• working with https

    From Mark Tarver@21:1/5 to All on Sat Nov 27 06:05:14 2021
    I had a web connection working with TCL/tk and switched the site to https and found problems.

    On a forum I found

    package require http 2
    package require tls 1.7
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]

    However I get

    can't find package tls 1.7

    Mark

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From greg@21:1/5 to All on Sat Nov 27 11:43:15 2021
    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]



    links:
    https://wiki.tcl-lang.org/page/tls
    https://www.magicsplat.com/blog/tcltls/ https://tcl.tk/man/tcl8.6/TclCmd/http.htm

    best regard
    Gregor

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mark Tarver@21:1/5 to All on Sun Nov 28 06:31:43 2021
    Using

    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]

    I got

    wrong # args: should be "tls::socket ?options? host port"

    to the last line

    with thanks

    Mark

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From greg@21:1/5 to Mark on Sun Nov 28 07:55:46 2021
    Mark schrieb am Sonntag, 28. November 2021 um 15:31:45 UTC+1:
    Using
    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]

    and with e.g.:
    set token [::http::geturl https://www.google.com/]


    best regards
    Gregor




    # Tcl/Tk 8.6.12, tls 1.7.22, Linux)
    info patchlevel
    package present tls

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mark Tarver@21:1/5 to greg on Sun Nov 28 08:39:11 2021
    On Sunday, 28 November 2021 at 15:55:48 UTC, greg wrote:
    Mark schrieb am Sonntag, 28. November 2021 um 15:31:45 UTC+1:
    Using
    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]
    and with e.g.:
    set token [::http::geturl https://www.google.com/]


    best regards
    Gregor




    # Tcl/Tk 8.6.12, tls 1.7.22, Linux)
    info patchlevel
    package present tls

    sadly

    wrong # args: should be "tls::socket ?options? host port"

    still comes back - its not the URL I think.

    Mark

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mark Tarver@21:1/5 to Helmut Giese on Sun Nov 28 10:11:40 2021
    On Sunday, 28 November 2021 at 17:20:23 UTC, Helmut Giese wrote:
    Mark Tarver <dr.mt...@gmail.com> schrieb:
    On Sunday, 28 November 2021 at 15:55:48 UTC, greg wrote:
    Mark schrieb am Sonntag, 28. November 2021 um 15:31:45 UTC+1:
    Using
    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]
    and with e.g.:
    set token [::http::geturl https://www.google.com/]
    ...
    sadly

    wrong # args: should be "tls::socket ?options? host port"

    still comes back - its not the URL I think.

    Mark
    Well, not knowing much about tls I see that Tcl is tellling you, what
    it expects:
    - tls::socket -- this you supply
    - ?options? -- your '-autoservername true'
    - host port -- these are missing, therefore it complains 'wrong number
    of args'.
    Try supplying them and see what happens.

    HTH
    Helmut

    Can you access the Google page cited by Greg using an adapted version of the above code and if so
    could you share it with us?

    Mark

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Helmut Giese@21:1/5 to Mark Tarver on Sun Nov 28 18:20:19 2021
    Mark Tarver <dr.mtarver@gmail.com> schrieb:

    On Sunday, 28 November 2021 at 15:55:48 UTC, greg wrote:
    Mark schrieb am Sonntag, 28. November 2021 um 15:31:45 UTC+1:
    Using
    package require http
    package require tls
    http::register https 443 [list ::tls::socket -autoservername true]
    set token [http::geturl https://my.secure.site/]
    and with e.g.:
    set token [::http::geturl https://www.google.com/]
    ...
    sadly

    wrong # args: should be "tls::socket ?options? host port"

    still comes back - its not the URL I think.

    Mark
    Well, not knowing much about tls I see that Tcl is tellling you, what
    it expects:
    - tls::socket -- this you supply
    - ?options? -- your '-autoservername true'
    - host port -- these are missing, therefore it complains 'wrong number
    of args'.
    Try supplying them and see what happens.

    HTH
    Helmut

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Mark Tarver@21:1/5 to All on Sun Nov 28 10:39:16 2021
    Well after experimentation I found this worked

    package require http
    package require tls
    ::http::register https 443 [list ::tls::socket -request 1 -ssl2 0 -ssl3 0 -tls1 1 -cafile VeriSignClass3SecureServerCA-G3.crt]
    set token [::http::geturl https://www.google.com/]
    upvar #0 $token state
    puts $state(body)

    prints the HTML for the Google page.

    Mark

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From js@21:1/5 to Mark Tarver on Mon Nov 29 00:43:28 2021
    On 11/28/21 1:39 PM, Mark Tarver wrote:
    Well after experimentation I found this worked

    package require http
    package require tls
    ::http::register https 443 [list ::tls::socket -request 1 -ssl2 0 -ssl3 0 -tls1 1 -cafile VeriSignClass3SecureServerCA-G3.crt]
    set token [::http::geturl https://www.google.com/]
    upvar #0 $token state
    puts $state(body)


    I don't think you need any certificates for client type work. The
    original version of your code works fine - albeit with one small change:
    take out the "-autoservername true". I am not sure what the option is
    intended to do but I faintly recall to also have had issues with it in
    the past with the http/tls combination.

    package require http
    package require tls
    http::register https 443 [list ::tls::socket]
    set token [::http::geturl https://www.google.com/]
    upvar #0 $token state
    puts [string length $state(body)]

    prints out 50615 as the size of the page.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Harald Oehlmann@21:1/5 to All on Mon Nov 29 10:36:25 2021
    Am 29.11.2021 um 06:43 schrieb js:
    On 11/28/21 1:39 PM, Mark Tarver wrote:
    Well after experimentation I found this worked

    package require http
    package require tls
    ::http::register https 443 [list ::tls::socket -request 1 -ssl2 0
    -ssl3 0 -tls1 1 -cafile VeriSignClass3SecureServerCA-G3.crt]
    set token [::http::geturl https://www.google.com/]
    upvar #0 $token state
    puts $state(body)


    I don't think you need any certificates for client type work. The
    original version of your code works fine - albeit with one small change:
    take out the "-autoservername true". I am not sure what the option is intended to do but I faintly recall to also have had issues with it in
    the past with the http/tls combination.

    package require http
    package require tls
    http::register https 443 [list ::tls::socket]
    set token [::http::geturl https://www.google.com/]
    upvar #0 $token state
    puts [string length $state(body)]

    prints out 50615 as the size of the page.

    May I add my 2 cents ?

    to my experience, the "-autoservername" helps more than it hurts.

    I would recommend the great article by Ashok about TLS who puts light in
    the aspect "certificate verification" on different platforms:

    https://www.magicsplat.com/blog/tcltls/

    TLS is a difficult subject in all aspects. You may also look to the tcl
    wiki: wiki.tcl-lang.org/tls

    Take care,
    Harald

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)