Dear fellow Squeakers,
I want to connect to an SMTP server which is secured by using SSL from Squeak, in fact the MobileMe SMTP server.
I thought this might be a good use case for SqueakSSL. I installed it on my Mac. I think it works, see http://lists.squeakfoundation.org/pipermail/squeak-dev/2010-October/154203.h....
I use the following code:
| smtp | smtp := SMTPClient new. smtp user: 'myname'. smtp password: 'mypassword'. [smtp openOnHost: (NetNameResolver addressForName: 'smtp.me.com' timeout: 20) port: 465. smtp mailFrom: 'myname@me.com' to: 'myself@example.com' text: 'Hello from Squeak''s SMTPClient'. smtp quit] ensure: [smtp close].
My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.
I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.
Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:
ensureConnection | sqSSL | self isConnected ifTrue: [^self]. self stream ifNotNil: [self stream close].
self stream: (SecureSocketStream openConnectionToHost: self host port: self port). sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing']. "Convert the stream to a secure stream" self stream: (sqSSL secureSocketStream on: stream socket). "Do the SSL handshake" stream sslConnect. "And cert verification" stream verifyCert: self serverName. self checkResponse. self login
This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.
At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?
Cheers, Bernhard
On 10/5/2010 2:16 PM, Bernhard Pieber wrote:
My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.
Yes.
I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.
Correct.
Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:
ensureConnection | sqSSL | self isConnected ifTrue: [^self]. self stream ifNotNil: [self stream close].
self stream: (SecureSocketStream openConnectionToHost: self host port: self port). sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing']. "Convert the stream to a secure stream" self stream: (sqSSL secureSocketStream on: stream socket). "Do the SSL handshake" stream sslConnect. "And cert verification" stream verifyCert: self serverName. self checkResponse. self login
This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.
At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?
If you get a connection timeout, it means the server isn't listening on the port. There is nothing 'magical' about SSL - it simply does a TCP connect followed by the SSL handshake. If no connection can be established, it means nothing is listening on the other end; almost always because you're using the wrong port.
FWIW, Wikipedia points out that "although some servers support port 465 for legacy secure SMTP in violation of the specifications, it is preferable to use standard ports and standard ESMTP commands[14] according to RFC 3207 if a secure session needs to be used between the client and the server."
RFC 3207 has this nice usage example:
The following dialog illustrates how a client and server can start a TLS session:
S: <waits for connection on TCP port 25> C: <opens connection> S: 220 mail.imc.org SMTP service ready C: EHLO mail.example.com S: 250-mail.imc.org offers a warm hug of welcome S: 250-8BITMIME S: 250-STARTTLS S: 250 DSN C: STARTTLS S: 220 Go ahead C: <starts TLS negotiation> C & S: <negotiate a TLS session> C & S: <check result of negotiation> C: EHLO mail.example.com S: 250-mail.imc.org touches your hand gently for a moment S: 250-8BITMIME S: 250 DSN
Note that the above uses port 25 (and not 465) combined with the STARTTLS command.
Cheers, - Andreas
squeak-dev@lists.squeakfoundation.org