[Seaside] Re: Serving HTTPS
Andreas Raab
andreas.raab at gmx.de
Thu Nov 17 20:53:34 UTC 2011
On 11/16/2011 19:35, Sven Van Caekenberghe wrote:
> Although SqueakSSL is usable today, it is not enough.
Let's be specific about what isn't working instead of broadly dismissing
SqueakSSL as "not enough". What's currently missing in the plugin is two
pieces of Mac support: Certificate validation (i.e., given a connection
how does one verify the validity of the incoming cert) and certificate
specification (i.e., given the id of a certificate, how does one extract
it from the user's key chain and installs it on the connection).
However, while this may make SqueakSSL not be useful for some purposes
on the Mac, it certainly doesn't render it useless in general. First of
all, SqueakSSL works on Windows and Linux. Period.
Secondly, even on the Mac, depending on what exactly you're doing it can
still be good enough if you can live without certificate validation.
While I wouldn't do that for a banking app, I would have no hesitations
doing so for the purpose of calling the facebook graph api for
retrieving basic user information. The only thing you can't do at all at
this point is run an SSL server on the Mac.
> The SecureSocketStream implementation (Smalltalk code) is difficult to port to Pharo.
What exactly are you trying to port and why? The code works out of the
box as it is. There is no need to port anything.
> That is why there is Zodiac (http://zdc.stfx.eu). It reuses the current plugin, but uses much cleaner code. And it works well on Pharo.
I don't mind you throwing a plug for your pet project, but claiming that
WebClient and SqueakSSL don't work well on Pharo is simply disingenuous.
Try for yourself:
Gofer new
squeaksource: 'SqueakSSL';
package: 'SqueakSSL-Core;
package: 'SqueakSSL-Tests;
squeaksource: 'WebClient';
package: 'WebClient-Core';
package: 'WebClient-Tests';
package: 'WebClient-Pharo';
load.
Then run the tests via:
SqueakSSLTest buildSuite run.
WebClientServerTest buildSuite run.
Here are the results for various releases:
Version SqueakSSL WebClient
Pharo 1.1 11/11 PASS 56/58 PASS 2 Errors [*1]
Pharo 1.2 11/11 PASS 59/59 PASS
Pharo 1.3 11/11 PASS 59/59 PASS
Squeak 4.1 11/11 PASS 58/58 PASS 1 Expected Failure
Squeak 4.2 11/11 PASS 59/59 PASS
Squeak 4.3 11/11 PASS 59/59 PASS
[*1] Caused by an inconsequential bug in Pharo 1.1.
So again, unless you have specific evidence showing that SqueakSSL
doesn't work on Pharo, I think you shouldn't make general claims like that.
> I think the server side is less important: an Apache HTTPS proxy is a better (stronger/safer/faster) solution.
This should be a matter of choice, not of necessity. Having to
administer Apache, stunnel and whatnot creates many more potential
points of failure and pain.
Cheers,
- Andreas
More information about the seaside
mailing list