<i>Control TLS socket server errors</i> status still Open with 5 other changes
by
.
D 2021-03-02T05:34:06.459
J icomment This\swas\sdiscussed\son\sthe\schat\syesterday.\s\sErrors\sin\snegotiation\scan\sbe\sreceived\s\r\nby\s[tls::handshake],\sbut\sa\sbgerror\sis\sstill\sproduced.\s\sThis\sshort\sexample\s\r\ndemonstrates:\r\n\r\npackage\srequire\stls\r\n\r\ntls::init\s-cadir\s/etc/ssl/certs\s-require\strue\s-ssl2\s0\s-ssl3\s0\s-tls1\s0\s-tls1.1\s0\r\n\r\nproc\sbgerror\s{err}\s{\r\n\s\s\s\sputs\s"bgerror:\s$err"\r\n}\r\n\r\nproc\sdo_connect\s{}\s{\r\n\s\s\s\sset\schan\s[tls::socket\sirc.choopa.net\s9999]\r\n\r\n\s\s\s\s#\sensure\shandshake\scompletes\r\n\s\s\s\stry\s{\r\n\s\s\s\s\s\s\s\swhile\s{![tls::handshake\s$chan]}\s{puts\shandshake}\r\n\s\s\s\s}\son\serror\s{err\sopts}\s{\r\n\s\s\s\s\s\s\s\sputs\s"handshake\serror:\s$err"\r\n\s\s\s\s\s\s\s\sreturn\sfalse\r\n\s\s\s\s}\r\n\r\n\s\s\s\sreturn\strue\r\n}\r\n\r\ndo_connect\r\nputs\s"synchronous\scode\sdone"\r\nupdate\r\n\r\nOutput:\r\n\r\nhandshake\serror:\shandshake\sfailed:\scertificate\sverify\sfailed\r\nsynchronous\scode\sdone\r\nbgerror:\sSSL\schannel\s"sock556449741e30":\serror:\scertificate\sverify\sfailed\r\n\r\nNote\sthat\swithout\sthe\scall\sto\stls::handshake,\sthe\ssame\serror\swill\sbe\sproduced\s\r\non\sfirst\sattempt\sto\sread\sor\swrite\sthe\ssocket.\r\n\r\nThere\sare\scalls\sto\sTcl_BackgroundError()\sin\sboth\sTls_Error()\sand\r\nVerifyCallback().\s\sThe\sTls_Error()\sinvocations\sall\scome\sthrough\sstacked\schannel\s\r\nmachinery,\sso\sit\s*may*\sbe\spossible\sto\sinstead\spass\sthe\serror\sback\sto\sTcl.\s\sNote\s\r\nthe\stwapi\sticket\ssays\sthis\sisn't\san\soption\sthere,\sbut\srefers\sto\sreflected\s\r\nchannels.\s\sI'm\snot\ssure\sif\stranschans\swill\spropagate\serrors\sfrom\scallbacks\r\nVerifyCallback()\sis\scalled\sby\sopenssl\sso\sprobably\snot\sso\ssimple.\r\n\r\nIf\sextra\splumbing\sis\sneeded,\sone\ssuggestion\swas\sto\suse\sa\shash\stable\skeyed\sby\s\r\nthe\schannel\sID\sto\smark\sthe\spresence\sof\sa\ssynchronous\soperation\sthat\scan\sreturn\s\r\nthe\serror.\s\sThis\smay\sneed\smutex\sprotection.\r\n\r\nAnother\squestion\swhen\slooking\sat\sthe\scode:\s\sit\sseems\slike\stcltls\srequires/assumes\s\r\nthat\sthe\stls\schannel\sis\sthe\stop\sof\sa\schannel\sstack.\s\sI'm\snot\ssure\sthis\sis\s\r\ncorrect,\ssince\sit\smight\smake\ssense\sto\spush\sanother\stransform\son\stop\sof\stls.\s\sIt\s\r\nmay\sbe\sworth\sinvestigating\sthis.
J login aspect
J mimetype text/x-fossil-plain
J priority Immediate
J resolution Open
K 2c7b7487966f65976f46c44fe7c4b5aafd93d9ae
U aspect
Z ae5f059c6eaa454eb54d9c5f49a364c1