1. Forum
  2. Usenet
  3. COMP.LANG.TCL

  • Issues with tls 1.7.22 & Fedora 36 with Openssl 3.0?

    From Ted Nolan @21:1/5 to All on Wed May 25 19:20:36 2022
    We have recently gotten a Fedora 36/Openssl 3.0/Tcl 8.6/AMD64 system
    as part of our enviornment, and I have been having some issues with
    code using the supplied Tcltls 1.7.22 which works on other systems.

    In particular, when code tries to connect to a REST API (two different
    APIs on two different servers) I am getting the error

    handshake failed: unexpected eof while reading

    doing a bit of googling suggests this may be an issue with Openssl 3.0 reestablishing a change they had previously reverted because it was
    causing this issue for people. I think the story is that this is caused
    by bad SSL shutdown practices and they reverted to allow people
    time to fix things, but figure they have now had long enough.

    Anyway, the googling I did also suggested that perhaps adding SSL_OPIGNORE_UNEXPECTED_EOF to client code might work around the
    issue, so I tried that in the tls 1.7.22 code naively changing the

    SSL_CTX_set_options( ctx, SSL_OP_ALL)

    line in ssl.c to

    SSL_CTX_set_options( ctx, SSL_OP_ALL|SSL_OP_IGNORE_UNEXPECTED_EOF)

    which got me past (or surpressed) the EOF message, but still did not actually work.

    As a side note, I'm not sure how the tls 1.7.22 that ships with Fedora 36
    was actually built, as the "gen_dh_params_openssl" shell procedure in
    the gen_dh_params file no longer works with Openssl 3.0. I had to comment
    it out (along with gen_dh_params_remote since our hosts can't call out
    to the internet) and go with the fallback.

    So, is anyone else seeing this issue and if so, is there a work-around?
    --
    columbiaclosings.com
    What's not in Columbia anymore..

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From apn@21:1/5 to All on Thu May 26 16:41:40 2022
    On 5/26/2022 12:50 AM, Ted Nolan <tednolan> wrote:
    So, is anyone else seeing this issue and if so, is there a work-around?

    You may have better luck logging a ticket at https://core.tcl-lang.org/tcltls/tktnew or asking on the Tclers chat.

    Not sure the author reads c.l.t

    /Ashok

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ted Nolan @21:1/5 to [email protected] on Thu May 26 12:15:15 2022
    In article <t6nn9c$1qs$[email protected]>, apn <[email protected]> wrote:
    On 5/26/2022 12:50 AM, Ted Nolan <tednolan> wrote:
    So, is anyone else seeing this issue and if so, is there a work-around?

    You may have better luck logging a ticket at >https://core.tcl-lang.org/tcltls/tktnew or asking on the Tclers chat.

    Not sure the author reads c.l.t

    /Ashok

    Thanks, I may do that, though I think I would have to have something
    a bit more rigourous to file an actual ticket.
    --
    columbiaclosings.com
    What's not in Columbia anymore..

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to apn on Thu May 26 09:06:46 2022
    On 5/26/22 7:11 AM, apn wrote:

    asking on the Tclers chat.


    Hello,

    Sorry if this is obvious: Is this on Twitter or something? How does one
    join the chat?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Rich@21:1/5 to [email protected] on Thu May 26 13:40:37 2022
    [email protected] wrote:
    On 5/26/22 7:11 AM, apn wrote:

    asking on the Tclers chat.


    Hello,

    Sorry if this is obvious: Is this on Twitter or something? How does one
    join the chat?

    Hmm....

    Goes to www.google.com

    Insert "tclers chat" into search box, presses search.

    First hit is:


    Tcl Chatroom - the Tcler's Wiki!
    https://wiki.tcl-lang.org \u203a page \u203a Tcl+Chatroom
    Introduction. The Tcl Chatroom is an XMPP (Jabber) conference room
    that is bridged to an IRC channel. You can use any Jabber or IRC
    client to connect, ...
    \u200eQuickStart � \u200eWho is who? � \u200eComments


    Which is a link to the Tcl wiki page about the chat.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to Rich on Thu May 26 19:09:51 2022
    On 5/26/22 9:40 AM, Rich wrote:


    Tcl Chatroom - the Tcler's Wiki!
    https://wiki.tcl-lang.org \u203a page \u203a Tcl+Chatroom
    Introduction. The Tcl Chatroom is an XMPP (Jabber) conference room
    that is bridged to an IRC channel. You can use any Jabber or IRC
    client to connect, ...
    \u200eQuickStart · \u200eWho is who? · \u200eComments


    Which is a link to the Tcl wiki page about the chat.


    Thanks.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)