Overview
| Comment: | Removed sending another error code after failed connection is detected. Also fixes test case tls-bug58-1.0. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk | main |
| Files: | files | file ages | folders |
| SHA3-256: |
2a3c49aad452a7771de60eeb60aaf3ba |
| User & Date: | bohagan on 2024-12-15 22:49:50 |
| Other Links: | branch diff | manifest | tags |
Context
|
2024-12-16
| ||
| 01:35 | Partial fix for test case tlsIO-9.1 to flush then wait for handshake to finish before close check-in: 6cad1c95a2 user: bohagan tags: trunk, main | |
|
2024-12-15
| ||
| 22:49 | Removed sending another error code after failed connection is detected. Also fixes test case tls-bug58-1.0. check-in: 2a3c49aad4 user: bohagan tags: trunk, main | |
|
2024-12-09
| ||
| 04:29 | Optimized make documentation on Windows check-in: 7e7d5ef01b user: bohagan tags: trunk, main | |
Changes
Modified generic/tlsIO.c
from [9ae11efaff]
to [57fa23a59c].
| ︙ | ︙ | |||
156 157 158 159 160 161 162 |
if (handshakeFailureIsPermanent) {
dprintf("Asked to wait for a TLS handshake that has already failed. Returning fatal error");
*errorCodePtr = ECONNABORTED;
} else {
dprintf("Asked to wait for a TLS handshake that has already failed. Returning soft error");
*errorCodePtr = ECONNRESET;
}
| < | 156 157 158 159 160 161 162 163 164 165 166 167 168 169 |
if (handshakeFailureIsPermanent) {
dprintf("Asked to wait for a TLS handshake that has already failed. Returning fatal error");
*errorCodePtr = ECONNABORTED;
} else {
dprintf("Asked to wait for a TLS handshake that has already failed. Returning soft error");
*errorCodePtr = ECONNRESET;
}
return -1;
}
for (;;) {
ERR_clear_error();
BIO_clear_retry_flags(statePtr->bio);
|
| ︙ | ︙ |
Modified tests/tlsIO.test
from [fe4b8588ad]
to [4ffff35682].
| ︙ | ︙ | |||
2035 2036 2037 2038 2039 2040 2041 |
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
| | | | | > > | 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 |
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
# Server - Only accept TLS 1.3
set s [tls::socket \
-certfile $serverCert -cafile $caCert -keyfile $serverKey -request 0 \
-require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 0 -tls1.3 1 \
-server Accept 8831]
# Client - Only propose TLS1.2
set c [tls::socket -async -cafile $caCert -request 0 -require 0 \
-ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 localhost 8831]
fconfigure $c -blocking 0
puts $c a ; flush $c
after 5000 [list set ::done timeout]
vwait ::done
switch -exact -- $::done {
"handshake failed: wrong ssl version" -
"handshake failed: unsupported protocol" {
set ::done "handshake failed: wrong version number"
}
}
catch {close $c}
catch {close $s}
set ::done
} {handshake failed: wrong version number}
# cleanup
if {[string match sock* $commandSocket] == 1} {
puts $commandSocket exit
flush $commandSocket
|
| ︙ | ︙ |