[squeak-dev] SqueakSSL questions and problems
Douglas Brebner
kirtai+st at gmail.com
Tue Oct 27 18:31:12 UTC 2020
Hi,
I've been playing around with SqueakSSL in Squeak and Cuis recently and
found that most of the tests fail under Linux. It seems that the root of
the problem is that the example test certificate in
SqueakSSL>>#exampleCertFile is both expired (only valid from 2011->2012)
and also using cyphers no longer supported in TLS 1.3. This breaks the
tests using local connections.
I am nowhere even close to being a crypto expert so I'm asking how
should this be handled?
I believe that the certificate was supposed to be replaced every year
(or longer with longer valid dates) but don't want to do this without
some advice.
Should we just replace the old certificate with a new one with longer
validity or should there be some kind of automatic infrastructure to
generate them as appropriate? Maybe one that can be downloaded?
Another problem I found is that WebClient/SqueakSSL apparently *does not
verify* server certificates on MacOS. I don't know if this is just in
the tests or if it's for all TLS/SSL connection but it should be
clarified and/or fixed.
In addition to this, I found that some of the SqueakSSL tests ping
Google, Facebook and Yahoo urls. Changing these would be nice.
Finally, is SqueakSSL an appropriate name for a *TLS* library used on
both Squeak and Cuis? ;)
Thanks
P.S. Ordinary Squeak client to remote https servers connections work
fine on my linux machine. Wireshark shows TLS 1.3 connections.
More information about the Squeak-dev
mailing list
|