[Tkabber-dev] [tclxmpp] r170 committed - * xmpp/bosh.tcl, xmpp/poll.tcl, xmpp/starttls.tcl, xmpp/tls.tcl:...

tclxmpp at googlecode.com tclxmpp at googlecode.com
Mon Dec 23 10:50:35 MSK 2013


Revision: 170
Author:   sgolovan
Date:     Mon Dec 23 06:50:14 2013 UTC
Log:      	* xmpp/bosh.tcl, xmpp/poll.tcl, xmpp/starttls.tcl, xmpp/tls.tcl:
	  Explicitly disabled SSLv2 and enabled TLSv1 protocols.

http://code.google.com/p/tclxmpp/source/detail?r=170

Modified:
  /trunk/ChangeLog
  /trunk/xmpp/bosh.tcl
  /trunk/xmpp/poll.tcl
  /trunk/xmpp/starttls.tcl
  /trunk/xmpp/tls.tcl

=======================================
--- /trunk/ChangeLog	Wed Dec  4 05:47:11 2013 UTC
+++ /trunk/ChangeLog	Mon Dec 23 06:50:14 2013 UTC
@@ -1,3 +1,8 @@
+2013-12-23  Sergei Golovan  <sgolovan at nes.ru>
+
+	* xmpp/bosh.tcl, xmpp/poll.tcl, xmpp/starttls.tcl, xmpp/tls.tcl:
+	  Explicitly disabled SSLv2 and enabled TLSv1 protocols.
+
  2013-12-04  Sergei Golovan  <sgolovan at nes.ru>

  	* xmpp/bosh.tcl: Reduced empty packets polling frequency. Fixed
=======================================
--- /trunk/xmpp/bosh.tcl	Wed Dec  4 05:47:11 2013 UTC
+++ /trunk/xmpp/bosh.tcl	Mon Dec 23 06:50:14 2013 UTC
@@ -36,7 +36,7 @@
              -closestreamcommand  [namespace code closeStream]

      if {![catch { package require tls 1.4 }]} {
-        ::http::register https 443 ::tls::socket
+        ::http::register https 443 [namespace code sock]
      }

      # Supported BOSH version
@@ -50,6 +50,25 @@
      # Set this to 1 or 2 to get debug messages on standard output
      variable debug 0
  }
+
+# ::xmpp::transport::bosh::sock --
+#
+#       Wrapper over the tls::socket command which provides sane defaults.
+#
+# Arguments:
+#       options         Options for tls::socket
+#       host            Host to connect to.
+#       port            Port to connect to.
+#
+# Result:
+#       A channel with performed TLS handshake.
+#
+# Side effects:
+#       A new socket is created.
+
+proc ::xmpp::transport::bosh::sock {args} {
+    eval [linsert $args 0 ::tls::socket -ssl2 0 -tls1 1]
+}

  # ::xmpp::transport::bosh::open --
  #
=======================================
--- /trunk/xmpp/poll.tcl	Tue Dec  3 11:10:12 2013 UTC
+++ /trunk/xmpp/poll.tcl	Mon Dec 23 06:50:14 2013 UTC
@@ -35,11 +35,30 @@
              -closestreamcommand  [namespace code closeStream]

      if {![catch { package require tls 1.4 }]} {
-        ::http::register https 443 ::tls::socket
+        ::http::register https 443 [namespace code sock]
      }

      variable debug 0
  }
+
+# ::xmpp::transport::poll::sock --
+#
+#       Wrapper over the tls::socket command which provides sane defaults.
+#
+# Arguments:
+#       options         Options for tls::socket
+#       host            Host to connect to.
+#       port            Port to connect to.
+#
+# Result:
+#       A channel with performed TLS handshake.
+#
+# Side effects:
+#       A new socket is created.
+
+proc ::xmpp::transport::poll::sock {args} {
+    eval [linsert $args 0 ::tls::socket -ssl2 0 -tls1 1]
+}

  # ::xmpp::transport::poll::open --
  #
=======================================
--- /trunk/xmpp/starttls.tcl	Mon Jan 25 17:14:37 2010 UTC
+++ /trunk/xmpp/starttls.tcl	Mon Dec 23 06:50:14 2013 UTC
@@ -112,6 +112,14 @@
              }
          }
      }
+
+    # Append default TLS options which differ from the tls::import defaults
+    if {![::xmpp::xml::isAttr $state(tlsArgs) -ssl2]} {
+        lappend state(tlsArgs) -ssl2 0
+    }
+    if {![::xmpp::xml::isAttr $state(tlsArgs) -tls1]} {
+        lappend state(tlsArgs) -tls1 1
+    }

      ::xmpp::RegisterElement $xlib * urn:ietf:params:xml:ns:xmpp-tls \
                              [namespace code [list Parse $token]]
=======================================
--- /trunk/xmpp/tls.tcl	Tue Dec  3 11:10:12 2013 UTC
+++ /trunk/xmpp/tls.tcl	Mon Dec 23 06:50:14 2013 UTC
@@ -141,6 +141,14 @@
              default               {lappend newArgs $key $val}
          }
      }
+
+    # Append default TLS options which differ from the tls::import defaults
+    if {![::xmpp::xml::isAttr $tlsArgs -ssl2]} {
+        lappend tlsArgs -ssl2 0
+    }
+    if {![::xmpp::xml::isAttr $tlsArgs -tls1]} {
+        lappend tlsArgs -tls1 1
+    }

      if {![info exists cmd]} {
          # Synchronous mode


More information about the Tkabber-dev mailing list