2026-02-06
04:17		• Ticket [8b681abb1e] Tcl application hangs during connection establishment to server not answering on TLS connection properly. status still Open with 5 other changes artifact: 5500f226fc user: bohagan
2026-02-04
09:42		• New ticket [8b681abb1e]. artifact: f78047d016 user: anonymous

Ticket Hash:	8b681abb1ef581f72e877392daa449cc24c98a30
Title:	Tcl application hangs during connection establishment to server not answering on TLS connection properly.
Status:	Open	Type:	Code Defect
Severity:	Critical	Priority:	Immediate
Subsystem:		Resolution:	Open
Last Modified:	2026-02-06 04:17:35 40.6 days ago	Created:	2026-02-04 09:42:33 42.4 days ago
Version Found In:	2.0 tcltls-20260122101940-ba2ee7744c and previous releases

User Comments:

anonymous added on 2026-02-04 09:42:33:

Tcl application hangs during connection establishment to server not answering on TLS connection properly.

tcltls has been compiled using TCl/Tk 8.6.17 and openssl 3.5.5 (linux and macos)

Problem with tcltls-20260122101940-ba2ee7744c (also present in previous releases):

How to reproduce:

start a server with:

ncat -l -p 8143 -w 2

In a second shell, start tclsh or width and run the following commands:

package require http; package require tls;
set tok [http::geturl https://localhost:8143/info -timeout 3000]

Application hangs indefinitly until one types 5 characters and return in the ncat window. When compiled with debug output enabled one can see that tcltls hangs in (snippet of output):

...
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tlsIO.c:936:Tls_GetParent():Requested to get parent of channel 0xa0c49a290
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:104:BioOutput():[chan=0xa0c49a210] BioOutput(bio=0xa0ba66f00, buf=0xa0ac0e000, len=1542)
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:115:BioOutput():[chan=0xa0c49a210] BioOutput(1542) -> 1542 [tclEof=0; tclErrno=0: Undefined error: 0]
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:118:BioOutput():Successfully wrote 1542 bytes of data
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:146:BioOutput():BioOutput returning 1542
.../tcltls-20260122101940-ba2ee7744c/generic/tlsIO.c:936:Tls_GetParent():Requested to get parent of channel 0xa0c49a290
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:274:BioCtrl():BioCtrl(0xa0ba66f00, 0xb, 0x0, 0x0)
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:336:BioCtrl():Got BIO_CTRL_FLUSH
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:402:BioCtrl():BioCtrl return value 1
.../tcltls-20260122101940-ba2ee7744c/generic/tls.c:158:InfoCallback():Called
.../tcltls-20260122101940-ba2ee7744c/generic/tlsIO.c:936:Tls_GetParent():Requested to get parent of channel 0xa0c49a290
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:176:BioInput():[chan=0xa0c49a210] BioInput(bio=0xa0ba66f00, buf=0xa0b35c003, len=5)
.../tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:193:BioInput():[chan=0xa0c49a210] BioInput(buf len=5) -> 5 [tclEof=0; blocked=0; tclErrno=0: Undefined error: 0]

Once the input is type in ncat, the process continues:

...
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:196:BioInput():Successfully read 5 bytes of data
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tlsBIO.c:221:BioInput():BioInput returning 5
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tls.c:244:MessageCallback():Called
/opt/projects/prs/dvx1000/src/tcltls-20260122101940-ba2ee7744c/generic/tls.c:244:MessageCallback():Called
...

Rational

The process should not hang when the server does not send a proper response to the TLS connection request, especially when a timeout has been specified for the https request.

bohagan added on 2026-02-06 04:17:35:

Not sure what you are testing here, but it appears to be missing info. Your ncat command didn't include the --ssl option. So it's just a regular connection. Also you didn't change the channel config, so its a blocking socket and buffering is line mode. So, it won't do anything until you input a EOL.

If your goal is to test sending chat data, look at the demos/echat.tcl application. Start one with the -server option then one or more with the -client option. The server will then echo whatever text it receives from a client to all clients.