TclTLS 釋出了一個十分重要的重大更新版本,v2.0。下面是這次更新的內容:
- Replaced build system with a new TEA compliant build system for Unix and windows.
- Restructured repo and fixed missing TCL Config files.
- Added TCL 9.0 support.
- OpenSSL 3 compatibility updates.
- Added more certificate and connection status.
- Add missing TLS 1.3 functionality, cipher suites, SNI, ALPN, etc.
- Error handing improvements, more connect status via callbacks.
- Fixed OpenSSL 3.0 unexpected EOF issue.
- When -require 1 is used, will auto validate server certificate.
- Fixed IO test cases.
- Fixed many open tickets on sourceforge and core.tcl.tk sites.
- Use of the Windows system certificate store as a source of trusted root certificates on OpenSSL 3.2 and later.
- Replaced set DH build args and file with auto select.
- Replaced process of including tls.tcl file in shared library with cross-platform compatible methods.
- Disable TLS 1 and 1.1 by default.
- Use -require 1 as default, when certificates are available.
下面則是我的簡單測試程式。
#!/usr/bin/env tclsh
package require http
package require tls
set protocol "http/1.1"
http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -alpn [list [string tolower $protocol]]]
set tok {}
set url {https://duckduckgo.com/}
try {
set tok [http::geturl $url -method GET -timeout 3000]
puts "Status: [::http::ncode $tok]"
puts "Status Text: [http::status $tok]"
puts "Headers: [http::meta $tok]"
} on error {em} {
puts "Error: $em"
} finally {
# cleanup here
if {[info exists tok]==1} {
http::cleanup $tok
}
}
