Skip to content

Pr 120 add support to tcltls 1.8+#121

Merged
mutability merged 9 commits intodevfrom
pr-120
Apr 8, 2026
Merged

Pr 120 add support to tcltls 1.8+#121
mutability merged 9 commits intodevfrom
pr-120

Conversation

@deadlywrong
Copy link
Copy Markdown

@deadlywrong deadlywrong commented Apr 1, 2026

PR based on #120 with minor bug fixes.

@eric1tran eric1tran changed the base branch from master to dev April 1, 2026 19:14
mutability
mutability requested changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mutability mutability left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If 1.7 and 1.8 have mutually-exclusive option support, then a polyfill wrapper is probably the better approach rather than version checks at every point of use

Comment thread package/fa_adept_client.tcl Outdated
Comment thread package/fa_adept_client.tcl
Comment thread package/fa_adept_client.tcl Outdated
Comment thread package/fa_adept_client.tcl Outdated
Comment thread programs/pirehose/connection.tcl Outdated
mutability
mutability reviewed Apr 2, 2026
View reviewed changes
Comment thread package/fa_adept_client.tcl Outdated
@eric1tran eric1tran mentioned this pull request Apr 6, 2026
Closed
@mutability
debugTLS always exists, remove redundant [info exists]
fb522c2
@mutability
We're still calling validate_certificate_status, remove comment
774fe76
@mutability
Revert 1.7 vs 1.8 tls::import changes; support TLS1.3 only
2dc0876 
The 1.8 default validation logic looks sufficent, so avoid
-validatecommand entirely (since it'll break 1.7)

Server-side supports TLS1.3, and all supported client package versions
depend on a sufficently-new tcltls to have TLS1.3, so just support
TLS1.3 only and disable everything else.
@mutability
Revert pirehose tcltls 1.7 vs 1.8 tls::import changes; support TLS1.3…
c930343 
… only

As with piaware, but this time on the server side. Support TLS 1.3 only.
pirehose is for ad-hoc experimentation with a firehose-ish interface, so
it's reasonable to expect clients to have 1.3 support, I think..
@mutability
Don't emit most tls info messages by default
c58c814 
With debugTLS = 0 (the default): log TLS alerts only
With debugTLS = 1: log all TLS info tracing
With debugTLS = 2: log all TLS info tracing and all TLS message tracing
@mutability
Add -debug-tls command line arg
4ce8963 
This lets you set debugTLS in fa_adept_client instances
@mutability
Copy link
Copy Markdown
Contributor

mutability commented Apr 7, 2026

I've pushed changes that I think mostly address my review comments.

This appears to work as expected on trixie (with tcltls 1.8.0-2), but I have not tested against bullseye/bookworm (which will have 1.7.22). We should retest against those.

@bohagan1
Copy link
Copy Markdown

bohagan1 commented Apr 7, 2026

The only issue I see is by removing use of -validatecommand, you won't log certificate errors. Not sure if that's important to you or not. The user will get a connect error since the validation will fail, so ultimately they will know why.

@mutability mutability merged commit 882c1f5 into dev Apr 8, 2026
This was referenced Apr 8, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mutability mutability mutability approved these changes

@eric1tran eric1tran Awaiting requested review from eric1tran

+1 more reviewer

@bohagan1 bohagan1 bohagan1 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deadlywrong @mutability @bohagan1