TclTLS
View Ticket
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Attach Check-ins Edit History New Ticket Plaintext Timeline
Ticket Hash: 82560343da66fe8a8914bda22c4575bdf00d4f30
Title: Test-suite errors on Windows
Status: Open Type: Code Defect
Severity: Important Priority: Immediate
Subsystem: Resolution: Fixed
Last Modified: 2025-10-11 22:04:59
8.6 days ago 		Created: 2025-07-08 20:28:20
103.7 days ago
Version Found In: 2.0b1
User Comments:
anonymous added on 2025-07-08 20:28:20:

Mananged to build tcltls with Tcl/Tk 9.0.2 on Windows using gcc 14.2.0:

  1. Configured and compiled OpenSSL 3.5.1 with default settings.

  2. Added ws2_32.lib and Crypt32.lib in configure.ac and regenerated configure.

    if test "${TEA_PLATFORM}" = "windows" ; then if test "$GCC" = "yes"; then TEA_ADD_CFLAGS([${TCLTLS_SSL_CFLAGS} -Wno-deprecated-declarations]) TEA_ADD_INCLUDES([${TCLTLS_SSL_INCLUDES}]) TEA_ADD_LIBS([${TCLTLS_SSL_LIBS} ws2_32.lib Crypt32.lib]) fi ...

  3. Configured and compiled tcltls 2.0 using the following configure options:

    --with-openssl-dir --enable-static-ssl --enable-hardening

  4. Several tests failed. The results of the test-suite are contained in file tls.log.

I also was not able to run the keytest tests:

> tclsh keytest1.tcl
Now run keytest2.tcl
unable to set certificate file C:/Temp/certfile56986.TMP: ee key too small
    while executing
"tls::import sock26f2630 -server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP"
    ("eval" body line 1)
    invoked from within
"eval [list tls::import $chan] $iopts"
    (procedure "tls::_accept" line 4)
    invoked from within
"tls::_accept {-server 1 -keyfile C:/Temp/keyfile56530.TMP -certfile C:/Temp/certfile56986.TMP} myserv sock26f2630 127.0.0.1 63081"

> tclsh keytest2.tcl
error flushing "sock344b4c0": software caused connection abort
    while executing
"flush $s"
    (file "keytest2.tcl" line 8)
anonymous added on 2025-07-08 20:32:37: 
Did not find a way to attach a file, so here is the content of tls.log:

Tests running in interp:  c:/opt/Tcl/bin/tclsh.exe
Tests located in:  D:/tmp/openssl/tcltls-2.0.0/tests
Tests running in:  D:/tmp/openssl/tcltls-2.0.0/tests
Temporary files stored in D:/tmp/openssl/tcltls-2.0.0/tests
Test files run in separate interpreters
Running tests that match:  *
Skipping test files that match:  l.*.test
Only running test files that match:  *.test
Tests began at Tue Jul 08 21:23:42 CEST 2025
badssl.test


==== BadSSL-1.47 sha1-2016 FAILED
==== Contents of test case:

	badssl sha1-2016.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.47 FAILED



==== BadSSL-1.50 sha1-intermediate FAILED
==== Contents of test case:

	badssl sha1-intermediate.badssl.com
    
---- Result was:
handshake failed: certificate verify failed due to "CA signature digest algorithm too weak"
---- Result should have been (exact matching):
handshake failed: certificate verify failed due to "unable to get local issuer certificate"
==== BadSSL-1.50 FAILED

ciphers.test


==== Ciphers_Protocol_Specific-4.3 TLS1.0 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1 -s] [::tls::ciphers tls1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.3 FAILED



==== Ciphers_Protocol_Specific-4.4 TLS1.1 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_1 -s] [::tls::ciphers tls1.1 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.4 FAILED



==== Ciphers_Protocol_Specific-4.6 TLS1.3 FAILED
==== Contents of test case:

	lcompare [exec_get ":" ciphers -tls1_3 -s] [::tls::ciphers tls1.3 0 1]
    
---- Result was:
missing {} unexpected {ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA DHE-RSA-AES128-SHA AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA}
---- Result should have been (exact matching):
missing {} unexpected {}
==== Ciphers_Protocol_Specific-4.6 FAILED



Note, that I could not get test tlsIO.test running:

I started the server in one command shell:
> tclsh remote.tcl -port 8048 -address paulslegion

Then started test tlsIO.test in another window, which issued the following error message:
(Set env. variables: remoteServerIP=paulslegion remoteServerPort=8048)

> tclsh tlsIO.test
remote server disappeared: error writing "sock00000249F28A7630": software caused connection abort
    while executing
"error "remote server disappeared: $msg""
    (procedure "sendCommand" line 9)
    invoked from within
"sendCommand [list proc dputs [info args dputs] [info body dputs]]"
    invoked from within
"if {$doTestsWithRemoteServer == 1} {
    proc sendCommand {c} {
        global commandSocket

        if {[eof $commandSocket]} {
            error "remote server disappea..."
    (file "tlsIO.test" line 205)

The following error message was issued on the server side:

handshake failed: tlsv1 alert unknown ca
    while executing
"tls::handshake $s"
    (procedure "__accept__" line 7)
    invoked from within
"__accept__ sock000002A244A3BC00 fe80::b77b:6f81:4359:a9c6%12 64811"
    ("uplevel" body line 1)
    invoked from within
"uplevel #0 $callback"
    (procedure "tls::_accept" line 8)
    invoked from within
"tls::_accept {-server 1 -cafile ./certs/cacert.pem -certfile ./certs/server.pem -keyfile ./certs/server.key} __accept__ sock000002A244A3BC00 fe80::b77..."
anonymous (claiming to be oehhar) added on 2025-07-08 20:42:51:

Thanks, Paul, great that you tried it! File attach is disabled for anonymous. You may create a login or magic-Schelte may change the fossil settings.

Sorry, Harald

bohagan added on 2025-09-05 22:32:15:

The missing libs from the configure.ac file is a bug. I'll fix that.

You shouldn't need to run those scripts directly from the command line. All you need to do is either "make test" or "tclsh all.tcl". Those will run all of the tests with the correct args to those scripts. The BadSSL and Ciphers test case failures are expected for now.

bohagan added on 2025-10-11 21:42:20: 
Missing libraries are fixed in [bfc8b5b54b06d1d8].
Powered by Fossil · RSS