TclTLS
View Ticket
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Attach Check-ins Edit History New Ticket Plaintext Timeline
Ticket Hash: 82560343da66fe8a8914bda22c4575bdf00d4f30
Title: Test-suite errors on Windows
Status: Open Type: Code Defect
Severity: Important Priority: Immediate
Subsystem: Resolution: Open
Last Modified: 2025-07-08 20:42:51
22.6 days ago 		Created: 2025-07-08 20:28:20
22.6 days ago
Version Found In: 2.0b1
User Comments:
anonymous added on 2025-07-08 20:28:20:

Mananged to build tcltls with Tcl/Tk 9.0.2 on Windows using gcc 14.2.0:

  1. Configured and compiled OpenSSL 3.5.1 with default settings.

  2. Added ws2_32.lib and Crypt32.lib in configure.ac and regenerated configure.

    if test "${TEA_PLATFORM}" = "windows" ; then if test "$GCC" = "yes"; then TEA_ADD_CFLAGS([${TCLTLS_SSL_CFLAGS} -Wno-deprecated-declarations]) TEA_ADD_INCLUDES([${TCLTLS_SSL_INCLUDES}]) TEA_ADD_LIBS([${TCLTLS_SSL_LIBS} ws2_32.lib Crypt32.lib]) fi ...

  3. Configured and compiled tcltls 2.0 using the following configure options:

    --with-openssl-dir --enable-static-ssl --enable-hardening

  4. Several tests failed. The results of the test-suite are contained in file tls.log.

I also was not able to run the keytest tests:

> tclsh keytest1.tcl
Now run keytest2.tcl
unable to set certificate file C:/Temp/certfile56986.TMP: ee key too small
    while executing
"tls::import sock26f2630 -server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP"
    ("eval" body line 1)
    invoked from within
"eval [list tls::import $chan] $iopts"
    (procedure "tls::_accept" line 4)
    invoked from within
"tls::_accept {-server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP} myserv sock26f2630 127.0.0.1 63081"

> tclsh keytest2.tcl
error flushing "sock344b4c0": software caused connection abort
    while executing
"flush $s"
    (file "keytest2.tcl" line 8)
anonymous added on 2025-07-08 20:32:37: 
Did not find a way to attach a file, so here is the content of tls.log:

Tests running in interp:  c:/opt/Tcl/bin/tclsh.exe
Tests located in:  D:/tmp/openssl/tcltls-2.0.0/tests
Tests running in:  D:/tmp/openssl/tcltls-2.0.0/tests
Temporary files stored in D:/tmp/openssl/tcltls-2.0.0/tests
Test files run in separate interpreters
Running tests that match:  *
Skipping test files that match:  l.*.test
Only running test files that match:  *.test
Tests began at Tue Jul 08 21:23:42 CEST 2025
badssl.test


==== BadSSL-1.47 sha1-2016 FAILED
==== Contents of test case:

	badssl sha1-2016.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.47 FAILED



==== BadSSL-1.50 sha1-intermediate FAILED
==== Contents of test case:

	badssl sha1-intermediate.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.50 FAILED

ciphers.test


==== Ciphers_Protocol_Specific-4.3 TLS1.0 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.3 FAILED



==== Ciphers_Protocol_Specific-4.4 TLS1.1 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.4 FAILED



==== Ciphers_Protocol_Specific-4.6 TLS1.3 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.6 FAILED



Note, that I could not get test tlsIO.test running:

I started the server in one command shell:
> tclsh remote.tcl -port 8048 -address paulslegion

Then started test tlsIO.test in another window, which issued the following error message:
(Set env. variables: remoteServerIP=paulslegion remoteServerPort=8048)

> tclsh tlsIO.test
remote server disappeared: error writing "sock00000249F28A7630": software caused connection abort
    while executing
"error "remote server disappeared: $msg""
    (procedure "sendCommand" line 9)
    invoked from within
"sendCommand [list proc dputs [info args dputs] [info body dputs]]"
    invoked from within
"if {$doTestsWithRemoteServer == 1} {
    proc sendCommand {c} {
        global commandSocket

        if {[eof $commandSocket]} {
            error "remote server disappea..."
    (file "tlsIO.test" line 205)

The following error message was issued on the server side:

handshake failed: tlsv1 alert unknown ca
    while executing
"tls::handshake $s"
    (procedure "__accept__" line 7)
    invoked from within
"__accept__ sock000002A244A3BC00 fe80::b77b:6f81:4359:a9c6%12 64811"
    ("uplevel" body line 1)
    invoked from within
"uplevel #0 $callback"
    (procedure "tls::_accept" line 8)
    invoked from within
"tls::_accept {-server 1 -cafile ./certs/cacert.pem -certfile ./certs/server.pem -keyfile ./certs/server.key} __accept__ sock000002A244A3BC00 fe80::b77..."
anonymous (claiming to be oehhar) added on 2025-07-08 20:42:51:

Thanks, Paul, great that you tried it! File attach is disabled for anonymous. You may create a login or magic-Schelte may change the fossil settings.

Sorry, Harald

Powered by Fossil · RSS