Re: Announce: TclTLS 2.0b1 Release

Liste des GroupesRevenir à cl tcl 
Sujet : Re: Announce: TclTLS 2.0b1 Release
De : nospam.nurdglaw (at) *nospam* gmail.com (Alan Grunwald)
Groupes : comp.lang.tcl
Date : 09. Feb 2025, 17:31:19
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <voalam$ncmb$1@dont-email.me>
References : 1
User-Agent : Mozilla Thunderbird
On 08/02/2025 23:35, bohagan wrote:
Announcement of TclTLS 2.0b1 release
 This is the beta 1 release of the TclTLS v2.0 package. There have been
numerous changes since the v1.7 release. See below for links to the
files and the release notes.
  TclTLS 2.0 Release Notes:
 Notable New Features:
- Fully TEA compliant build system has been added back. Supports
Windows, Linux, Max, BSD, etc.
- Compatible with OpenSSL 3.0+ and TCL 9.0 including build-info command.
- Can use MS Windows Cert Store on OpenSSL 3.2 or later.
- Greatly expanded the status returned by the tls::status command and
also added the new tls::connection command. The former returns SSL and
certificate status while the latter returns the SSL status, cipher, and
session info.
- Added missing TLS 1.3 functionality, set cipher suites, ALPN, SNI,
security level, etc.
- Error handing improvements, more specific error status, more
connection status via callbacks.
- Replaced separate Diffie-Hellman (DH) header file build process with
auto select.
- Add new tls::protocols command to list available SSL and TLS
protocols.
- Now can load CA certificates, key files, etc. from virtual file
systems (VFS).
 Documentation Updates:
- Documentation was extensively updated and converted to man page and
HTML format.
- Added more examples to documentation and an examples directory.
- Expanded the documentation and added a Certificate Validation section
with info on how PKI and certificates work and the related TclTLS args.
- Extensive code documentation updates.
 Notable Bug Fixes:
(Some of these issues have been around for 15-20 years.)
- Many bugs, patches, etc. submitted to sourceforge.net and core.tcl.tk
have been fixed or implemented.
- Unexpected EOF: Added fix to correct OpenSSL issue where some sessions
can result in an unexpected EOF.
- Empty reads: These have been eliminated the extent possible, but may
still occur. See demos for how to handle this.
- Stalling connections: These have been fixed to the extent possible
with a more robust event checking process.
- Manual certificate validation is no longer needed. OpenSSL will do
this for you if -require 1 is specified. You can see results via
-validatecommand callback and in tls::status verifyResult.
- Will only call bgerror if the -command, -password, or -validatecommand
callbacks throw an error.
- Will send proper close_notify message to peer on channel closure.
 See the documentation for a complete list of changes.
   Potential Compatibility Issues:
 Option default changes:
- The -autoservername option defaults to true if -servername is not
specified.
- The -castore option defaults to "org.openssl.winstore://" on MS
Windows with OpenSSL 3.2+ if -cadir, -cadir, and -castore are not
specified.
- The -request option defaults to true.
- The -require option defaults to true. This may be an issue if CA
certificates are not available.
- The -servername option defaults to host value. So -autoservername is
no longer required.
- The -ssl2 option is no longer supported by OpenSSL 1.1+.
- The -ssl3 option doesn't have any effect by default. Use --enable-ssl3
compile time option to enable SSL3 first.
- The -tls1 and tls1.1 options default to false.
- The -tls1.2 and tls1.3 options default to true.
 Callback changes:
- Only status/error message use the -command handler now. There are
several new types and the 'verify' type was moved to -validatecommand.
- Validation of certificates, client values, etc. use the new
-validatecommand handler.
- Password inputs use -password handler, but it now passes 3 arguments.
 See the documentation for all compatibility changes.
  Open Issues:
- May not be compatible with LibreSSL anymore.
- Warnings for deprecated OpenSSL API usage. Will be fixed in a future
release.
  Download links:
 Source code is available at either:
https://core.tcl-lang.org/tcltls/home
or
https://chiselapp.com/user/bohagan/repository/TCLTLS/home
or
https://github.com/bohagan1/TclTLS
  Distribution file link:
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tcltls-2.0b1.tar.gz
or
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/tcltls-2.0b1.tar.gz
 Windows library file link:
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tls2.0b1_win64_msvc.zip
or
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/tls2.0b1_win64_msvc.zip
  Certificate Authority (CA) certificates:
 Please read the documentation "Certificate Validation" section if you
don't have OpenSSL or the Certificate Authority (CA) certificates in PEM
format installed on your system.
https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html
  How to use this release:
 package prefer latest
package require tls 2.0b1
 See documentation "Examples" section for more details.
https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html
I've just downloaded from https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tcltls-2.0b1.tar.gz
After
./configure --prefix=/opt/tcl9.0.1 -with-tcl=/opt/tcl9.0.1/opt
make eventually executes this line
gcc -DPACKAGE_NAME=\"tls\" -DPACKAGE_TARNAME=\"tls\" -DPACKAGE_VERSION=\"2.0b1\" -DPACKAGE_STRING=\"tls\ 2.0b1\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DBUILD_tls=/\*\*/ -DHAVE_STDIO_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_STRINGS_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DUSE_THREAD_ALLOC=1 -D_REENTRANT=1 -D_THREAD_SAFE=1 -DTCL_THREADS=1 -DUSE_TCL_STUBS=1 -DUSE_TCLOO_STUBS=1 -DMODULE_SCOPE=extern\ __attribute__\(\(__visibility__\(\"hidden\"\)\)\) -DHAVE_HIDDEN=1 -DHAVE_CAST_TO_UNION=1 -DHAVE_STDBOOL_H=1 -DTCL_WIDE_INT_IS_LONG=1 -DTCL_CFG_OPTIMIZED=1 -DUSE_TCL_STUBS=1 -DNO_SSL3=1 -D_FORTIFY_SOURCE=2 -fstack-protector-all -fno-strict-overflow  -Wno-deprecated-declarations -I/usr/local/include -I"/opt/tcl9.0.1/include"  -I.    -O2 -fomit-frame-pointer -DNDEBUG -Wall -fPIC -pipe -O2 -fomit-frame-pointer -DNDEBUG -Wall -fPIC  -c `echo ./generic/tlsBIO.c` -o tlsBIO.o
which fails with a compilation error saying BIO_FLAGS_IN_EOF is undefined.
I've had a bit of a poke around but am mystified by this error. As far as I can make out, tlsBIO.c includes <openssl/bio.h>, which defines BIO_FLAGS_IN_EOF, so I am thoroughly confused.
I can't guarantee that I don't have another SSL package installed which might be getting in the way. How can I check, or what else might be causing my problem? More to the point, what can I do to fix it?
Alan

Date Sujet#  Auteur
9 Feb 25 * Announce: TclTLS 2.0b1 Release7bohagan
9 Feb 25 +- Re: Announce: TclTLS 2.0b1 Release1Harald Oehlmann
9 Feb 25 +* Re: Announce: TclTLS 2.0b1 Release4Alan Grunwald
9 Feb 25 i`* Re: Announce: TclTLS 2.0b1 Release3bohagan
9 Feb 25 i `* Re: Announce: TclTLS 2.0b1 Release2Alan Grunwald
9 Feb 25 i  `- Re: Announce: TclTLS 2.0b1 Release1bohagan
9 Feb 25 `- Re: Announce: TclTLS 2.0b1 Release1Petro Kazmirchuk

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal