Read https website

Post by **CrazyCat** » Tue May 26, 2015 4:37 pm

Hello there,

I'm in trouble with a short code I did. It fetches info from a website, but the website is now in https and I cannot connect anymore with my script.

Here is what I did:

Code: Select all

set website "https://my.website.com"
package require http
package require tls
set agent "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"
http::register https 443 [list ::tls::socket -tls1 1]

proc get {} {
   set httpconfig [::http::config -useragent $::agent]
   set tok [::http::geturl $::website/index.php]
}

And I always get:

Code: Select all

Currently: error reading "sock8": software caused connection abort
Currently:     while executing
Currently: "::http::geturl $::website/index.php"
Currently:     (procedure "get" line 28)

I'd tried different settings for the register https, but no one is working. The ssl cerrtificat is coming from cloudflare.

Any idea ?

Post by **caesar** » Wed May 27, 2015 12:34 am

try with:

Code: Select all

http::register https 443 ::tls::socket

instead of

Code: Select all

http::register https 443 [list ::tls::socket -tls1 1]

Post by **CrazyCat** » Wed May 27, 2015 3:05 pm

Idem:

Code: Select all

Currently: error reading "sock10": software caused connection abort
Currently:     while executing
Currently: "::http::geturl $::website/index.php"
Currently:     (procedure "get" line 3)
Currently:     invoked from within
Currently: "get"

My source:

Code: Select all

package require http
package require tls
variable agent "Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

# http::register https 443 [list ::tls::socket -tls1 1]
http::register https 443 ::tls::socket 

proc get {} {
   set httpconfig [::http::config -useragent $::agent]
   set tok [::http::geturl $::website/index.php]
}

heartbroken · Post by **heartbroken** » Wed May 27, 2015 4:45 pm

I'm just tested on wish. it is works.

http://i.imgur.com/tdaX17R.png

I don't think this issue caused tls::socket looks working good with

Code: Select all

http::register https 443 [list ::tls::socket -tls1 1] ]

or

Code: Select all

http::register https 443 ::tls::socket

Must be something else , but I didn't understand what goes wrong...

juanamores · Post by **juanamores** » Wed May 27, 2015 4:58 pm

CrazyCat you've tried only with your website?
Why not try twitter as did heartbroken to see if you can connect?
Maybe it's the problem of your website...

Post by **CrazyCat** » Wed May 27, 2015 5:04 pm

I think it's a cloudflare trouble.
Here's a lynx' dump:

Code: Select all

Connexion HTTPS à my.website.com
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first connect() failed.
        Opération maintenant en cours
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first select() failed.
        Opération maintenant en cours
HTGetSSLHandle: certfile is set to /etc/ssl/certs/ca-certificates.crt by config SSL_CERT_FILE
->:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
->:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC
->:+COMP-NULL
->:+DHE-RSA:+RSA:+DHE-DSS
->:+SHA1:+MD5
set priorities NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
CHECK 0:NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM:+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
(...)
...called gnutls_server_name_set(my.website.com) ->0
HTTP: Unable to complete SSL handshake for 'https://my.website.com/', SSL_connect=0, SSL error stack dump follows
HTTP: SSL: A TLS fatal alert has been received.

Alert!: Unable to make secure connection to remote host.

Post by **CrazyCat** » Wed May 27, 2015 5:41 pm

Seems to be a SNI trouble.

I'd seen http://sourceforge.net/p/tls/patches/12/ but it doesn't work with the tls package. Tryed -sni and -servername options...

heartbroken · Post by **heartbroken** » Thu Jun 04, 2015 9:30 pm

I made couple of tests to see how Works with other https sites whoever using cloudflare service.

I found a list of websites at cloudflare's document pages.

( to be honest ,first i thought maybe this problem caused build link between your site to cloudflare. but...)

in my tests i've seen that i can get data from some https sites :
(all of these websites are using this cloudflare service.these are listed in cloudflare site.)

http://i.imgur.com/sLeCqef.png
sometimes its been success but sometimes it fails and returns tls sock error:

http://i.imgur.com/JP57c6T.png

as far as i know that tcl-tls package still has bugs and Tcl guys (aku "Andreas Kupries" especially) working on these bug reports.

They were bumb tls version to 1.6.5 ,
four weeks ago in their cvs :
http://tls.cvs.sourceforge.net/viewvc/tls/tls/

but they didn't released this officially yet.

I think they are waiting to fix all reported bugs to release this new version.

so maybe you better wait until they are done with this new fixed version of tls.

You could get further information at freenode #tcl channel about this issue.
ofcourse they know better .

bugme · Post by **bugme** » Sat Jan 14, 2017 10:29 am

SNI trouble can be fixed as described in a wiki https://wiki.tcl.tk/2630