The following short example from [miguel] demonstrates the use of [TWAPI] for communicating over SSL/TLS on Windows. ====== # # Create [ssocket], an ssl-enabled clone of the [socket] command # # The credentials should be in cert.pfx in the same folder as this script, the # file cert.pwd should contain the password. # # At the bottom of the file we create an echo-server using ssocket. # apply [list {} { set base [file normalize [file dir [info script]]] set fbase [file join $base cert] set ::auto_path [linsert $::auto_path 0 [file join $base twapi-bin]] if {![catch {puts "twapi [package require twapi_crypto]"}] \ && [file exists $fbase.pfx]} { # adapted from tls_init_echo_server_creds # http://sourceforge.net/p/twapi/code/ci/default/tree/twapi/tests/tlsecho.tcl set init_creds [list fbase { set f [open $fbase.pfx rb] set pfx [read $f] close $f set f [open $fbase.pwd r] set pwd [gets $f] close $f # Set up the store containing the certificates set certStore [cert_temporary_store -pfx $pfx \ -password [conceal $pwd]] # Set up the client and server credentials # Note: the substring should identify your certified url set serverCert [cert_store_find_certificate $certStore \ subject_substring hunter] set creds [sspi_schannel_credentials \ -certificates [list $serverCert] \ -protocols [list ssl3 tls1.1 tls1.2]] set creds [sspi_acquire_credentials \ -credentials $creds \ -package unisp -role server] cert_release $serverCert cert_store_release $certStore return $creds } ::twapi] interp alias {} ssocket {} ::twapi::tls_socket \ -credentials [::apply $init_creds $fbase] } else { return -code error "NO TLS" } }] ################## ## The echo server ################## # An echo server - just to test the tls connection proc answer {chan h p} { if {[set request [gets $chan]] eq {}} return puts $chan "Received request: '$request'" close $chan } set port 1234 ssocket -server answer $port vwait forever ====== <> Cryptography | Internet | Security | Channel