TclTLS
History Of Ticket 82560343da66fe8a
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Check-ins Status Timeline

Artifacts Associated With Ticket 82560343da66fe8a

  1. Ticket change [ba6c48b689] (rid 3982) by anonymous on 2025-07-08 20:28:20:

    1. foundin initialized to: "2.0b1"
    2. icomment: 
      Mananged to build tcltls with Tcl/Tk 9.0.2 on Windows using gcc 14.2.0:

1. Configured and compiled OpenSSL 3.5.1 with default settings.

2. Added ws2_32.lib and Crypt32.lib in configure.ac and regenerated configure.

    `if test "${TEA_PLATFORM}" = "windows" ; then
        if test "$GCC" = "yes"; then
            TEA_ADD_CFLAGS([${TCLTLS_SSL_CFLAGS} -Wno-deprecated-declarations])
            TEA_ADD_INCLUDES([${TCLTLS_SSL_INCLUDES}])
            TEA_ADD_LIBS([${TCLTLS_SSL_LIBS} ws2_32.lib Crypt32.lib])
        fi
    ...
`

3. Configured and compiled tcltls 2.0 using the following configure options:

    `--with-openssl-dir
    --enable-static-ssl
    --enable-hardening
`
4. Several tests failed. The results of the test-suite are contained in file tls.log.

   I also was not able to run the keytest tests:

    > tclsh keytest1.tcl
    Now run keytest2.tcl
    unable to set certificate file C:/Temp/certfile56986.TMP: ee key too small
        while executing
    "tls::import sock26f2630 -server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP"
        ("eval" body line 1)
        invoked from within
    "eval [list tls::import $chan] $iopts"
        (procedure "tls::_accept" line 4)
        invoked from within
    "tls::_accept {-server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP} myserv sock26f2630 127.0.0.1 63081"

    > tclsh keytest2.tcl
    error flushing "sock344b4c0": software caused connection abort
        while executing
    "flush $s"
        (file "keytest2.tcl" line 8)
    3. login: "anonymous"
    4. mimetype: "text/x-markdown"
    5. severity initialized to: "Important"
    6. status initialized to: "Open"
    7. title initialized to: "Test-suite errors on Windows"
    8. type initialized to: "Code Defect"

  2. Ticket change [1d3be743ba] (rid 3983) by anonymous on 2025-07-08 20:32:37:

    1. icomment: 
      Did not find a way to attach a file, so here is the content of tls.log:

Tests running in interp:  c:/opt/Tcl/bin/tclsh.exe
Tests located in:  D:/tmp/openssl/tcltls-2.0.0/tests
Tests running in:  D:/tmp/openssl/tcltls-2.0.0/tests
Temporary files stored in D:/tmp/openssl/tcltls-2.0.0/tests
Test files run in separate interpreters
Running tests that match:  *
Skipping test files that match:  l.*.test
Only running test files that match:  *.test
Tests began at Tue Jul 08 21:23:42 CEST 2025
badssl.test


==== BadSSL-1.47 sha1-2016 FAILED
==== Contents of test case:

	badssl sha1-2016.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.47 FAILED



==== BadSSL-1.50 sha1-intermediate FAILED
==== Contents of test case:

	badssl sha1-intermediate.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.50 FAILED

ciphers.test


==== Ciphers_Protocol_Specific-4.3 TLS1.0 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.3 FAILED



==== Ciphers_Protocol_Specific-4.4 TLS1.1 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.4 FAILED



==== Ciphers_Protocol_Specific-4.6 TLS1.3 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.6 FAILED



Note, that I could not get test tlsIO.test running:

I started the server in one command shell:
> tclsh remote.tcl -port 8048 -address paulslegion

Then started test tlsIO.test in another window, which issued the following error message:
(Set env. variables: remoteServerIP=paulslegion remoteServerPort=8048)

> tclsh tlsIO.test
remote server disappeared: error writing "sock00000249F28A7630": software caused connection abort
    while executing
"error "remote server disappeared: $msg""
    (procedure "sendCommand" line 9)
    invoked from within
"sendCommand [list proc dputs [info args dputs] [info body dputs]]"
    invoked from within
"if {$doTestsWithRemoteServer == 1} {
    proc sendCommand {c} {
        global commandSocket

        if {[eof $commandSocket]} {
            error "remote server disappea..."
    (file "tlsIO.test" line 205)

The following error message was issued on the server side:

handshake failed: tlsv1 alert unknown ca
    while executing
"tls::handshake $s"
    (procedure "__accept__" line 7)
    invoked from within
"__accept__ sock000002A244A3BC00 fe80::b77b:6f81:4359:a9c6%12 64811"
    ("uplevel" body line 1)
    invoked from within
"uplevel #0 $callback"
    (procedure "tls::_accept" line 8)
    invoked from within
"tls::_accept {-server 1 -cafile ./certs/cacert.pem -certfile ./certs/server.pem -keyfile ./certs/server.key} __accept__ sock000002A244A3BC00 fe80::b77..."
    2. login: "anonymous"
    3. mimetype: "text/plain"
    4. priority changed to: "Immediate"
    5. resolution changed to: "Open"

  3. Ticket change [a39a84d666] (rid 3984) by anonymous on 2025-07-08 20:42:51:

    1. icomment: 
      Thanks, Paul, great that you tried it!
File attach is disabled for anonymous.
You may create a login or magic-Schelte may change the fossil settings.

Sorry,
Harald
    2. login: "anonymous"
    3. mimetype: "text/x-markdown"
    4. username: "oehhar"
Powered by Fossil · RSS