[squeak-dev] SSL/Socket error code interpretation

Robert robert.withers at pm.me
Tue May 19 23:36:22 UTC 2020


Done so. SSLCertificateStore is now X509CertificateStore in the CryptographyX509 package.

DoIt to load latest:

> "Load Cryptography, Tests, ThunkStack, ParrotTalk & SSL"
> Installer ss
>     project: 'Cryptography'; install: 'ProCrypto-1-1-1';
>     project: 'Cryptography'; install: 'ProCryptoTests-1-1-1';
>     project: 'Cryptography'; install: 'SSLLoader'.

DoIt: "Returns a map from subject name collection to Certificate."

> | certMap |
> certMap := Dictionary new.
> X509CertificateStore new rootCerts
>     do: [:e | certMap
>         at: e tbsCertificate subject
>         put: e].
> ^ certMap

K, r

On 5/19/20 2:32 PM, Robert wrote:

> Oh yes, the SSLCertificateStore has zero dependency on SSL and could be moved to ProCrypto
>
> K, r
>
> On 5/19/20 2:29 PM, Robert wrote:
>
>> Hi Tobias,
>>
>> If the CI server could load the following config maps, you can access rootCerts in the SSLCertificateStore, when the CI server is running your tests.
>>
>> NOTE: I would really like to see the Cryptography and ParrotTalk packages in the auto-testing regimen!
>>
>> "Load Cryptography, Tests, ThunkStack, ParrotTalk. & SSL"
>> Installer ss
>>     project: 'Cryptography'; install: 'ProCrypto-1-1-1';
>>     project: 'Cryptography'; install: 'ProCryptoTests-1-1-1';
>>     project: 'Cryptography'; install: 'SSLLoader'.
>>
>> "The loading of the SSL package is what loaded the SSLCertificateStore. Please explore the result and see roiot certificates."
>> SSLCertificateStore new.
>>
>> There are a couple of certs read in, surely one of them would meet your needs.
>>
>> Kindly,
>> Robert
>>
>> On 5/19/20 1:01 PM, Tobias Pape wrote:
>>
>>>> On 19.05.2020, at 01:45, tim Rowledge
>>>> [<tim at rowledge.org>](mailto:tim at rowledge.org)
>>>> wrote:
>>>>
>>>> Follow up info just for the record - my sysadmin was able to correctly (re)install the certificate so we now get an 'A' report from ssllabs.com and the cURL etc checks all work. Thanks for the suggestions!
>>>
>>> Cool!
>>>
>>>> As an aside, Squeak 5.3-19435 running on the 20200429xxxxx ARMv6linux VM still fails the SSL test, but I think we established that the certificate included in the image for testing is a bit out of date?
>>>
>>> It is. But it already was when Andreas poured its contents into the imageā€¦
>>> so it may be on purpose?
>>>
>>> What's the remedy?
>>> A long-term self-singed cert? This is only marginally better to test whether certificate checking works and no better to test whether TLS-encryption works :)
>>>
>>> Best regards
>>>	-Tobias
>>>
>>>>> On 2020-05-12, at 10:34 AM, tim Rowledge
>>>>> [<tim at rowledge.org>](mailto:tim at rowledge.org)
>>>>> wrote:
>>>>>
>>>>> Thank you *very* much to Tobias and Levente for explaining this. At least it isn't just something I screwed up, so that makes me feel a bit less stupid. The connection has been working ok until recently though, which I suspect means somebody has been Fiddling With The Server. Hands may get slapped.
>>>>>
>>>>> I thought I knew more about these certificate things than I ever wanted; now I know I know nothing. Which is *still* more than I ever wanted :-)
>>>>>
>>>>> tim
>>>>> --
>>>>> tim Rowledge;
>>>>> tim at rowledge.org
>>>>> ;
>>>>> http://www.rowledge.org/tim
>>>>> Useful random insult:- Can easily be confused with facts.
>>>>
>>>> tim
>>
>> --
>> Kindly,
>> Robert
>
> --
> Kindly,
> Robert

--
Kindly,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20200519/a42dd1d1/attachment.html>


More information about the Squeak-dev mailing list