summaryrefslogtreecommitdiffstats
path: root/tls/ChangeLog
blob: 0ec4367625be6ed300f3f5a6fa47c1ec3494d716 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
2015-05-01  Andreas Kupries  <andreask@activestate.com>

	* configure.in: Bump to version 1.6.5.
	* win/makefile.vc:
	* configure: regen with ac-2.59
	* tls.c: Accepted SF TLS [bug/patch #57](https://sourceforge.net/p/tls/bugs/57/).
	* tlsIO.c: Accepted core Tcl patch in [ticket](http://core.tcl.tk/tcl/tktview/0f94f855cafed92d0e174b7d835453a02831b4dd).

2014-12-05  Andreas Kupries  <andreask@activestate.com>

	* configure.in: Bump to version 1.6.4.
	* win/makefile.vc:
	* configure: regen with ac-2.59
	* tls.c: Accepted SF TLS patches #12 and #13 implementing
	* tls.htm: support for SNI, and TLS 1.1 + 1.2
	* tlsInt.h:
	* tlsIO.c: This also accepted patch for bug #53.
	* tls.tcl: Patch available since June, now committed.

2012-07-09  Andreas Kupries  <andreask@activestate.com>

	* configure.in: Bump to version 1.6.3.
	* win/makefile.vc:
	* configure: regen with ac-2.59

	* tls.c (MiscObjCmd): Fixed non-static string array used in call
	  of Tcl_GetIndexFromObj(). Memory smash waiting to happen. Thanks
	  to Brian Griffin for alerting us all to the problem. 

2012-06-01  Andreas Kupries  <andreask@activestate.com>

	* tls.c: Applied Jeff's patch from
	  http://www.mail-archive.com/aolserver@listserv.aol.com/msg12356.html

	* configure.in: Bump to version 1.6.2.
	* win/makefile.vc:
	* configure: regen with ac-2.59
	
2010-08-11  Jeff Hobbs  <jeffh@ActiveState.com>

	*** TLS 1.6.1 TAGGED ***

	* configure: regen with ac-2.59
	* win/makefile.vc, configure.in: bump version to 1.6.1
	* tclconfig/tcl.m4: updated to TEA 3.8

	* tls.c (StatusObjCmd): memleak: free peer if loaded. [Bug 3041925]

2010-07-27  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.tcl (tls::socket): some socket implementations have a -type
	support (e.g. for inet6).

2009-04-23  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.tcl (tls::initlib): add support for Windows starpack
	operation that unbundles any constituent libraries. [AS Bug 82888]

2008-06-18  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* tests/ciphers.test: Fix for different openssl versions.
	* win/makefile.vc:    Updates to support tests.
	* win/rules.vc:
	* win/nmakehlp.c:

2008-03-19  Jeff Hobbs  <jeffh@ActiveState.com>

	*** TLS 1.6 TAGGED ***

	* Makefile.in (dist): update to include win/ and file.srl

	* win/makefile.vc: bump version to 1.6
	* configure.in: use -L and -R where necessary. [Bug 1742859]

	* aclocal.m4: improve --with-ssl-dir check.

	* tests/tlsIO.test (tlsIO-14.*):   Add tls::unimport for symmetry
	* tls.htm, tls.c (UnimportObjCmd): to tls::import. [Bug 1203273]

	* tls.c (Tls_Clean, ImportObjCmd): Fix cleanup mem leak [Bug 1414045]
	Use better Eval APIs, cleaner Tcl_Obj-handling.

2008-03-19  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* win/Makefile.vc  Updated the nmake build files with MSVC9 support
	* win/rules.vc:    and fixed to run the test-suite properly.
	* win/nmakehlp.c:
	* tls.tcl (tls::initlib): Corrected namespace handling.
	* tls.c: Applied #1890223 to fix handshake on non-blocking sockets

2008-03-17  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.tcl (tls::initlib):     load tls.tcl first and call
	* Makefile.in (pkgIndex.tcl): tls::initlib to load library to
	handle cwd changes. [Bug 1888113]

2007-09-06  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* tls.c:           Silence 64 bit integer conversion warnings
	* win/nmakehlp.c:  Update build system to support AMD64 target
	* win/makefile.vc: with MSVC8
	* win/rules.vc:

2007-06-22  Jeff Hobbs  <jeffh@ActiveState.com>

	* tlsIO.c (TlsInputProc, TlsOutputProc, TlsWatchProc): 
	* tls.c (VerifyCallback): add an state flag in the verify callback
	that prevents possibly recursion (on 'update'). [Bug 1652380]

	* tests/ciphers.test: reworked to make test output cleaner to
	understand missing ciphers (if any)

	* Makefile.in, tclconfig/tcl.m4: update to TEA 3.6
	* configure, configure.in:       using autoconf-2.59

2007-02-28  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* win/makefile.vc: Rebase the DLL sensibly. Additional libs for 
	static link of openssl.
	* tls.tcl: bug #1579837 - TIP 278 bug (possibly) - fixed.

2006-03-30  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* tclconfig/*:  Updated to TEA 3.5 in response to bug 1460491
	* configure*:   Regenerated configure.

2005-02-08  Jeff Hobbs  <jeffh@ActiveState.com>

	* Makefile.in, tclconfig/tcl.m4: update to TEA 3.2
	* configure, configure.in:       using autoconf-2.59

2004-12-23  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* Makefile.in:      Removed spurious copying of tls.tcl into the
	                    build directory.

2004-12-22  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* configure.in:     Incremented minor version to 1.5.1
	* configure:        

2004-12-17  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* win/makefile.vc:  Added the MSVC build system (from the Tcl
	* win/rules.vc:     sampleextension).
	* win/nmakehlp.c:
	* win/tls.rc        Added Windows resource file.
	
	* tls.tcl:          From patch #948155, added support for
	                    alternate socket commands.
	* tls.c:            Quieten some MSVC warnings. Prefer ckalloc
	                    over Tcl_Alloc. (David Graveraux).

2004-06-29  Pat Thoyts  <patthoyts@users.sourceforge.net>

	* tls.c:            Fixup to build against tcl 8.3.3. Handle
	* tlsIO.c:          8.4 constification.

	* tlsInt.h:         Added headers required with MSVC on Win32.
	* tlsX509.c:        undef min and max if defined (win32).

	* Makefile.in:      Fixed to build on win32 using msys with
	* aclocal.m4:       MSVC. Also fixed the test target.
	* configure.in:
	* configure:        Regenerated.
	* tclconfig/tcl.m4: Updated to most recent version.

2004-03-23  Dan Razzell <research@starfishsystems.ca>
	* tls.c:
	* tlsBIO.c:
	* tlsIO.c:
	* tlsInt.h:	Fixed type match warnings.

2004-03-19  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.c (Tls_Init):   replaced older TEA config with newer
	* config/* (removed):
	* pkgIndex.tcl.in, strncasecmp.c (removed):
	* Makefile.in, aclocal.m4, configure, configure.in:
	* tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4:

2004-03-17  Dan Razzell <research@starfishsystems.ca>

	* tlsX509.c:	Add support for long serial numbers per RFC 3280.
			Format is now hexadecimal. 
			[Request #915313]
			Correctly convert certificate Distinguished Names
			to Tcl string representation.  Eliminates use of
			deprecated OpenSSL function.  Format is now compliant
			with RFC 2253.  [Request #915315]

2004-02-17  Dan Razzell <research@starfishsystems.ca>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<research@starfishsystems.ca>

	* tls.c:	Allow verify callback to return empty result.
	* tls.htm:	Document callback behaviors.

2004-02-11  Dan Razzell	<research@starfishsystems.ca>

	* tests/tlsIO.test:
	* remote.tcl:	Complete private key name changes from 2001-06-21.

2004-02-03  Dan Razzell <research@starfishsystems.ca>

	* Makefile.in:	Removed circular dependency.
	* tlsInt.h:	Make function declarations explicit.
	* tls.c:	Fix type match and unused variable warnings.
	* tlsBIO.c:	Fix type match warning.

2003-12-15  Dan Razzell	<research@starfishsystems.ca>

	* pkgIndex.tcl.in:
	* tls.htm:
	* tests/tlsIO.test: updated version to 1.5.

2003-10-07  Dan Razzell	<research@starfishsystems.ca>

	* tests/ciphers.test: updated list of tested ciphers to correspond
	* with those available from OpenSSL. [Request #811981]

2003-10-07  Dan Razzell <research@starfishsystems.ca>

	* tls.c: added CONST with intent similar to those from 2002-02-04.
	[Request #811911]

2003-07-07  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.c (Tls_Init):   added tls::misc command provided by
	* tlsX509.c:          Wojciech Kocjan (wojciech kocjan.org)
	* tests/keytest1.tcl: to expose more low-level SSL commands
	* tests/keytest2.tcl:

2003-05-15  Dan Razzell	<research@starfishsystems.ca> 

	* tls.tcl:
	* tlsInt.h:
	* tls.c: add support for binding a password callback to the socket.
	Now each socket can have its own command and password callbacks instead
	of being forced to have all password management pass through a common
	procedure.  The common password procedure is retained for compatibility
	but its use should be DEPRECATED.
	Add version command to return OpenSSL version string.
	Remove unstable workarounds needed for verify in obsolete versions of
	OpenSSL.
	Fix memory leak. [Request #640660]
	More casts to eliminate compiler warnings.

	* tls.htm: document password callback.
	Correct technical and typographic errors.

	* README.txt: identify versions of OpenSSL which fix known problems.
	General warning of security problems in older versions of OpenSSL.

2002-02-04  Jeff Hobbs  <jeffh@ActiveState.com>

	* tls.htm:
	* tls.c: added support for local certificate status check, as well
	as returning the # of bits in the session key. [Patch #505698] (rose)

	* tls.c:
	* tlsIO.c:
	* tlsBIO.c: added CONSTs to satisfy Tcl 8.4 sources.  This may
	give warnings when compiled against 8.3, but they can be ignored.

	* tests/simpleClient.tcl:
	* tests/simpleServer.tcl: point to updated client/server key files.

	* tests/tlsIO.test:
	* tests/ciphers.test: updated to load tls from build dir.

	* Makefile.in: removed strncasecmp from default object set.  This
	is only needed on the Mac, and Tcl stubs provides it.

	* configure: regen'ed.
	* configure.in: updated to 1.5.0 for next release.
	Changed default openssl location to /usr/local/ssl (this is where
	openssl 0.9.6c installs by default).
	Changed to use public Tcl headers (private not needed).

2001-06-21  Jeff Hobbs  <jeffh@ActiveState.com>

	TLS 1.4.1 RELEASE

	* configure: added configure to CVS
	* configure.in: moved to patchlevel 1.4.1

	* Makefile.in: corrected 'dist' target

	* tests/certs/file.srl:
	* tests/certs/ca.pem:
	* tests/certs/client.key:
	* tests/certs/client.pem:
	* tests/certs/client.req:
	* tests/certs/privkey.pem:
	* tests/certs/server.key:
	* tests/certs/server.pem:
	* tests/certs/server.req:
	* tests/certs/cacert.pem: replaced by new ca.pem
	* tests/certs/skey.pem: replaced by new server.key
	* tests/certs/ckey.pem: replaced by new client.key
	* tests/certs/README.txt: new set of test certificates with some
	README info on their generation.

	* tests/ciphers.test: updated ciphers expected with default
	openssl build.

	* tests/tclIO.test: updated to use new names for certs/keys.

2001-03-14  Jeff Hobbs  <jeffh@gimlet.activestate.com>

	* tls.c (Tls_Init): add do/while for random number initialization
	to work around some OSes quirks.  (Ralph.Billes@teltech.com.au)

2000-09-07  Jeff Hobbs  <hobbs@scriptics.com>

	* tlsIO.c (Tls_ChannelType): set typeName field of channel type to
	"tls" (this got lost in move to dynamic version compatability
	checking).

2000-08-23  Jeff Hobbs  <hobbs@scriptics.com>

	TLS 1.4 RELEASED

	* Makefile.in (dist): create dist target for archive distributions

	* tests/tlsIO.test (tlsIO-8.1): added a delay on the accept close
	to make the test work with OpenSSL on Windows (doesn't affect
	other builds).

	* tls.htm: updated with notes for 1.4.

2000-08-21  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/tlsIO.test: require at least tls1.4 in test suite.

2000-08-18  Jeff Hobbs  <hobbs@scriptics.com>

	* tls.c (Tls_Init): added call to RAND_seed to seed the SSL random
	number generator.  Without this, OpenSSL 0.9.5 chokes, and in any
	case it is a big security hole to do without it.

	* configure.in (OPENSSL): added NO_IDEA and NO_RC5 defines by
	default when compiling with OpenSSL.

	* tlsInt.h: added err.h include

	* tlsBIO.c:
	* tlsIO.c: corrected pedantic cast errors.

2000-08-16  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/ciphers.test: improved ability to change constraint
	setting for whether user compiled against RSA or OpenSSL libs.

	* tls.c (Tls_Init): corrected interpretation of version number
	(patchlevel and release/serial were swapped).

2000-08-15  Jeff Hobbs  <hobbs@scriptics.com>

	* README.txt: added notes about need to use 8.2.0+.

	* tlsInt.h:
	* tls.c:
	* tlsIO.c: corrected structure initialization to work when
	compiling with 8.2.  Now compiles with 8.2+ and tested to work
	with 8.2+ and dynamically adjust to the version of Tcl it was
	loaded into.  TLS will fail the test suite with Tcl 8.2-8.3.1.

	* tests/all.tcl: added catch around ::tcltest::normalizePath
	because it doesn't exist in pre-8.3 tcltest.

	* tests/simpleClient.tcl: 
	* tests/simpleServer.tcl: added simple client/server test scripts
	that use test certs and can do simple stress tests.

2000-08-14  Jeff Hobbs  <hobbs@scriptics.com>

	* tlsInt.h:
	* tlsIO.c:
	* tlsBIO.c:
	* tls.c: changed around to only working with 8.2.0+ (8.3.2+
	preferred), with runtime checks for pre- and post-io-rewrite.

	* tls.c (Tls_Init): changed it to require 8.3.2 when Tcl_InitStubs
	was called because we don't want people using TLS with the
	original stacked channel implementation.

2000-07-26  Jeff Hobbs  <hobbs@scriptics.com>

	* merged all changes from tls-1-3-io-rewrite back into main branch

	* tests/tlsIO.test: updated comments, fixed a pcCrash case that
	was due to debug assertion in Windows SSL.

	* tls.c (ImportObjCmd): removed unnecessary use of 'bio' arg.
	(Tls_Init): check return value of SSL_library_init.  Also lots of
	whitespace cleanup (more like Tcl Eng style guide), but not all
	code was cleaned up.

	* tlsBIO.c: minor whitespace cleanup

	* tlsIO.c: minor whitespace cleanup.
	(TlsInputProc, TlsOutputProc): Added ERR_clear_error before calls
	to BIO_read or BIO_write, because we could otherwise end up
	pulling an error off the stack that didn't belong to us.  Also
	cleanup up excessive use of gotos.

2000-07-20  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/tlsIO.test: corrected various tests to be correct for TLS
	stacked channels (as opposed to the standard sockets the test
	suite was adopted from).  Key differences are that TLS cannot
	operate in one process without all channels being non-blocking, or
	the handshake will block, and handshaking must be forced in some
	cases.  Also, handshakes don't seem to complete unless the client
	has placed at least one byte for the server to read in the channel.

	* tests/remote.tcl: corrected the finding of tests certificates

	* tlsIO.c (TlsCloseProc): removed deleting of timer handler as
	that is handled by Tls_Clean.

	* tls.tcl (tls::_accept): corrected the internal _accept to
	trickle callback errors to the user.

	* Makefile.in: made the install-binaries target regenerate the
	pkgIndex.tcl correctly.  The test target probably shouldn't screw
	it up, but this is to be on the safe side.

2000-07-17  Jeff Hobbs  <hobbs@scriptics.com>

	* pkgIndex.tcl.in:
	* configure.in: updated version to 1.4

2000-07-13  Jeff Hobbs  <hobbs@scriptics.com>

	* tests/tlsIO.test: enabled tests 2.10, 7.[1245] (there is no 3),
	which now pass.  Added some comments to other failing tests.

2000-07-11  Jeff Hobbs  <hobbs@scriptics.com>

	* tlsIO.c: changed all the channel procs to start with Tls* for
	better parity when comparing with Transform channel procs.
	Rewrote TlsWatchProc, added TlsNotifyProc according to the new
	channel design, which also leaves TlsChannelHandler unused.

	* tlsBIO.c (BioCtrl): changed BIO_CTRL_FLUSH case to use
	Tcl_WriteRaw instead of Tcl_Flush (to operate on correct channel
	in the stack instead of starting at the top again).  Would
	otherwise cause a recursive stack bomb when implicit handshaking
	took effect.

	* tests/tlsIO.test: removed changes made to test suite (all tests
	that ran before now pass correctly), and changed some accept proc
	args to reflect that a sock is an arg, not a file.

2000-07-10  Jeff Hobbs  <hobbs@scriptics.com>

	* tlsBIO.c (BioWrite, BioRead): changed Tcl_Read/Write to
	Tcl_ReadRaw/TclWriteRaw.

	* tls.c: added use of Tcl_GetTopChannel after Tcl_GetChannel and
	got return value from Tcl_StackChannel.

	* tests/tlsIO.test: added some handshaking that shouldn't be
	necessary, but we crash otherwise (needs more testing).

	* tlsIO.c: added support for "corrected" stacked channels.  All
	the above channels are in TCL_CHANNEL_VERSION_2 #ifdefs.

2000-06-05  Scott Stanton  <stanton@ajubasolutions.com>

	* Makefile.in: Fixed broken test target.

	* tlsInt.h: 
	* tls.c: Cleaned up declarations of Tls_Clean to avoid errors on
	Windows (lint).

2000-06-05  Brent Welch <welch@ajubasolutions.com>

	* tls.c, tlsIO.c:  Split Tls_Free into Tls_Clean, which does
	the SSL cleanup, and the Tcl_Free call.  It is important to shutdown
	the SSL state "synchronously" during a stacked flush.

2000-06-01  Scott Stanton  <stanton@ajubasolutions.com>

	* tlsIO.c: Restored call to Tcl_NotifyChannel from ChannelHandler
	to ensure that events propagate from the lower driver.  This may
	result in an infinite loop in some cases, so this is not a total
	fix.  This may be sufficient for now, however. [Bug: 5623]

2000-06-01  Scott Stanton  <stanton@scriptics.com>

	* tlsIO.c: Restore the previous version.  Fixed the CloseProc so
	it unregisters the channel handler on the superceded channel
	instead of the upper channel. Also removed the call to
	Tcl_NotifyChannel in the ChannelHandler because this will result
	in an infinite loop if data is ever buffered in the BIO
	structure. [Bug: 5623]

2000-05-31  Brent Welch <welch@scriptics.com>

	* tls.c: Change the ChannelHandler to be registered on the main
	channel as oppsed to the "parent", or superceeded, channel.  This
	is because the socket driver notifies the main channel, and there
	are times with the main channel gets closed, but the superceded
	one is not yet closed.  If the channel handler gets triggered in
	this half-open state it is associated with the superceeded
	channedl, but uses its private pointer to the main channel, which
	is mostly destroyed.  Eliminated the redundant call to
	Tcl_NotifyChannel from TlsWatchProc. [Bug: 5623]