Fwd: [squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...)
Hi all.
This list has been quiet for ages, but I hope that we can get some kind of response here as there's been nothing on Squeak-Dev.
Please see the forwarded message below. It's part of a two-message thread, there are two parties (my company, and pierre-edouard.portier@insa-lyon.fr ) trying to use SSLSocket, and having no joy.
Please can anybody help? I'm trying to use CurlPlugin as a workaround, but this is for XML-RPC calls, which needs POST requests with a customer content-type. The upshot is that CurlPlugin is unsuitable.
Ultimately, I'm thinking that if SSLSocket doesn't work, I'm going to have to look to Gemstone or something, and that's a totally foreign environment to me!
Cheers, Simon
Begin forwarded message:
From: Simon Kirk simon.kirk@pinesoft.co.uk Date: 20 February 2009 15:51:18 GMT To: The general-purpose Squeak developers list <squeak-dev@lists.squeakfoundation.org
Subject: Re: [squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...) Reply-To: The general-purpose Squeak developers list <squeak-dev@lists.squeakfoundation.org
I hate to say it but I'm getting even worse behaviour. For HTTPS sites that don't require HTTP auth at all, they also fail.
For instance:
'https://www.amazon.com' asUrl retrieveContents content
Printit yields: 'error occured retrieving https://www.amazon.com/: Server www.amazon.com is not responding'
Ditto for lots of other sites, such as Google.
Interestingly, it still works for *some* of the examples from the SSL Workspace provided with the SSL package (https://investing.schwab.com/ and 'https://www.usaa.com') but not others.
This implies some sort of cipher or protocol the SSL suite doesn't support.
This is pretty bad for us, as we need to do some stuff for a client that involves XML-RPC calls to an SSL server, which I've just discovered doesn't work with the SSL package :(
Cheers, Simon
On 20 Feb 2009, at 12:57, Pierre-Edouard PORTIER wrote:
Hi! I try to connect to SSL + Basic HTTP Auth sites, for example : https://mail.google.com or https://api.del.icio.us When I try :
| conn | conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'mail.google.com') port: 443
I obtain a socket with state: SSLConnectionClosed. With sites that do not require HTTP Basic authentication :
| conn | conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'www.usaa.com') port: 443
I obtain a SSLSocket with state: SSLConnectionConnected. But don't we need an open socket in order to send the request with the authentication data in the header ?
In fact, inside the HttpsSocket>>httpsGetDocumentFromUrl: url args: args accept: mimeType request: requestString we find:
sock := HttpsSocket new. sock connectTo: serverAddr port: connectToPort. (sock waitForConnectionUntil: (Time millisecondClockValue + (10000) truncated)) ifTrue: [ sock sendCommand: 'GET ', page, ' HTTP/1.0', String crlf, (mimeType ifNotNil: ['ACCEPT: ', mimeType, String crlf] ifNil: ['']), 'ACCEPT: text/html', String crlf, "Always accept plain text" requestString, "extra user request. Authorization" 'Host: ', serverName, ':', port printString, String crlf. etc.etc. with the possibility to put the authentication header inside the requestString.
Has someone any idea how to solve this problem?
Thank you.
pep
Click here to report this email as spam.
ü Consider your responsibility to the environment - think before you print!
This email is from Pinesoft Limited. Its contents are confidential to the intended recipient(s) at the email address(es) to which it has been addressed. It may not be disclosed to or used by anyone other than the addressee(s), nor may it be copied in anyway. If received in error, please contact the sender, then delete it from your system. Although this email and attachments are believed to be free of virus, or any other defect which might affect any computer or IT system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by Pinesoft for any loss or damage arising in any way from receipt or use thereof.
Pinesoft Limited are registered in England, Registered number: 2914825. Registered office: 266-268 High Street, Waltham Cross, Herts, EN8 7EA
Hi!
Since the Cryptography Team doesn't exists anymore, the Cryptography package is not maintained by anyone. The SSL implementation doesn't allow easy debugging, you can't just turn on logging to see what's happening. Following the state machine transitions should give you the answer why the handshake isn't succeding. It might be related to certificates or TLS->SSL3 fallback. If I were you, I would go with curl. There are two ways to use curl for your stuff: 1. Modify CurlPlugin. Since the current version of CurlPlugin doesn't give you access to the http headers, you have to add this feature to the plugin and the api code. 2. The easier way is to use OSProcess and call the curl command line utility directly. With the -H command line switch you can add or modify http headers. This should work with linux and mac.
Cheers, Levente
On Sun, 22 Feb 2009, Simon Kirk wrote:
Hi all.
This list has been quiet for ages, but I hope that we can get some kind of response here as there's been nothing on Squeak-Dev.
Please see the forwarded message below. It's part of a two-message thread, there are two parties (my company, and pierre-edouard.portier@insa-lyon.fr) trying to use SSLSocket, and having no joy.
Please can anybody help? I'm trying to use CurlPlugin as a workaround, but this is for XML-RPC calls, which needs POST requests with a customer content-type. The upshot is that CurlPlugin is unsuitable.
Ultimately, I'm thinking that if SSLSocket doesn't work, I'm going to have to look to Gemstone or something, and that's a totally foreign environment to me!
Cheers, Simon
cryptography@lists.squeakfoundation.org
-
Simon Kirk -
UZONYI Levente