Artifacts Associated With Ticket 82560343da66fe8a8914bda22c4575bdf00d4f30
Ticket change [ba6c48b689] (rid 3982) by anonymous on 2025-07-08 20:28:20:
- foundin initialized to: "2.0b1"
- icomment:
Mananged to build tcltls with Tcl/Tk 9.0.2 on Windows using gcc 14.2.0: 1. Configured and compiled OpenSSL 3.5.1 with default settings. 2. Added ws2_32.lib and Crypt32.lib in configure.ac and regenerated configure. `if test "${TEA_PLATFORM}" = "windows" ; then if test "$GCC" = "yes"; then TEA_ADD_CFLAGS([${TCLTLS_SSL_CFLAGS} -Wno-deprecated-declarations]) TEA_ADD_INCLUDES([${TCLTLS_SSL_INCLUDES}]) TEA_ADD_LIBS([${TCLTLS_SSL_LIBS} ws2_32.lib Crypt32.lib]) fi ... ` 3. Configured and compiled tcltls 2.0 using the following configure options: `--with-openssl-dir --enable-static-ssl --enable-hardening ` 4. Several tests failed. The results of the test-suite are contained in file tls.log. I also was not able to run the keytest tests: > tclsh keytest1.tcl Now run keytest2.tcl unable to set certificate file C:/Temp/certfile56986.TMP: ee key too small while executing "tls::import sock26f2630 -server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP" ("eval" body line 1) invoked from within "eval [list tls::import $chan] $iopts" (procedure "tls::_accept" line 4) invoked from within "tls::_accept {-server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP} myserv sock26f2630 127.0.0.1 63081" > tclsh keytest2.tcl error flushing "sock344b4c0": software caused connection abort while executing "flush $s" (file "keytest2.tcl" line 8)
- login: "anonymous"
- mimetype: "text/x-markdown"
- severity initialized to: "Important"
- status initialized to: "Open"
- title initialized to: "Test-suite errors on Windows"
- type initialized to: "Code Defect"
Ticket change [1d3be743ba] (rid 3983) by anonymous on 2025-07-08 20:32:37:
- icomment:
Did not find a way to attach a file, so here is the content of tls.log: Tests running in interp: c:/opt/Tcl/bin/tclsh.exe Tests located in: D:/tmp/openssl/tcltls-2.0.0/tests Tests running in: D:/tmp/openssl/tcltls-2.0.0/tests Temporary files stored in D:/tmp/openssl/tcltls-2.0.0/tests Test files run in separate interpreters Running tests that match: * Skipping test files that match: l.*.test Only running test files that match: *.test Tests began at Tue Jul 08 21:23:42 CEST 2025 badssl.test ==== BadSSL-1.47 sha1-2016 FAILED ==== Contents of test case: badssl sha1-2016.badssl.com ---- Result was: handshake failed: certificate verify failed due to "CA signature digest algorithm too weak" ---- Result should have been (exact matching): handshake failed: certificate verify failed due to "unable to get local issuer certificate" ==== BadSSL-1.47 FAILED ==== BadSSL-1.50 sha1-intermediate FAILED ==== Contents of test case: badssl sha1-intermediate.badssl.com ---- Result was: handshake failed: certificate verify failed due to "CA signature digest algorithm too weak" ---- Result should have been (exact matching): handshake failed: certificate verify failed due to "unable to get local issuer certificate" ==== BadSSL-1.50 FAILED ciphers.test ==== Ciphers_Protocol_Specific-4.3 TLS1.0 FAILED ==== Contents of test case: lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1] ---- Result was: missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA} ---- Result should have been (exact matching): missing {} unexpected {} ==== Ciphers_Protocol_Specific-4.3 FAILED ==== Ciphers_Protocol_Specific-4.4 TLS1.1 FAILED ==== Contents of test case: lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1] ---- Result was: missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA} ---- Result should have been (exact matching): missing {} unexpected {} ==== Ciphers_Protocol_Specific-4.4 FAILED ==== Ciphers_Protocol_Specific-4.6 TLS1.3 FAILED ==== Contents of test case: lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1] ---- Result was: missing {} unexpected {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA} ---- Result should have been (exact matching): missing {} unexpected {} ==== Ciphers_Protocol_Specific-4.6 FAILED Note, that I could not get test tlsIO.test running: I started the server in one command shell: > tclsh remote.tcl -port 8048 -address paulslegion Then started test tlsIO.test in another window, which issued the following error message: (Set env. variables: remoteServerIP=paulslegion remoteServerPort=8048) > tclsh tlsIO.test remote server disappeared: error writing "sock00000249F28A7630": software caused connection abort while executing "error "remote server disappeared: $msg"" (procedure "sendCommand" line 9) invoked from within "sendCommand [list proc dputs [info args dputs] [info body dputs]]" invoked from within "if {$doTestsWithRemoteServer == 1} { proc sendCommand {c} { global commandSocket if {[eof $commandSocket]} { error "remote server disappea..." (file "tlsIO.test" line 205) The following error message was issued on the server side: handshake failed: tlsv1 alert unknown ca while executing "tls::handshake $s" (procedure "__accept__" line 7) invoked from within "__accept__ sock000002A244A3BC00 fe80::b77b:6f81:4359:a9c6%12 64811" ("uplevel" body line 1) invoked from within "uplevel #0 $callback" (procedure "tls::_accept" line 8) invoked from within "tls::_accept {-server 1 -cafile ./certs/cacert.pem -certfile ./certs/server.pem -keyfile ./certs/server.key} __accept__ sock000002A244A3BC00 fe80::b77..."
- login: "anonymous"
- mimetype: "text/plain"
- priority changed to: "Immediate"
- resolution changed to: "Open"
- icomment:
Ticket change [a39a84d666] (rid 3984) by anonymous on 2025-07-08 20:42:51:
- icomment:
Thanks, Paul, great that you tried it! File attach is disabled for anonymous. You may create a login or magic-Schelte may change the fossil settings. Sorry, Harald
- login: "anonymous"
- mimetype: "text/x-markdown"
- username: "oehhar"
- icomment: