[squeak-dev] SSL/Socket error code interpretation

Ron Teitelbaum ron at usmedrec.com
Tue May 12 02:45:06 UTC 2020 

Hi Tim,

This worked for me

WebClient new httpGet: 'https://sagetea.ai/'

and I checked it with this and it worked also:

 | hostName address socket |
hostName := 'sagetea.ai'.
address := NetNameResolver addressForName: hostName.
socket := SecureSocket newTCP.
socket connectTo: address port: 443.
socket waitForConnectionFor: 10.
socket sslConnect.
socket certState = 0
ifFalse: [self error: 'woop woop wo woooo no good'].
(socket peerName match: hostName)
ifFalse: [self error: 'whoah nellie we connected to the wrong cert!'].
^ socket destroy

The connection looks fine.  I'm using an older version of SqueakSSL.  And
I'm on windows.

I think the cert is fine.

All the best,

Ron


On Mon, May 11, 2020 at 9:48 PM tim Rowledge <tim at rowledge.org> wrote:

> I'm trying to make an https connection to a site and it isn't a happy
> thing.
>
> After digging further into the SSL plugin than I ever wanted  I found the
> logLevel setting and set it to 1 in SecureSocketStream>>#sslConnectTo: and
> got some plausibly useful info out of it.
> The key item seems to be
> sqConnectSSL: SSL_get_verify_result = 20
> and if I've interpreted the code in
> ~opensmalltalk-vm/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.inc and
> opensmalltalk-vm/platforms/Cross/plugins/SqueakSSL/SqueakSSL.h properly
> then an error code of 20 means SQSSL_INVALID_CN and SQSSL_CERT_EXPIRED.
>
> Can anyone reassure me or correct me on that?
>
> The problem is that according to the SSL code in *VW* the certificate I
> get has this info -
> Validity
>         Not Before: Nov 15 00:00:00 2018 GMT
>         Not After: Nov 14 23:59:59 2020 GMT
> Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=sagetea.ai
>
> ... which looks in-date to me and a fairly reasonable CN.
>
> Aaaargh!
>
> tim
> --
> tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
> Strange OpCodes: FR: Flip Record
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20200511/532d0290/attachment.html>

More information about the Squeak-dev mailing list