HTTPS stands for HyperText Transfer Protocol Secure (Securely?) ---- The [http] package also can do secure HTTP (HTTPS) with the help of the [tls] package, as [Michael A. Cleverly]'s example from the http manual illustrates: package require http package require tls http::register https 443 ::tls::socket set token [http::geturl https://my.secure.site/] Also see [Matt Newman]'s example [http://www.sensus.org/tcl/tls.htm#HTTPS%20EXAMPLE]. [[Someone help fix up that URL?]] ---- [[But none of this stuff knows how to tunnel proxies, as of December 2001.]] [[But maybe [TclCurl] helps?]] ---- [Erik Leunissen], [Pat Thoyts], and David Bleicher dive deeply into HTTP 1.0 vs. 1.1, persistent connections, [certificate]s, ... in a revealing thread [http://groups.google.com/groups?hl=en&frame=right&th=d5caca40bac5a72f] on comp.lang.tcl. ---- [Dave Griffin]'s proposal for tunnel proxies: Add this about 90 lines into http::geturl: : : set state(url) $url if {![catch {$http(-proxyfilter) $host} proxy]} { set phost [lindex $proxy 0] set pport [lindex $proxy 1] } # If a timeout is specified we set up the after event # and arrange for an asynchronous socket connection. if {$state(-timeout) > 0} { set state(after) [after $state(-timeout) \ [list http::reset $token timeout]] set async -async } else { set async "" } # If we are using the proxy, we must pass in the full URL that # includes the server name. if {[info exists phost] && [string length $phost]} { # # Use SSL tunneling for https proxy # if {$proto == "https"} { # No async connection yet... set conStat [catch {socket $phost $pport} s] if {$conStat} { # something went wrong while trying to establish the connection # Clean up after events and such, but DON'T call the command callback # (if available) because we're going to throw an exception from here # instead. Finish $token "" 1 cleanup $token return -code error $s } fconfigure $s -translation {auto crlf} -buffersize $state(-blocksize) puts $s "CONNECT $host:$port HTTP/1.0" puts $s "User-Agent: $http(-useragent)" puts $s "" flush $s set proxyOK 0 # # This is incredibly lame, but we're hoping for success and # will at least throw an error if there is a problem -- the details # of which will be haphazard at best. # # Read back the proxy server's response and single-mindedly # hunt for the connection ok status line -- ignoring everything else. # while {[gets $s proxyLine] > 0} { if {[regexp {^HTTP/.* 200 } $proxyLine]} { set proxyOK 1 } } # # If we could not detect a good connection, raise an error. # if {!$proxyOK} { close $s Finish $token "" 1 cleanup $token return -code error "Unable to connect via proxy: $proxyLine" } # We've got a good proxy connection. # Switch the socket over to SSL for further communication. # # We're going to assume much about TLS right now. For example, # the normal protocol registration would consist of the ::tls::socket # command and all of its options. We're going to grab any of those # options and apply them to the ::tls::import command and hope for the # best. The idea here is to no worse than the non-proxied SSL support. # set conStat [catch {eval ::tls::import [lrange $defcmd 1 end] $s} s] if {$conStat} { # something went wrong while trying to establish the SSL protocol # Clean up after events and such, but DON'T call the command callback # (if available) because we're going to throw an exception from here # instead. Finish $token "" 1 cleanup $token return -code error "Unable to establish SSL connection: $s" } } else { set srvurl $url set conStat [catch {eval $defcmd $async {$phost $pport}} s] } } else { set conStat [catch {eval $defcmd $async {$host $port}} s] } if {$conStat} { # something went wrong while trying to establish the connection # Clean up after events and such, but DON'T call the command callback # (if available) because we're going to throw an exception from here # instead. Finish $token "" 1 cleanup $token return -code error $s } set state(sock) $s : : We're testing this out now. If it holds together (and nobody has any other suggestions on how to do the error handling better) I'll see if the Tcl Core group would like it. ---- [Category Internet]