Announce: TclTLS 2.0b1 Release

Liste des GroupesRevenir à cl tcl 
Sujet : Announce: TclTLS 2.0b1 Release
De : brian199 (at) *nospam* comcast.net (bohagan)
Groupes : comp.lang.tcl
Date : 09. Feb 2025, 00:35:39
Autres entêtes
Organisation : novaBBS
Message-ID : <62a382bb232b6f65116472745c302ab2@www.novabbs.com>
User-Agent : Rocksolid Light
Announcement of TclTLS 2.0b1 release
This is the beta 1 release of the TclTLS v2.0 package. There have been
numerous changes since the v1.7 release. See below for links to the
files and the release notes.
TclTLS 2.0 Release Notes:
Notable New Features:
- Fully TEA compliant build system has been added back. Supports
Windows, Linux, Max, BSD, etc.
- Compatible with OpenSSL 3.0+ and TCL 9.0 including build-info command.
- Can use MS Windows Cert Store on OpenSSL 3.2 or later.
- Greatly expanded the status returned by the tls::status command and
also added the new tls::connection command. The former returns SSL and
certificate status while the latter returns the SSL status, cipher, and
session info.
- Added missing TLS 1.3 functionality, set cipher suites, ALPN, SNI,
security level, etc.
- Error handing improvements, more specific error status, more
connection status via callbacks.
- Replaced separate Diffie-Hellman (DH) header file build process with
auto select.
- Add new tls::protocols command to list available SSL and TLS
protocols.
- Now can load CA certificates, key files, etc. from virtual file
systems (VFS).
Documentation Updates:
- Documentation was extensively updated and converted to man page and
HTML format.
- Added more examples to documentation and an examples directory.
- Expanded the documentation and added a Certificate Validation section
with info on how PKI and certificates work and the related TclTLS args.
- Extensive code documentation updates.
Notable Bug Fixes:
(Some of these issues have been around for 15-20 years.)
- Many bugs, patches, etc. submitted to sourceforge.net and core.tcl.tk
have been fixed or implemented.
- Unexpected EOF: Added fix to correct OpenSSL issue where some sessions
can result in an unexpected EOF.
- Empty reads: These have been eliminated the extent possible, but may
still occur. See demos for how to handle this.
- Stalling connections: These have been fixed to the extent possible
with a more robust event checking process.
- Manual certificate validation is no longer needed. OpenSSL will do
this for you if -require 1 is specified. You can see results via
-validatecommand callback and in tls::status verifyResult.
- Will only call bgerror if the -command, -password, or -validatecommand
callbacks throw an error.
- Will send proper close_notify message to peer on channel closure.
See the documentation for a complete list of changes.
Potential Compatibility Issues:
Option default changes:
- The -autoservername option defaults to true if -servername is not
specified.
- The -castore option defaults to "org.openssl.winstore://" on MS
Windows with OpenSSL 3.2+ if -cadir, -cadir, and -castore are not
specified.
- The -request option defaults to true.
- The -require option defaults to true. This may be an issue if CA
certificates are not available.
- The -servername option defaults to host value. So -autoservername is
no longer required.
- The -ssl2 option is no longer supported by OpenSSL 1.1+.
- The -ssl3 option doesn't have any effect by default. Use --enable-ssl3
compile time option to enable SSL3 first.
- The -tls1 and tls1.1 options default to false.
- The -tls1.2 and tls1.3 options default to true.
Callback changes:
- Only status/error message use the -command handler now. There are
several new types and the 'verify' type was moved to -validatecommand.
- Validation of certificates, client values, etc. use the new
-validatecommand handler.
- Password inputs use -password handler, but it now passes 3 arguments.
See the documentation for all compatibility changes.
Open Issues:
- May not be compatible with LibreSSL anymore.
- Warnings for deprecated OpenSSL API usage. Will be fixed in a future
release.
Download links:
Source code is available at either:
https://core.tcl-lang.org/tcltls/home
or
https://chiselapp.com/user/bohagan/repository/TCLTLS/home
or
https://github.com/bohagan1/TclTLS
Distribution file link:
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tcltls-2.0b1.tar.gz
or
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/tcltls-2.0b1.tar.gz
Windows library file link:
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tls2.0b1_win64_msvc.zip
or
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/tls2.0b1_win64_msvc.zip
Certificate Authority (CA) certificates:
Please read the documentation "Certificate Validation" section if you
don't have OpenSSL or the Certificate Authority (CA) certificates in PEM
format installed on your system.
https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html
How to use this release:
package prefer latest
package require tls 2.0b1
See documentation "Examples" section for more details.
https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html

Date Sujet#  Auteur
9 Feb 25 * Announce: TclTLS 2.0b1 Release7bohagan
9 Feb 25 +- Re: Announce: TclTLS 2.0b1 Release1Harald Oehlmann
9 Feb 25 +* Re: Announce: TclTLS 2.0b1 Release4Alan Grunwald
9 Feb 25 i`* Re: Announce: TclTLS 2.0b1 Release3bohagan
9 Feb 25 i `* Re: Announce: TclTLS 2.0b1 Release2Alan Grunwald
9 Feb 25 i  `- Re: Announce: TclTLS 2.0b1 Release1bohagan
9 Feb 25 `- Re: Announce: TclTLS 2.0b1 Release1Petro Kazmirchuk

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal