History Of Ticket 82560343da66fe8a

Artifacts Associated With Ticket 82560343da66fe8a

  1. Ticket change [ba6c48b689] (rid 3982) by anonymous on 2025-07-08 20:28:20:

    1. foundin initialized to: "2.0b1"
    2. icomment:
      Mananged to build tcltls with Tcl/Tk 9.0.2 on Windows using gcc 14.2.0:
      
      1. Configured and compiled OpenSSL 3.5.1 with default settings.
      
      2. Added ws2_32.lib and Crypt32.lib in configure.ac and regenerated configure.
      
          `if test "${TEA_PLATFORM}" = "windows" ; then
              if test "$GCC" = "yes"; then
                  TEA_ADD_CFLAGS([${TCLTLS_SSL_CFLAGS} -Wno-deprecated-declarations])
                  TEA_ADD_INCLUDES([${TCLTLS_SSL_INCLUDES}])
                  TEA_ADD_LIBS([${TCLTLS_SSL_LIBS} ws2_32.lib Crypt32.lib])
              fi
          ...
      `
      
      3. Configured and compiled tcltls 2.0 using the following configure options:
      
          `--with-openssl-dir
          --enable-static-ssl
          --enable-hardening
      `
      4. Several tests failed. The results of the test-suite are contained in file tls.log.
      
         I also was not able to run the keytest tests:
      
          > tclsh keytest1.tcl
          Now run keytest2.tcl
          unable to set certificate file C:/Temp/certfile56986.TMP: ee key too small
              while executing
          "tls::import sock26f2630 -server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP"
              ("eval" body line 1)
              invoked from within
          "eval [list tls::import $chan] $iopts"
              (procedure "tls::_accept" line 4)
              invoked from within
          "tls::_accept {-server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP} myserv sock26f2630 127.0.0.1 63081"
      
          > tclsh keytest2.tcl
          error flushing "sock344b4c0": software caused connection abort
              while executing
          "flush $s"
              (file "keytest2.tcl" line 8)
      
    3. login: "anonymous"
    4. mimetype: "text/x-markdown"
    5. severity initialized to: "Important"
    6. status initialized to: "Open"
    7. title initialized to: "Test-suite errors on Windows"
    8. type initialized to: "Code Defect"
  2. Ticket change [1d3be743ba] (rid 3983) by anonymous on 2025-07-08 20:32:37:

    1. icomment:
      Did not find a way to attach a file, so here is the content of tls.log:
      
      Tests running in interp:  c:/opt/Tcl/bin/tclsh.exe
      Tests located in:  D:/tmp/openssl/tcltls-2.0.0/tests
      Tests running in:  D:/tmp/openssl/tcltls-2.0.0/tests
      Temporary files stored in D:/tmp/openssl/tcltls-2.0.0/tests
      Test files run in separate interpreters
      Running tests that match:  *
      Skipping test files that match:  l.*.test
      Only running test files that match:  *.test
      Tests began at Tue Jul 08 21:23:42 CEST 2025
      badssl.test
      
      
      ==== BadSSL-1.47 sha1-2016 FAILED
      ==== Contents of test case:
      
      	badssl sha1-2016.badssl.com
          
      ---- Result was:
      handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
      ---- Result should have been (exact matching):
      handshake failed: certificate verify failed due to "unable to get local issuer certificate"
      ==== BadSSL-1.47 FAILED
      
      
      
      ==== BadSSL-1.50 sha1-intermediate FAILED
      ==== Contents of test case:
      
      	badssl sha1-intermediate.badssl.com
          
      ---- Result was:
      handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
      ---- Result should have been (exact matching):
      handshake failed: certificate verify failed due to "unable to get local issuer certificate"
      ==== BadSSL-1.50 FAILED
      
      ciphers.test
      
      
      ==== Ciphers_Protocol_Specific-4.3 TLS1.0 FAILED
      ==== Contents of test case:
      
      	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
          
      ---- Result was:
      missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
      ---- Result should have been (exact matching):
      missing {} unexpected {}
      ==== Ciphers_Protocol_Specific-4.3 FAILED
      
      
      
      ==== Ciphers_Protocol_Specific-4.4 TLS1.1 FAILED
      ==== Contents of test case:
      
      	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
          
      ---- Result was:
      missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
      ---- Result should have been (exact matching):
      missing {} unexpected {}
      ==== Ciphers_Protocol_Specific-4.4 FAILED
      
      
      
      ==== Ciphers_Protocol_Specific-4.6 TLS1.3 FAILED
      ==== Contents of test case:
      
      	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
          
      ---- Result was:
      missing {} unexpected {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA}
      ---- Result should have been (exact matching):
      missing {} unexpected {}
      ==== Ciphers_Protocol_Specific-4.6 FAILED
      
      
      
      Note, that I could not get test tlsIO.test running:
      
      I started the server in one command shell:
      > tclsh remote.tcl -port 8048 -address paulslegion
      
      Then started test tlsIO.test in another window, which issued the following error message:
      (Set env. variables: remoteServerIP=paulslegion remoteServerPort=8048)
      
      > tclsh tlsIO.test
      remote server disappeared: error writing "sock00000249F28A7630": software caused connection abort
          while executing
      "error "remote server disappeared: $msg""
          (procedure "sendCommand" line 9)
          invoked from within
      "sendCommand [list proc dputs [info args dputs] [info body dputs]]"
          invoked from within
      "if {$doTestsWithRemoteServer == 1} {
          proc sendCommand {c} {
              global commandSocket
      
              if {[eof $commandSocket]} {
                  error "remote server disappea..."
          (file "tlsIO.test" line 205)
      
      The following error message was issued on the server side:
      
      handshake failed: tlsv1 alert unknown ca
          while executing
      "tls::handshake $s"
          (procedure "__accept__" line 7)
          invoked from within
      "__accept__ sock000002A244A3BC00 fe80::b77b:6f81:4359:a9c6%12 64811"
          ("uplevel" body line 1)
          invoked from within
      "uplevel #0 $callback"
          (procedure "tls::_accept" line 8)
          invoked from within
      "tls::_accept {-server 1 -cafile ./certs/cacert.pem -certfile ./certs/server.pem -keyfile ./certs/server.key} __accept__ sock000002A244A3BC00 fe80::b77..."
      
    2. login: "anonymous"
    3. mimetype: "text/plain"
    4. priority changed to: "Immediate"
    5. resolution changed to: "Open"
  3. Ticket change [a39a84d666] (rid 3984) by anonymous on 2025-07-08 20:42:51:

    1. icomment:
      Thanks, Paul, great that you tried it!
      File attach is disabled for anonymous.
      You may create a login or magic-Schelte may change the fossil settings.
      
      Sorry,
      Harald
      
    2. login: "anonymous"
    3. mimetype: "text/x-markdown"
    4. username: "oehhar"