Article <vo9vem$i6o1$1@dont-email.me>

Deutsch English Français Italiano
<vo9vem$i6o1$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Harald Oehlmann <wortkarg3@yahoo.com>
Newsgroups: comp.lang.tcl
Subject: Re: Announce: TclTLS 2.0b1 Release
Date: Sun, 9 Feb 2025 11:19:03 +0100
Organization: A noiseless patient Spider
Lines: 149
Message-ID: <vo9vem$i6o1$1@dont-email.me>
References: <62a382bb232b6f65116472745c302ab2@www.novabbs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 09 Feb 2025 11:19:03 +0100 (CET)
Injection-Info: dont-email.me; posting-host="ffe0f7a3bbd650ec33822745bddf1d15";
	logging-data="596737"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18WY4/JGABgCkt387LZMR0y"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:CFIP6DRxXHLCAvbnpDCMklowcGg=
In-Reply-To: <62a382bb232b6f65116472745c302ab2@www.novabbs.com>
Content-Language: en-GB
Bytes: 6745

Hi Brian,
that is a leap jump, thank you !
I am particallary interested in the error callback.
That is great. I was always annoyed, that bgerror was called on any TLS 
negociation error.
Also the Windows cert usage is great.
This means, that we can use TclTLS for all platforms in an unified manner.

Monday is the biweekly Tcl/Tk telco. Maybe, this may be elaborated.
I see TclTLS as possible bundled package for TCL.

Thanks for all,
Harald


Am 09.02.2025 um 00:35 schrieb bohagan:
> Announcement of TclTLS 2.0b1 release
> 
> This is the beta 1 release of the TclTLS v2.0 package. There have been
> numerous changes since the v1.7 release. See below for links to the
> files and the release notes.
> 
> 
> TclTLS 2.0 Release Notes:
> 
> Notable New Features:
> - Fully TEA compliant build system has been added back. Supports
> Windows, Linux, Max, BSD, etc.
> - Compatible with OpenSSL 3.0+ and TCL 9.0 including build-info command.
> - Can use MS Windows Cert Store on OpenSSL 3.2 or later.
> - Greatly expanded the status returned by the tls::status command and
> also added the new tls::connection command. The former returns SSL and
> certificate status while the latter returns the SSL status, cipher, and
> session info.
> - Added missing TLS 1.3 functionality, set cipher suites, ALPN, SNI,
> security level, etc.
> - Error handing improvements, more specific error status, more
> connection status via callbacks.
> - Replaced separate Diffie-Hellman (DH) header file build process with
> auto select.
> - Add new tls::protocols command to list available SSL and TLS
> protocols.
> - Now can load CA certificates, key files, etc. from virtual file
> systems (VFS).
> 
> Documentation Updates:
> - Documentation was extensively updated and converted to man page and
> HTML format.
> - Added more examples to documentation and an examples directory.
> - Expanded the documentation and added a Certificate Validation section
> with info on how PKI and certificates work and the related TclTLS args.
> - Extensive code documentation updates.
> 
> Notable Bug Fixes:
> (Some of these issues have been around for 15-20 years.)
> - Many bugs, patches, etc. submitted to sourceforge.net and core.tcl.tk
> have been fixed or implemented.
> - Unexpected EOF: Added fix to correct OpenSSL issue where some sessions
> can result in an unexpected EOF.
> - Empty reads: These have been eliminated the extent possible, but may
> still occur. See demos for how to handle this.
> - Stalling connections: These have been fixed to the extent possible
> with a more robust event checking process.
> - Manual certificate validation is no longer needed. OpenSSL will do
> this for you if -require 1 is specified. You can see results via
> -validatecommand callback and in tls::status verifyResult.
> - Will only call bgerror if the -command, -password, or -validatecommand
> callbacks throw an error.
> - Will send proper close_notify message to peer on channel closure.
> 
> See the documentation for a complete list of changes.
> 
> 
> 
> Potential Compatibility Issues:
> 
> Option default changes:
> - The -autoservername option defaults to true if -servername is not
> specified.
> - The -castore option defaults to "org.openssl.winstore://" on MS
> Windows with OpenSSL 3.2+ if -cadir, -cadir, and -castore are not
> specified.
> - The -request option defaults to true.
> - The -require option defaults to true. This may be an issue if CA
> certificates are not available.
> - The -servername option defaults to host value. So -autoservername is
> no longer required.
> - The -ssl2 option is no longer supported by OpenSSL 1.1+.
> - The -ssl3 option doesn't have any effect by default. Use --enable-ssl3
> compile time option to enable SSL3 first.
> - The -tls1 and tls1.1 options default to false.
> - The -tls1.2 and tls1.3 options default to true.
> 
> Callback changes:
> - Only status/error message use the -command handler now. There are
> several new types and the 'verify' type was moved to -validatecommand.
> - Validation of certificates, client values, etc. use the new
> -validatecommand handler.
> - Password inputs use -password handler, but it now passes 3 arguments.
> 
> See the documentation for all compatibility changes.
> 
> 
> Open Issues:
> - May not be compatible with LibreSSL anymore.
> - Warnings for deprecated OpenSSL API usage. Will be fixed in a future
> release.
> 
> 
> Download links:
> 
> Source code is available at either:
> https://core.tcl-lang.org/tcltls/home
> or
> https://chiselapp.com/user/bohagan/repository/TCLTLS/home
> or
> https://github.com/bohagan1/TclTLS
> 
> 
> Distribution file link:
> https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/tcltls-2.0b1.tar.gz
> or
> https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/ 
> tcltls-2.0b1.tar.gz
> 
> Windows library file link:
> https://chiselapp.com/user/bohagan/repository/TCLTLS/uv/ 
> tls2.0b1_win64_msvc.zip
> or
> https://github.com/bohagan1/TclTLS/releases/download/tls-2.0b1/ 
> tls2.0b1_win64_msvc.zip
> 
> 
> Certificate Authority (CA) certificates:
> 
> Please read the documentation "Certificate Validation" section if you
> don't have OpenSSL or the Certificate Authority (CA) certificates in PEM
> format installed on your system.
> https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html
> 
> 
> How to use this release:
> 
> package prefer latest
> package require tls 2.0b1
> 
> See documentation "Examples" section for more details.
> https://chiselapp.com/user/bohagan/repository/TCLTLS/file?name=doc/tls.html