We've been stress testing TLS and found some problems, and have just
resolved them. We will be making a Tcl 8.3.2 release "soon". You can
get that from CVS by checking out the "core-8-3-1-branch"
(i.e., 8.3 modifications to the 8.3.1 release) and by checking out
the main line of the TLS CVS module, which should be version 1.4 now.
We've been testing this on Solaris, Red Hat Linux, and Windows NT 4.
However, the problems we were seeing were ECONNABORT errors when they
should not have occurred. There were also fundamental bugs in the
Tcl stacked channel architecture that the 8.3.2 release fixes.
>>>"Jerry Clarke <clarke>" said:
>
> I'm not sure if this is the right place to ask but I'll give it
> a try ...
>
> We're implementing an HPC visualization system on our SGI O2Ks
> called the Distributed Interactive Computing Environment ( DICE ).
> We'd like to use the tcl httpd as a Web interface to the functionality.
> This has been sucessfully implemented in a demonstration mode but
> we need it to be secure before we can deploy it to our users ( As you
> can imagine the Dod is a bit concerned with security ).
>
> I've tried to get the SSL stuff working, but no joy! Originally, I
> tried it with tcl8.4a but then read the web page and tried with the
> CVS repository branch version 8-3-1 .
>
> I'm running on SGI IRIX 6.5 in with 64 bit libraries and the
> following versions :
> tclhttp 3.0.3
> tls 1.3 from the CVS repository
> tcl 8.3.1 from the CVS repository
> openssl l-0.9.5a
> tcl standard lib 0.4
>
> The http server starts fine, and I can originally connect
> to the https URL but tcl core dumps after the browser accepts
> the certificate from the server ( and after thy've negoitaded
> a cipher ). dbx says that it's dying in malloc, from Tcl_Alloc,
> from Tcl_Write, from BioWrite which comes from the Tls handshake stuff.
> I doubt the problem is in the tcl core, that's just where it eventually
> dies.
>
> Does this symptom ring a bell with anyone ?
> What version os OpenSSL is known to work with Tls and Httpd ?
> Has anyone done this in 64 bits on IRIX ? ( we need to use 64 bit due to
> some of the applications )
>
>
>
> Thanks
>
> --
>
>
> --------------------------------------------------------------
> Jerry A. Clarke [EMAIL PROTECTED]
> (410)278-9279
> Fax (410)278-9199
> Raytheon Company
> Major Shared Resource Center PET
> US Army Research Laboratory
> Blg. 394 Room 220
> --------------------------------------------------------------
>
-- Brent Welch <[EMAIL PROTECTED]>
http://www.ajubasolutions.com
Scriptics changes to Ajuba Solutions
scriptics.com => ajubasolutions.com
