Hi all.
This list has been quiet for ages, but I hope that we can get some
kind of response here as there's been nothing on Squeak-Dev.
Please see the forwarded message below. It's part of a two-message
thread, there are two parties (my company, and pierre-edouard.portier(a)insa-lyon.fr
) trying to use SSLSocket, and having no joy.
Please can anybody help? I'm trying to use CurlPlugin as a workaround,
but this is for XML-RPC calls, which needs POST requests with a
customer content-type. The upshot is that CurlPlugin is unsuitable.
Ultimately, I'm thinking that if SSLSocket doesn't work, I'm going to
have to look to Gemstone or something, and that's a totally foreign
environment to me!
Cheers,
Simon
Begin forwarded message:
> From: Simon Kirk <simon.kirk(a)pinesoft.co.uk>
> Date: 20 February 2009 15:51:18 GMT
> To: The general-purpose Squeak developers list <squeak-dev(a)lists.squeakfoundation.org
> >
> Subject: Re: [squeak-dev] SSLSocket and basic http auth
> (api.del.icio.us or mail.google.com or ...)
> Reply-To: The general-purpose Squeak developers list <squeak-dev(a)lists.squeakfoundation.org
> >
>
> I hate to say it but I'm getting even worse behaviour. For HTTPS
> sites that don't require HTTP auth at all, they also fail.
>
> For instance:
>
> 'https://www.amazon.com' asUrl retrieveContents content
>
> Printit yields: 'error occured retrieving https://www.amazon.com/:
> Server www.amazon.com is not responding'
>
> Ditto for lots of other sites, such as Google.
>
> Interestingly, it still works for *some* of the examples from the
> SSL Workspace provided with the SSL package (https://investing.schwab.com/
> and 'https://www.usaa.com') but not others.
>
> This implies some sort of cipher or protocol the SSL suite doesn't
> support.
>
> This is pretty bad for us, as we need to do some stuff for a client
> that involves XML-RPC calls to an SSL server, which I've just
> discovered doesn't work with the SSL package :(
>
> Cheers,
> Simon
>
>
> On 20 Feb 2009, at 12:57, Pierre-Edouard PORTIER wrote:
>
>> Hi!
>> I try to connect to SSL + Basic HTTP Auth sites, for example : https://mail.google.com
>> or https://api.del.icio.us
>> When I try :
>>
>> | conn |
>> conn := SSLSocket newConnectionAddress: (NetNameResolver
>> addressForName: 'mail.google.com') port: 443
>>
>> I obtain a socket with state: SSLConnectionClosed.
>> With sites that do not require HTTP Basic authentication :
>>
>> | conn |
>> conn := SSLSocket newConnectionAddress: (NetNameResolver
>> addressForName: 'www.usaa.com') port: 443
>>
>> I obtain a SSLSocket with state: SSLConnectionConnected.
>> But don't we need an open socket in order to send the request with
>> the authentication data in the header ?
>>
>> In fact, inside the HttpsSocket>>httpsGetDocumentFromUrl: url args:
>> args accept: mimeType request: requestString we find:
>>
>> sock := HttpsSocket new.
>> sock connectTo: serverAddr port: connectToPort.
>> (sock waitForConnectionUntil: (Time millisecondClockValue +
>> (10000) truncated)) ifTrue: [
>> sock sendCommand: 'GET ', page, ' HTTP/1.0', String crlf,
>> (mimeType ifNotNil: ['ACCEPT: ', mimeType, String
>> crlf] ifNil: ['']),
>> 'ACCEPT: text/html', String crlf, "Always accept
>> plain text"
>> requestString, "extra user request. Authorization"
>> 'Host: ', serverName, ':', port printString, String
>> crlf.
>> etc.etc.
>> with the possibility to put the authentication header inside the
>> requestString.
>>
>> Has someone any idea how to solve this problem?
>>
>> Thank you.
>>
>> pep
>>
>>
>>
>> Click here to report this email as spam.
>>
>>
>
>
>
>
> ΓΌ Consider your responsibility to the environment - think before you
> print!
>
> *******************************************************************************************************************************************
>
> This email is from Pinesoft Limited. Its contents are confidential
> to the intended recipient(s) at the email address(es) to which it
> has been addressed. It may not be disclosed to or used by anyone
> other than the addressee(s), nor may it be copied in anyway. If
> received in error, please contact the sender, then delete it from
> your system. Although this email and attachments are believed to be
> free of virus, or any other defect which might affect any computer
> or IT system into which they are received and opened, it is the
> responsibility of the recipient to ensure that they are virus free
> and no responsibility is accepted by Pinesoft for any loss or damage
> arising in any way from receipt or use thereof.
>
> *******************************************************************************************************************************************
>
>
> Pinesoft Limited are registered in England, Registered number:
> 2914825. Registered office: 266-268 High Street, Waltham Cross,
> Herts, EN8 7EA
>
>
>
>