SSLtcl README Peter Antman SSLtcl is a free loadable module for tcl that extends the socket command with SSL (SECURE SOCKET LAYER) functions. That is, it makes it possible for tcl applications to communicate securely over the Internet. SSLtcl is actually a thin wrapper around Eric Young's free SSL implementation SSLeay, that contain all cryptographic libraries insecurely to do secure SSL outside the USA. SSL is a protocol invented by Netscape to do secure transactions over the web. It implements both protocols to know who you are talking to and protocols to hide your precious data. SSLeay is a free implementation of SSL done in Australia. It contains all the cryptographic feature that is not allowed to be exported outside USA by USA companies. It, for example, contain RC4 128 bit and triple-des (168 bit). To read more about SSL and SSLeay see the SSLeay FAQ, http://www.psy.uq.oz.au/~ftp/Crypto SSLtcl is a loadable module for tcl that makes it possible to use SSL inside tcl. It actually provides a extended socket command with which you can create a client and a server that can communicate with the SSL protocol, that is securely communicate over the Internet. It is - I think - the easiest way there is to day to incorporate SSL in to your programs. SSLtcl can be found at ftp://ftp.mc.hik.se/pub/users/mia95anp/ssl/SSLtcl-0.42.tar.gz http://www.abc.se/~m9339/prog/ssl/SSLtcl-0.42.tar.gz It has also been uploaded to sunsite.unc.edu/incoming/Linux www.neosoft.com/tcl A dynamically linked rpm-version will also bee done in the near future and be uploaded to ftp.redhat.com The official homepage for SSLtcl is http://www.abc.se/~m9339/prog/ssl/ To install SSLtcl you should read the Installation instruction either in this manual or in the file INSTALL. Howto use it is described in the manual pages ssltcl(n). There is also a demo directory with some example scripts that uses SSLtcl.so. Read the section in this manual about the demo scripts or the README in the demo directory. For your convenience a have included a demo CA and a demo certificate where the passphrase for the keys is removed. They are located in the demo/demoCA directory and is used by the demo scripts. In this manual there is also a section which briefly describes how to handle and generate your own certificates. If this information is not enough reed the SSLeay FAQ. 2. Bugs 0.42 is the first public release of SSLtcl. I have tried to test is as hard as possible, but it will probably contain bugs. Please send bug reports or other comments to: peter.antman@abc.se There is one feature that I am not to happy about. It is described in the manual page. I hope to have the time to extend SSLtcl with further commands in the future. Especially I would like to have a tcl procedure callback for the password and for client verification. I nice way of storing the certificates would also be nice. 3. Copyright SSLtcl is copyrighted by Peter Antman, and licenced under GNU/GPL. This means that it is free fore use and further development but that any changes has to be made public. SSLtcl does not contain code only written by me. In the spirit of free software development a have reused code, which means that SSLtcl contains code, codefragments or hard to decide inspired by other code This code is copyrighted under other conditions than GNU/GPL SSLtcl contains codes from: tcl8.0 core This software is copyrighted by the Regents of the Univer- sity of California, Sun Microsystems, Inc., and other par- ties. The following terms apply to all files associated with the software unless explicitly disclaimed in individual files. tclSSL Copyright (c) 1995-1997 Tony Bringardner SSLeay Copyright (C) 1997 Eric Young (eay@cryptsoft.com) All rights reserved apache-ssl Copyright (c) 1995 Ben Laurie. All rights reserved. All of this code are copyrighted under somewhat more liberal rules. That is. It is possible to make changes to the code and incorporate them in to a product without releasing the new source code. This is not possible under GNU/GPL - and that is its intention. To do this with SSLtcl you would have to remove all codes written by me, and that would eventually mean that SSLtcl would stop working. That is. You are free to use and modify SSLtcl as long as my and all other copyright holders are not removed and as long as the sourcecode is made freely available. In my interpretation this makes it possible to use the vanilla SSLtcl in a commercial product without being forced to release source code for that product, except for SSLtcl, which - if vanilla - already is freely available.