TclTLS 2.0

TclTLS 釋出了一個十分重要的重大更新版本，v2.0。下面是這次更新的內容：

• Replaced build system with a new TEA compliant build system for Unix and windows.
• Restructured repo and fixed missing TCL Config files.
• Added TCL 9.0 support.
• OpenSSL 3 compatibility updates.
• Added more certificate and connection status.
• Add missing TLS 1.3 functionality, cipher suites, SNI, ALPN, etc.
• Error handing improvements, more connect status via callbacks.
• Fixed OpenSSL 3.0 unexpected EOF issue.
• When -require 1 is used, will auto validate server certificate.
• Fixed IO test cases.
• Fixed many open tickets on sourceforge and core.tcl.tk sites.
• Use of the Windows system certificate store as a source of trusted root certificates on OpenSSL 3.2 and later.
• Replaced set DH build args and file with auto select.
• Replaced process of including tls.tcl file in shared library with cross-platform compatible methods.
• Disable TLS 1 and 1.1 by default.
• Use -require 1 as default, when certificates are available.

下面則是我的簡單測試程式。

#!/usr/bin/env tclsh
package require http
package require tls

set protocol "http/1.1"
http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -alpn [list [string tolower $protocol]]]

set tok {}
set url {https://duckduckgo.com/}

try {
    set tok [http::geturl $url -method GET -timeout 3000]
    puts "Status: [::http::ncode $tok]"
    puts "Status Text: [http::status $tok]"
    puts "Headers: [http::meta $tok]"
} on error {em} {
    puts "Error: $em"
} finally {
    # cleanup here
    if {[info exists tok]==1} {
        http::cleanup $tok
    }
}