History Of Ticket 799aae4e72a7c137

Artifacts Associated With Ticket 799aae4e72a7c137

  1. Ticket change [ea605ef836] (rid 1490) by anonymous on 2019-12-13 10:13:19:

    1. foundin initialized to: ">1.7.3"
    2. icomment:
      The problem is more severe the older the http package is, but in its less critical form, it hangs when performing a post:
      
      ```
      package require tls
      
      package require http
      http::register https 443 tls::socket
      
      proc ::tls::log {level msg} {
          puts ">>>> $msg"
      }
      
      #set ::tls::debug 1
      
      tls::init -cafile /tmp/kk.ca -tls1 true -require 1 -request 1
      
      
      http::geturl https://self-signed.badssl.com -query a=b
      
      puts OK
      ```
      
      It shows:
      
      ```
      VerifyCallback 1
      VerifyCallback checking
      VerifyCallback null callback
      VerifyCallback returnning ok=0
      SSL channel "sock5": error: certificate verify failed
      
      <----- here it hangs
      ```
      
      If instead of performing a POST, we use GET, it does not hang:
      
      
      ```
      VerifyCallback 1
      VerifyCallback checking
      VerifyCallback null callback
      VerifyCallback returnning ok=0
      error flushing "sock5": connection reset by peer
          while executing
      "http::geturl https://self-signed.badssl.com"
          (file "check.tcl" line 18)
      ```
      
      But is just because in http module, the socket is flushed, and it fails:
      
      ```
        if {$isQuery || $isQueryChannel} {
            ...
            puts $sock ""
            fconfigure $sock -translation {auto binary}
            fileevent $sock writable [list http::Write $token]
        } else {
            puts $sock ""
            flush $sock
            fileevent $sock readable [list http::Event $sock $token]
        }
      ```
      
      On isQuery mode (POST), there is no flush to trigger an error so it hangs.
      
      I tracked the error to this commit: 
      
      https://core.tcl-lang.org/tcltls/info/7df7a8696e009447
      
      From that commit onwards, it always hangs.
      
    3. login: "anonymous"
    4. mimetype: "text/x-fossil-plain"
    5. private_contact initialized to: "fb5d142cbd03f75616e36710b2a166433622c00f"
    6. severity initialized to: "Severe"
    7. status initialized to: "Open"
    8. title initialized to: "http::geturl hangs if certificate verify failed"
    9. type initialized to: "Code Defect"
  2. Ticket change [543e5574bd] (rid 1583) by anonymous on 2022-08-28 21:56:25:

    1. icomment:
      I'm getting the same issue but with the ldap module when verify certificate option is enabled.
      
      Is there a workaround ? Disabling verify permanently is a security issue.
      
    2. login: "anonymous"
    3. mimetype: "text/plain"
    4. priority changed to: "Immediate"
    5. resolution changed to: "Open"