Artifacts Associated With Ticket 6a63c165d8

1. Ticket change [3effdf848f] (rid 3980) by anonymous on 2025-04-06 22:30:05:

   1. icomment:

      This code will reproduce the problem:
      <pre>
      #!/usr/bin/env tclsh
      package require Tcl 8.6-
      package require tls
      package require http
       
      set url "https://pinacnews.com"
      set port 443
      set protocol "http/1.1"
       
      # Register https protocol handler with http package
      http::register https 443 [list ::tls::socket -autoservername 1 -require 1 -alpn [list [string tolower $protocol]]]
       
      # Get webpage
      set token [::http::geturl $url -blocksize 16384]
      if {[http::status $token] ne "ok"} {
          puts [format "Error: \"%s\"" [http::status $token]]
          ::http::cleanup $token
          exit
      }
       
      # Get web page
      set data [http::data $token]
       
      # Cleanup
      ::http::cleanup $token
       
      # Save data to file
      set ch [open "tcl_tk_home.html" wb]
      puts $ch $data
      close $ch
      </pre>
      
      Although the configure script has the <i>--enable-ssl-fastpath</i> option the source never includes confdefs.h. By hacking <pre>#define TCLTLS_SSL_USE_FASTPATH 1</pre> into generic/tlsBIO.c I was able to get past the bug.
      
      The site https://pinacnews.com only responds with RST to the SYN sent. 
      By running
      <pre>
      % set sock [tls::socket -autoservername 1 -require 1 -alpn [list [string tolower {http/1.1}]] pinacnews.com 443]
      couldn't open socket: connection refused
      </pre> 
      I could see that it wasn't a problem with the socket but for whatever reason the socket was being passed to tlsIO.c even though it had already failed.
      
      The error handling in tlsIO.c thinks the error should have a retry and ends up looping forever getting the same error each time.
      

   2. login: "anonymous"
   3. mimetype: "text/html"
   4. private_contact initialized to: "319409ab6a0bc31d2a0da67b49b83b0b33d54058"
   5. severity initialized to: "Critical"
   6. status initialized to: "Open"
   7. title initialized to: "tcltls-2.0.b1 infinite loop in Tls_WaitForConnect"
   8. type initialized to: "Code Defect"

2. Ticket change [b20c07ec69] (rid 4103) by bohagan on 2025-10-11 21:56:47:

   1. icomment:

      Fixed in [b342c5f3023b3344], [cbeb34c75f0f49c7], and [10199abaf9e00249].
      
      The issue is that site has a bad certificate so -require 1 will cause it to fail.
      
      The fast path option is passed as a command line option to the compiler, so confdefs.h isn't needed. Also you don't need to use the fast path option.
      

   2. login: "bohagan"
   3. mimetype: "text/x-fossil-plain"
   4. priority changed to: "Immediate"
   5. resolution changed to: "Open"

3. Ticket change [86bbcdcba9] (rid 4112) by bohagan on 2025-10-11 22:05:41:

   1. login: "bohagan"
   2. mimetype: "text/x-markdown"
   3. resolution changed to: "Fixed"