Overview
| Artifact ID: | ea605ef8362e583f59fac2bc665e75aaceb0578841e54f99133dc29b4216b71e |
|---|---|
| Ticket: | 799aae4e72a7c137979ba791698b79d610ad5119
http::geturl hangs if certificate verify failed |
| User & Date: | anonymous on 2019-12-13 10:13:19 |
Changes
- foundin changed to: ">1.7.3"
- icomment:
The problem is more severe the older the http package is, but in its less critical form, it hangs when performing a post: ``` package require tls package require http http::register https 443 tls::socket proc ::tls::log {level msg} { puts ">>>> $msg" } #set ::tls::debug 1 tls::init -cafile /tmp/kk.ca -tls1 true -require 1 -request 1 http::geturl https://self-signed.badssl.com -query a=b puts OK ``` It shows: ``` VerifyCallback 1 VerifyCallback checking VerifyCallback null callback VerifyCallback returnning ok=0 SSL channel "sock5": error: certificate verify failed <----- here it hangs ``` If instead of performing a POST, we use GET, it does not hang: ``` VerifyCallback 1 VerifyCallback checking VerifyCallback null callback VerifyCallback returnning ok=0 error flushing "sock5": connection reset by peer while executing "http::geturl https://self-signed.badssl.com" (file "check.tcl" line 18) ``` But is just because in http module, the socket is flushed, and it fails: ``` if {$isQuery || $isQueryChannel} { ... puts $sock "" fconfigure $sock -translation {auto binary} fileevent $sock writable [list http::Write $token] } else { puts $sock "" flush $sock fileevent $sock readable [list http::Event $sock $token] } ``` On isQuery mode (POST), there is no flush to trigger an error so it hangs. I tracked the error to this commit: https://core.tcl-lang.org/tcltls/info/7df7a8696e009447 From that commit onwards, it always hangs. - login: "anonymous"
- mimetype: "text/x-fossil-plain"
- private_contact changed to: "fb5d142cbd03f75616e36710b2a166433622c00f"
- severity changed to: "Severe"
- status changed to: "Open"
- title changed to: "http::geturl hangs if certificate verify failed"
- type changed to: "Code Defect"