[squeak-dev] RE: SSL

Sun May 12 01:34:22 UTC 2013

Hey Frank,

I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't require a cert so this should just work.

| address socket |
	address := NetNameResolver addressForName: 'github.com'.
	socket := SecureSocket newTCP.
	socket connectTo: address port: 443.
	socket waitForConnectionFor: 10.
	socket sslConnect.
	socket certState = 0 ifFalse:[
		self error: 'The certificate is invalid (code: ', socket certState,')'.
	].
	socket sendData:
		'GET / HTTP/1.0', String crlf,
		'Host: github.com', String crlf,
		'Connection: close', String crlf,
		String crlf.

	^socket receiveData

At what point do you get an error?

All the best,

Ron Teitelbaum
Head Of Engineering
3d Immersive Collaboration Consulting
ron at 3dicc.com
Follow Me On Twitter: @RonTeitelbaum
www.3dicc.com 

> -----Original Message-----
> From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev-
> bounces at lists.squeakfoundation.org] On Behalf Of Frank Shearar
> Sent: Saturday, May 11, 2013 6:39 PM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
> 
> On 11 May 2013 23:24, Frank Shearar <frank.shearar at gmail.com> wrote:
> > Yes, I'd thought of that :) One thing that's weird, and probably
> > pretty important info, is that the SqueakSSL unit tests _pass_. It's
> > when I, say, try connect to https://github.com/, that things break in
> > SqueakSSL >> #primitiveSSLCreate.
> >
> > I've been digging with strace. The SSL_connect thing happens on Cog
> > because of something funny with the plugin's file, SqueakSSL. On an
> > Interpreter VM, I get an error in SecureSocketStream >>
> > #receiveDataInto:startingAt: - "SSL error, code: -5".
> 
> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read
> isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a
> clean shutdown).
> 
> frank
> 
> > So continuing my explorations with the Interpreter, I do actually get
> > a WebResponse back from github, looking like this:
> >
> > WebResponse(HTTP/1.1 200 OK
> > connection: close
> > transfer-encoding: chunked
> > content-type: application/zip
> > content-disposition: attachment;
> > filename=frankshearar-Control-e705021.zip
> > date: Sat, 11 May 2013 22:19:00 GMT
> > )
> >
> > but the download breaks in the above-mentioned method.
> >
> > frank
> >
> >
> > On 11 May 2013 20:43, Ron Teitelbaum <ron at usmedrec.com> wrote:
> >> Hey Frank,
> >>
> >> You must also have OpenSSL installed, but if this was working previously then
> I expect that you have it installed.
> >>
> >> All the best,
> >>
> >> Ron
> >>
> >>> -----Original Message-----
> >>> From: squeak-dev-bounces at lists.squeakfoundation.org
> >>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf Of
> >>> Frank Shearar
> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >>> To: The general-purpose Squeak developers list
> >>> Subject: Re: [squeak-dev] RE: SSL
> >>>
> >>> The build.squeak.org tests run on a CentOS box. They also fail on my
> >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work
> >>> just fine, on Cog.r2714, and then one day stopped working. That does
> >>> sound like possible cert expiration. The main trouble I have is that
> >>> my debugging info is usually just "primitive failed", without any clue as to
> _why_.
> >>>
> >>> I'll try run some things just now and report back.
> >>>
> >>> frank
> >>>
> >>> On 11 May 2013 18:24, Ron Teitelbaum <ron at usmedrec.com> wrote:
> >>> > Hello,
> >>> >
> >>> >
> >>> >
> >>> > The problem is the certificate.  What os is this running on?
> >>> >
> >>> >
> >>> >
> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >>> >
> >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
> >>> > lib:ssl_rsa.c:491:
> >>> >
> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >>> >
> >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> >>> > lib:ssl_rsa.c:669:
> >>> >
> >>> >
> >>> >
> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
> >>> > I'm thinking that the cert may be expired.
> >>> >
> >>> >
> >>> >
> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
> >>> > fix this you should create a sample cert for windows and then
> >>> > point the test case to that cert, or replace the hardcoded cert.
> >>> >
> >>> >
> >>> >
> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
> >>> > existing SSL test code and it worked fine.  So it may not be the sample
> cert.
> >>> >
> >>> >
> >>> >
> >>> > Need more info.
> >>> >
> >>> >
> >>> >
> >>> > All the best,
> >>> >
> >>> >
> >>> >
> >>> > Ron Teitelbaum
> >>> >
> >>> > Head Of Engineering
> >>> >
> >>> > 3d Immersive Collaboration Consulting
> >>> >
> >>> > ron at 3dicc.com
> >>> >
> >>> > Follow Me On Twitter: @RonTeitelbaum
> >>> >
> >>> > www.3dicc.com
> >>> >
> >>> > 3d ICC on G+
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >> -----Original Message-----
> >>> >
> >>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
> >>> >> [mailto:squeak-dev-
> >>> >
> >>> >> bounces at lists.squeakfoundation.org] On Behalf Of Patrick Shouse
> >>> >
> >>> >>
> >>> >
> >>> >> Hi, Ron. Here's a link to one
> >>> >
> >>> >>
> >>> >
> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
> >>> >
> >>> >>
> >>> >
> >>> >> You can click on the Console Ouput link on this page to see the details.
> >>> >
> >>> >>
> >>> >
> >>> >>
> >>> >
> >>> >>
> >>> >
> >>> >> --
> >>> >
> >>> >> View this message in context: http://forum.world.st/SSL-
> >>> >
> >>> >> tp4686693p4686815.html
> >>> >
> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >>> >
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>>
> >>
> >>
> >>
> 