TclXMPP

Check-in [fa4c7eb607]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
SHA1:fa4c7eb6074f43d8b9734e6ab126944b7cfeb442
Date: 2015-12-29 04:20:06
User: sgolovan
Comment:Added -tls1.1 and -tls1.2 options to support TLS1.1 and TLS1.2 protocols and enabled them by default. Disabled SSLv3 by default. Disabled SSLv3 and enabled TLS1.1 and TLS1.2 protocols if available.
Tags And Properties
Context
2015-12-29
07:06
[524363a404] Extended copyright years. (user: sgolovan, tags: trunk)
04:20
[fa4c7eb607] Added -tls1.1 and -tls1.2 options to support TLS1.1 and TLS1.2 protocols and enabled them by default. Disabled SSLv3 by default. Disabled SSLv3 and enabled TLS1.1 and TLS1.2 protocols if available. (user: sgolovan, tags: trunk)
2015-12-21
16:35
[81e700f03f] Fixed the ::xmpp::roster::send routine to send only one item in jabber:iq:roster query (and actually send it). Bumped the xmpp::roster package version to 0.2. (user: sgolovan, tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ChangeLog.










1
2
3
4
5
6
7









2015-12-21  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/pkgIndex.tcl, xmpp/roster.tcl: Fixed the ::xmpp::roster::send
	  routine to send only one item in jabber:iq:roster query (and actually
	  send it). Bumped the xmpp::roster package version to 0.2.

2015-12-20  Sergei Golovan  <sgolovan@nes.ru>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2015-12-29  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/starttls.tcl, xmpp/tls.tcl: Added -tls1.1 and -tls1.2 options
	  to support TLS1.1 and TLS1.2 protocols and enabled them by default.
	  Disabled SSLv3 by default.

	* xmpp/bosh.tcl, xmpp/poll.tcl: Disabled SSLv3 and enabled TLS1.1 and
	  TLS1.2 protocols if available.

2015-12-21  Sergei Golovan  <sgolovan@nes.ru>

	* xmpp/pkgIndex.tcl, xmpp/roster.tcl: Fixed the ::xmpp::roster::send
	  routine to send only one item in jabber:iq:roster query (and actually
	  send it). Bumped the xmpp::roster package version to 0.2.

2015-12-20  Sergei Golovan  <sgolovan@nes.ru>

Changes to xmpp/bosh.tcl.

61
62
63
64
65
66
67






68
69
70
71
72
73
74
75
# Result:
#       A channel with performed TLS handshake.
#
# Side effects:
#       A new socket is created.

proc ::xmpp::transport::bosh::sock {args} {






    eval [linsert $args 0 ::tls::socket -ssl2 0 -tls1 1]
}

# ::xmpp::transport::bosh::open --
#
#       Open connection to XMPP server. For BOSH transport this means
#       "store BOSH parameters, create XML parser, and return or call back
#       with success.







>
>
>
>
>
>
|







61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Result:
#       A channel with performed TLS handshake.
#
# Side effects:
#       A new socket is created.

proc ::xmpp::transport::bosh::sock {args} {
    if {![catch ::tls::ciphers tls1.1]} {
        set args [linsert $args 0 -tls1.1 1]
    }
    if {![catch ::tls::ciphers tls1.2]} {
        set args [linsert $args 0 -tls1.2 1]
    }
    eval [linsert $args 0 ::tls::socket -ssl2 0 -ssl3 0 -tls1 1]
}

# ::xmpp::transport::bosh::open --
#
#       Open connection to XMPP server. For BOSH transport this means
#       "store BOSH parameters, create XML parser, and return or call back
#       with success.

Changes to xmpp/poll.tcl.

51
52
53
54
55
56
57






58
59
60
61
62
63
64
65
# Result:
#       A channel with performed TLS handshake.
#
# Side effects:
#       A new socket is created.

proc ::xmpp::transport::poll::sock {args} {






    eval [linsert $args 0 ::tls::socket -ssl2 0 -tls1 1]
}

# ::xmpp::transport::poll::open --
#
#       Open connection to XMPP server. For HTTP-poll transport this means
#       "store poll parameters, create XML parser, and return or call back
#       with success.







>
>
>
>
>
>
|







51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Result:
#       A channel with performed TLS handshake.
#
# Side effects:
#       A new socket is created.

proc ::xmpp::transport::poll::sock {args} {
    if {![catch ::tls::ciphers tls1.1]} {
        set args [linsert $args 0 -tls1.1 1]
    }
    if {![catch ::tls::ciphers tls1.2]} {
        set args [linsert $args 0 -tls1.2 1]
    }
    eval [linsert $args 0 ::tls::socket -ssl2 0 -ssl3 0 -tls1 1]
}

# ::xmpp::transport::poll::open --
#
#       Open connection to XMPP server. For HTTP-poll transport this means
#       "store poll parameters, create XML parser, and return or call back
#       with success.

Changes to xmpp/starttls.tcl.

1
2
3
4
5
6
7
8
9
10
11
12
13
..
43
44
45
46
47
48
49


50
51
52
53
54
55
56
..
87
88
89
90
91
92
93


94
95
96
97
98
99
100
...
107
108
109
110
111
112
113
114
115
116



117
118
119








120
121
122
123
124
125
126
# starttls.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       tls network socket security layer.
#
# Copyright (c) 2008-2013 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require xmpp::stanzaerror
package require xmpp::transport::tls

................................................................................
#       -cadir                  Options for ::tls::import procedure (see
#       -cafile                 tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1


#       -request
#       -require
#       -password
#
# Result:
#       In asynchronous mode a control token is returned (it allows to abort
#       STARTTLS process). In synchronous mode either new stream session ID is
................................................................................
            -cadir         -
            -cafile        -
            -certfile      -
            -keyfile       -
            -ssl2          -
            -ssl3          -
            -tls1          -


            -request       -
            -require       -
            -password      -
            -verifycommand -
            -infocommand   {
                lappend state(tlsArgs) $key $val
            }
................................................................................
            default {
                unset state
                return -code error [::msgcat::mc "Illegal option \"%s\"" $key]
            }
        }
    }

    # Append default TLS options which differ from the tls::import defaults
    if {![::xmpp::xml::isAttr $state(tlsArgs) -ssl2]} {
        lappend state(tlsArgs) -ssl2 0



    }
    if {![::xmpp::xml::isAttr $state(tlsArgs) -tls1]} {
        lappend state(tlsArgs) -tls1 1








    }

    ::xmpp::RegisterElement $xlib * urn:ietf:params:xml:ns:xmpp-tls \
                            [namespace code [list Parse $token]]

    if {$timeout > 0} {
        set state(afterid) \





|







 







>
>







 







>
>







 







|


>
>
>



>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
..
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
..
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
...
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# starttls.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       tls network socket security layer.
#
# Copyright (c) 2008-2015 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require xmpp::stanzaerror
package require xmpp::transport::tls

................................................................................
#       -cadir                  Options for ::tls::import procedure (see
#       -cafile                 tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1
#       -tls1.1                 (supported by tls 1.6 and newer)
#       -tls1.2                 (supported by tls 1.6 and newer)
#       -request
#       -require
#       -password
#
# Result:
#       In asynchronous mode a control token is returned (it allows to abort
#       STARTTLS process). In synchronous mode either new stream session ID is
................................................................................
            -cadir         -
            -cafile        -
            -certfile      -
            -keyfile       -
            -ssl2          -
            -ssl3          -
            -tls1          -
            -tls1.1        -
            -tls1.2        -
            -request       -
            -require       -
            -password      -
            -verifycommand -
            -infocommand   {
                lappend state(tlsArgs) $key $val
            }
................................................................................
            default {
                unset state
                return -code error [::msgcat::mc "Illegal option \"%s\"" $key]
            }
        }
    }

    # Append default TLS options which may differ from the tls::import defaults
    if {![::xmpp::xml::isAttr $state(tlsArgs) -ssl2]} {
        lappend state(tlsArgs) -ssl2 0
    }
    if {![::xmpp::xml::isAttr $state(tlsArgs) -ssl3]} {
        lappend state(tlsArgs) -ssl3 0
    }
    if {![::xmpp::xml::isAttr $state(tlsArgs) -tls1]} {
        lappend state(tlsArgs) -tls1 1
    }
    if {![::xmpp::xml::isAttr $state(tlsArgs) -tls1.1] && \
            ![catch ::tls::ciphers tls1.1]} {
        lappend state(tlsArgs) -tls1.1 1
    }
    if {![::xmpp::xml::isAttr $state(tlsArgs) -tls1.2] && \
            ![catch ::tls::ciphers tls1.2]} {
        lappend state(tlsArgs) -tls1.2 1
    }

    ::xmpp::RegisterElement $xlib * urn:ietf:params:xml:ns:xmpp-tls \
                            [namespace code [list Parse $token]]

    if {$timeout > 0} {
        set state(afterid) \

Changes to xmpp/tls.tcl.

1
2
3
4
5
6
7
8
9
10
11
12
13
..
70
71
72
73
74
75
76


77
78
79
80
81
82
83
...
127
128
129
130
131
132
133


134
135
136
137
138
139
140
141
142
143
144
145



146
147
148








149
150
151
152
153
154
155
...
263
264
265
266
267
268
269


270
271
272
273
274
275
276
# tls.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       XMPP stream over TLS encrypted TCP sockets.
#
# Copyright (c) 2008-2013 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require tls 1.4

package require pconnect
................................................................................
#       -cadir                      Options for ::tls::import procedure (see
#       -cafile                     tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1


#       -request
#       -require
#       (other arguments are passed to [::pconnect::socket])
#       -proxy string               Proxy type "" (default), "socks4",
#                                   "socks5", or "https"
#       -host string                Proxy hostname (required if -proxy
#                                   isn't empty)
................................................................................
            -cadir                -
            -cafile               -
            -certfile             -
            -keyfile              -
            -ssl2                 -
            -ssl3                 -
            -tls1                 -


            -request              -
            -require              -
            -passwordcommand      -
            -verifycommand        -
            -infocommand          {lappend tlsArgs $key $val}
            default               {lappend newArgs $key $val}
        }
    }

    # Append default TLS options which differ from the tls::import defaults
    if {![::xmpp::xml::isAttr $tlsArgs -ssl2]} {
        lappend tlsArgs -ssl2 0



    }
    if {![::xmpp::xml::isAttr $tlsArgs -tls1]} {
        lappend tlsArgs -tls1 1








    }

    if {![info exists cmd]} {
        # Synchronous mode
        set state(sock) [eval [list ::pconnect::socket $host $port] $newArgs]
        Configure $token $tlsArgs
    } else {
................................................................................
#       -cadir                  Options for ::tls::import procedure (see
#       -cafile                 tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1


#       -request
#       -require
#
# Result:
#       Empty string.
#
# Side effects:





|







 







>
>







 







>
>









|


>
>
>



>
>
>
>
>
>
>
>







 







>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
..
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
...
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
...
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
# tls.tcl --
#
#       This file is part of the XMPP library. It provides support for the
#       XMPP stream over TLS encrypted TCP sockets.
#
# Copyright (c) 2008-2015 Sergei Golovan <sgolovan@nes.ru>
#
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAMER OF ALL WARRANTIES.

package require tls 1.4

package require pconnect
................................................................................
#       -cadir                      Options for ::tls::import procedure (see
#       -cafile                     tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1
#       -tls1.1                     (supported for tls 1.6 and newer)
#       -tls1.2                     (supported for tls 1.6 and newer)
#       -request
#       -require
#       (other arguments are passed to [::pconnect::socket])
#       -proxy string               Proxy type "" (default), "socks4",
#                                   "socks5", or "https"
#       -host string                Proxy hostname (required if -proxy
#                                   isn't empty)
................................................................................
            -cadir                -
            -cafile               -
            -certfile             -
            -keyfile              -
            -ssl2                 -
            -ssl3                 -
            -tls1                 -
            -tls1.1               -
            -tls1.2               -
            -request              -
            -require              -
            -passwordcommand      -
            -verifycommand        -
            -infocommand          {lappend tlsArgs $key $val}
            default               {lappend newArgs $key $val}
        }
    }

    # Append default TLS options which may differ from the tls::import defaults
    if {![::xmpp::xml::isAttr $tlsArgs -ssl2]} {
        lappend tlsArgs -ssl2 0
    }
    if {![::xmpp::xml::isAttr $tlsArgs -ssl3]} {
        lappend tlsArgs -ssl3 0
    }
    if {![::xmpp::xml::isAttr $tlsArgs -tls1]} {
        lappend tlsArgs -tls1 1
    }
    if {![::xmpp::xml::isAttr $tlsArgs -tls1.1] && \
            ![catch ::tls::ciphers tls1.1]} {
        lappend tlsArgs -tls1.1 1
    }
    if {![::xmpp::xml::isAttr $tlsArgs -tls1.2] && \
            ![catch ::tls::ciphers tls1.2]} {
        lappend tlsArgs -tls1.2 1
    }

    if {![info exists cmd]} {
        # Synchronous mode
        set state(sock) [eval [list ::pconnect::socket $host $port] $newArgs]
        Configure $token $tlsArgs
    } else {
................................................................................
#       -cadir                  Options for ::tls::import procedure (see
#       -cafile                 tls package manual for details).
#       -certfile
#       -keyfile
#       -ssl2
#       -ssl3
#       -tls1
#       -tls1.1                 (supported for tls 1.6 and newer)
#       -tls1.2                 (supported for tls 1.6 and newer)
#       -request
#       -require
#
# Result:
#       Empty string.
#
# Side effects: