From Newsgroup: comp.lang.tcl
This is a multi-part message in MIME format. --------------TifYjP1RJkKmxK8DdS0KIrl0
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit
This is the beta 2 release of the TclTLS v2.0 package. There have been numerous bug fixes since the beta 1 release. The plan is to do the final release in a week, so please test and file any bug reports at the below
sites. See below for links to the files and the release notes. Thanks.
TclTLS 2.0 Release Notes:
*Notable New Features:*
- Fully TEA compliant build system has been added back. Supports
Windows, Linux, Mac, BSD, etc.
- Compatible with OpenSSL 3.0+ and TCL 9.0 including build-info command.
- Can use MS Windows Certificate Store on OpenSSL 3.2 or later.
- Greatly expanded the status returned by the tls::status command and
also added the new tls::connection command. The former returns SSL and certificate status while the latter returns the SSL status, cipher, and session info.
- Added missing TLS 1.3 functionality, set cipher suites, ALPN, SNI,
security level, etc.
- Error handing improvements, more specific error status, more
connection status via callbacks.
- Replaced separate Diffie-Hellman (DH) header file build process with
auto select.
- Add new tls::protocols command to list available SSL and TLS protocols.
- Now can load CA certificates, key files, etc. from virtual file
systems (VFS).
See
https://chiselapp.com/user/bohagan/repository/TCLTLS/home for more info.
*Documentation Updates:*
- Documentation was extensively updated and converted to man page and
HTML format.
- Updated the examples in the documentation and added an examples directory.
- Expanded the documentation and added a Certificate Validation section
with info on how PKI and certificates work and the related TclTLS args.
- Extensive code documentation updates.
*Notable Bug Fixes:*
(Some of these issues have been around for 15-20 years.)
- Many bugs, patches, etc. submitted to sourceforge.net and core.tcl.tk
have been fixed or implemented.
- Unexpected EOF: Added fix to correct OpenSSL issue where some sessions
can result in an unexpected EOF.
- Empty reads: These have been eliminated the extent possible, but may
still occur. See demos for how to handle this.
- Lock-ups and Stalling connections: These have been fixed to the extent possible with a more robust event checking process.
- Manual certificate validation is no longer needed. OpenSSL will do
this for you if -require 1 is specified. You can see results via -validatecommand callback and in tls::status verifyResult.
- Will only call bgerror if the -command, -password, or -validatecommand callbacks throw an error.
- Will send proper close_notify message to peer on channel closure.
See the documentation for a complete list of changes.
*Tested with: *
* TCL 8.6.14 and 9.0.2
* OpenSSL 1.1.1w, 3.0.18, 3.5.4, and 3.6.0
* Windows 7, Windows 10, Msys64, OpenSuSE Linux Leap 15.6 and 16.0,
and FreeBSD
*Potential Compatibility Issues:*
*Option default changes:*
- The -autoservername option defaults to true if -servername is not
specified.
- The -castore option defaults to "org.openssl.winstore://" on MS
Windows with OpenSSL 3.2+ if-cadir, -cadir, and -castore are not specified.
- The -request option defaults to true for clients.
- The -require option defaults to true for clients. This may be an issue
if the Certificate Authority (CA) certificates are not available.
- The -servername option defaults to socket host when used with
tls::socket. So -autoservername is no longer required.
- The -ssl2 option is no longer supported by OpenSSL 1.1+.
- The -ssl3 option doesn't have any effect by default. Use --enable-ssl3 compile time option to enable SSL3 first.
- The -tls1 and tls1.1 options default to false (not enabled).
- The -tls1.2 and tls1.3 options default to true (enabled).
*Callback changes:*
- Only status/error message use the -command handler now. There are
several new types and the 'verify' type was moved to -validatecommand.
- Validation of certificates, client values, etc. use the new
-validatecommand handler.
- Password inputs use -password handler, but it now passes 3 arguments.
See the documentation for all compatibility changes.
*Open Issues:*
- May not be compatible with LibreSSL anymore.
- Warnings for deprecated OpenSSL API usage. Will be fixed in a future release.
- Some BadSSL test cases may still fail due to platform specific
certificate checking defaults.
*Download links:*
Source code is available at
https://core.tcl-lang.org/tcltls/home in the tls-2.0 branch or in the following release files:
*
https://core.tcl-lang.org/tcltls/uv/tcltls-2.0b2.tar.gz
*
https://github.com/bohagan1/TclTLS/archive/refs/tags/tls-2.0b2.tar.gz
Windows library file link (TCL 8.6 & 9.0 with OpenSSL 3.6.0):
*
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tls2.0b2_win64_msvc.zip
*
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b2/tls2.0b2_win64_msvc.zip
Certificate Authority (CA) certificates:
Please read the documentation "Certificate Validation" section if you
don't have OpenSSL or the Certificate Authority (CA) certificates in PEM format installed on your system. If not, they can be obtained from:
https://core.tcl-lang.org/tcltls/file?name=doc/tls.html&ci=tls-2.0 <
https://core.tcl-lang.org/tcltls/file?name=doc/tls.html&ci=tls-2.0>
How to use this release:
package prefer latest
package require tls ?2.0b2?
See the README.txt file for the build steps.
See the documentation "Examples" section for usage examples.
More detailed examples can be found in the demos directory.
--------------TifYjP1RJkKmxK8DdS0KIrl0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>This is the beta 2 release of the TclTLS v2.0 package. There have
been numerous bug fixes since the beta 1 release. The plan is to
do the final release in a week, so please test and file any bug
reports at the below sites. See below for links to the files and
the release notes. Thanks.<br>
<br>
</p>
<h2>TclTLS 2.0 Release Notes:</h2>
<h3><b>Notable New Features:</b></h3>
<p>- Fully TEA compliant build system has been added back. Supports
Windows, Linux, Mac, BSD, etc.<br>
- Compatible with OpenSSL 3.0+ and TCL 9.0 including build-info
command.<br>
- Can use MS Windows Certificate Store on OpenSSL 3.2 or later.<br>
- Greatly expanded the status returned by the tls::status command
and also added the new tls::connection command. The former returns
SSL and certificate status while the latter returns the SSL
status, cipher, and session info.<br>
- Added missing TLS 1.3 functionality, set cipher suites, ALPN,
SNI, security level, etc.<br>
- Error handing improvements, more specific error status, more
connection status via callbacks.<br>
- Replaced separate Diffie-Hellman (DH) header file build process
with auto select.<br>
- Add new tls::protocols command to list available SSL and TLS
protocols.<br>
- Now can load CA certificates, key files, etc. from virtual file
systems (VFS).<br>
</p>
<p>See <a moz-do-not-send="true"
href="
https://chiselapp.com/user/bohagan/repository/TCLTLS/home"
class="moz-txt-link-freetext">
https://chiselapp.com/user/bohagan/repository/TCLTLS/home</a> for
more info.</p>
<p><br>
</p>
<h3><b>Documentation Updates:</b></h3>
<p>- Documentation was extensively updated and converted to man page
and HTML format.<br>
- Updated the examples in the documentation and added an examples
directory.<br>
- Expanded the documentation and added a Certificate Validation
section with info on how PKI and certificates work and the related
TclTLS args.<br>
- Extensive code documentation updates.<br>
<br>
</p>
<h3><b>Notable Bug Fixes:</b></h3>
<p>(Some of these issues have been around for 15-20 years.)<br>
- Many bugs, patches, etc. submitted to sourceforge.net and
core.tcl.tk have been fixed or implemented.<br>
- Unexpected EOF: Added fix to correct OpenSSL issue where some
sessions can result in an unexpected EOF.<br>
- Empty reads: These have been eliminated the extent possible, but
may still occur. See demos for how to handle this.<br>
- Lock-ups and Stalling connections: These have been fixed to the
extent possible with a more robust event checking process.<br>
- Manual certificate validation is no longer needed. OpenSSL will
do this for you if -require 1 is specified. You can see results
via -validatecommand callback and in tls::status verifyResult.<br>
- Will only call bgerror if the -command, -password, or
-validatecommand callbacks throw an error.<br>
- Will send proper close_notify message to peer on channel
closure.<br>
<br>
See the documentation for a complete list of changes.</p>
<p><br>
</p>
<h3><b>Tested with:
</b></h3>
<ul>
<li>TCL 8.6.14 and 9.0.2</li>
<li>OpenSSL 1.1.1w, 3.0.18, 3.5.4, and 3.6.0</li>
<li>Windows 7, Windows 10, Msys64, OpenSuSE Linux Leap 15.6 and
16.0, and FreeBSD</li>
</ul>
<p><br>
<br>
</p>
<h2><b>Potential Compatibility Issues:</b></h2>
<p><br>
</p>
<h3><b>Option default changes:</b></h3>
<p>- The -autoservername option defaults to true if -servername is
not specified.<br>
- The -castore option defaults to "org.openssl.winstore://" on MS
Windows with OpenSSL 3.2+ if-cadir, -cadir, and -castore are not
specified.<br>
- The -request option defaults to true for clients.<br>
- The -require option defaults to true for clients. This may be an
issue if the Certificate Authority (CA) certificates are not
available.<br>
- The -servername option defaults to socket host when used with
tls::socket. So -autoservername is no longer required.<br>
- The -ssl2 option is no longer supported by OpenSSL 1.1+.<br>
- The -ssl3 option doesn't have any effect by default. Use
--enable-ssl3 compile time option to enable SSL3 first.<br>
- The -tls1 and tls1.1 options default to false (not enabled).<br>
- The -tls1.2 and tls1.3 options default to true (enabled).<br>
<br>
</p>
<h3><b>Callback changes:</b></h3>
<p>- Only status/error message use the -command handler now. There
are several new types and the 'verify' type was moved to
-validatecommand.<br>
- Validation of certificates, client values, etc. use the new
-validatecommand handler.<br>
- Password inputs use -password handler, but it now passes 3
arguments.<br>
<br>
See the documentation for all compatibility changes.<br>
<br>
<br>
</p>
<h3><b>Open Issues:</b></h3>
<p>- May not be compatible with LibreSSL anymore.<br>
- Warnings for deprecated OpenSSL API usage. Will be fixed in a
future release.<br>
- Some BadSSL test cases may still fail due to platform specific
certificate checking defaults.<br>
<br>
<br>
</p>
<h2><b>Download links:</b></h2>
<p><br>
Source code is available at <a moz-do-not-send="true"
href="
https://core.tcl-lang.org/tcltls/home"
class="moz-txt-link-freetext">
https://core.tcl-lang.org/tcltls/home</a> in
the tls-2.0 branch or in the following release files:</p>
<ul>
<li><a moz-do-not-send="true"
href="
https://core.tcl-lang.org/tcltls/uv/tcltls-2.0b2.tar.gz"
class="moz-txt-link-freetext">
https://core.tcl-lang.org/tcltls/uv/tcltls-2.0b2.tar.gz</a></li>
<li><a moz-do-not-send="true" href="
https://github.com/bohagan1/TclTLS/archive/refs/tags/tls-2.0b2.tar.gz"
class="moz-txt-link-freetext">
https://github.com/bohagan1/TclTLS/archive/refs/tags/tls-2.0b2.tar.gz</a></li>
</ul>
<p><br>
Windows library file link (TCL 8.6 & 9.0 with OpenSSL 3.6.0):<br>
</p>
<ul>
<li><a moz-do-not-send="true" href="
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tls2.0b2_win64_msvc.zip"
class="moz-txt-link-freetext">
https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tls2.0b2_win64_msvc.zip</a></li>
<li><a moz-do-not-send="true" href="
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b2/tls2.0b2_win64_msvc.zip"
class="moz-txt-link-freetext">
https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b2/tls2.0b2_win64_msvc.zip</a></li>
</ul>
<p><br>
Certificate Authority (CA) certificates:<br>
<br>
Please read the documentation "Certificate Validation" section if
you don't have OpenSSL or the Certificate Authority (CA)
certificates in PEM format installed on your system. If not, they
can be obtained from:<br>
<a moz-do-not-send="true" href="
https://core.tcl-lang.org/tcltls/file?name=doc/tls.html&ci=tls-2.0">https://core.tcl-lang.org/tcltls/file?name=doc/tls.html&ci=tls-2.0</a><br>
<br>
<br>
</p>
<h2>How to use this release:</h2>
<p><br>
package prefer latest<br>
package require tls ?2.0b2?<br>
<br>
See the README.txt file for the build steps.<br>
See the documentation "Examples" section for usage examples.<br>
More detailed examples can be found in the demos directory.<br>
<br>
<br>
</p>
</body>
</html>
--------------TifYjP1RJkKmxK8DdS0KIrl0--
--- Synchronet 3.21a-Linux NewsLink 1.2