Ticket Change Details
Overview

Artifact ID: ea605ef8362e583f59fac2bc665e75aaceb0578841e54f99133dc29b4216b71e
Ticket: 799aae4e72a7c137979ba791698b79d610ad5119
http::geturl hangs if certificate verify failed
User & Date: anonymous 2019-12-13 10:13:19
Changes

  1. Change foundin to ">1.7.3"
  2. Change icomment to:

    The problem is more severe the older the http package is, but in its less critical form, it hangs when performing a post:

    ``` package require tls

    package require http http::register https 443 tls::socket

    proc ::tls::log {level msg} { puts ">>>> $msg" }

    #set ::tls::debug 1

    tls::init -cafile /tmp/kk.ca -tls1 true -require 1 -request 1

    http::geturl https://self-signed.badssl.com -query a=b

    puts OK ```

    It shows:

    ``` VerifyCallback 1 VerifyCallback checking VerifyCallback null callback VerifyCallback returnning ok=0 SSL channel "sock5": error: certificate verify failed

    <----- here it hangs ```

    If instead of performing a POST, we use GET, it does not hang:

    ``` VerifyCallback 1 VerifyCallback checking VerifyCallback null callback VerifyCallback returnning ok=0 error flushing "sock5": connection reset by peer while executing "http::geturl https://self-signed.badssl.com" (file "check.tcl" line 18) ```

    But is just because in http module, the socket is flushed, and it fails:

    ``` if {$isQuery || $isQueryChannel} { ... puts $sock "" fconfigure $sock -translation {auto binary} fileevent $sock writable [list http::Write $token] } else { puts $sock "" flush $sock fileevent $sock readable [list http::Event $sock $token] } ```

    On isQuery mode (POST), there is no flush to trigger an error so it hangs.

    I tracked the error to this commit:

    https://core.tcl-lang.org/tcltls/info/7df7a8696e009447

    From that commit onwards, it always hangs.

  3. Change login to "anonymous"
  4. Change mimetype to "text/x-fossil-plain"
  5. Change private_contact to "fb5d142cbd03f75616e36710b2a166433622c00f"
  6. Change severity to "Severe"
  7. Change status to "Open"
  8. Change title to "http::geturl hangs if certificate verify failed"
  9. Change type to "Code Defect"