wm withdraw .; wm withdraw .output;
#kons_font 15;

#lappend auto_path ~/tcl/tls1.4; package re tls
  #% 1.4
lappend auto_path ~/tcl/tls1.5; package re tls
  #% 1.50

## serwer
# + wykonac . e_tls przed uruchomieniem konsoli!
#

proc haslo {} {return "qwerty"}; # haslo do klucza pryw serwera

tls::socket -server obsluga -password haslo \
  -keyfile privkey.pem -certfile cert.pem \
  10000
    # "-keyfile" klucz pryw serwera
    # "-certfile" cert serwera (zawiera klucz pub serwera)

proc obsluga {s args} {
  puts "obsluga: $s sie podlaczyl"
  tls::handshake $s
  puts "obsluga: $s sie podlaczyl 2"
  fileevent $s readable "obslugaKli $s"
}
proc obslugaKli s {
  if {[eof $s]} { puts "obslugaKli: $s close"; close $s; return }
  set linia [gets $s]
  puts "obslugaKli: od $s: $linia"
}                                    

file chan sock*
  #% sock5

tls::status sock6
  #% sbits 256 cipher DHE-RSA-AES256-SHA
tls::status -local sock6
  #% sha1_hash 0000000000000000000000000000000000000000 subject {/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=serwer} issuer {/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=autorytet} notBefore {Mar  6 19:53:53 2014 GMT} notAfter {Mar  6 19:53:53 2015 GMT} serial 1 sbits 256 cipher DHE-RSA-AES256-SHA