams)) == (SSL_CTX*)0) { | ||
@@ -1067,8 +1067,7 @@ | ||
|
||
static SSL_CTX * | ||
-CTX_Init(statePtr, isServer, proto, keyfile, certfile, key, cert, | ||
+CTX_Init(statePtr, proto, keyfile, certfile, key, cert, | ||
key_len, cert_len, CAdir, CAfile, ciphers, DHparams) | ||
State *statePtr; | ||
- int isServer; | ||
int proto; | ||
char *keyfile; |