<div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Tim,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">This worked for me</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">WebClient new httpGet: '<a href="https://sagetea.ai/">https://sagetea.ai/</a>'<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">and I checked it with this and it worked also:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"> | hostName address socket |<br> hostName := '<a href="http://sagetea.ai">sagetea.ai</a>'.<br> address := NetNameResolver addressForName: hostName.<br> socket := SecureSocket newTCP.<br> socket connectTo: address port: 443.<br> socket waitForConnectionFor: 10.<br> socket sslConnect.<br> socket certState = 0<br> ifFalse: [self error: 'woop woop wo woooo no good'].<br> (socket peerName match: hostName)<br> ifFalse: [self error: 'whoah nellie we connected to the wrong cert!'].<br> ^ socket destroy<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">The connection looks fine. I'm using an older version of SqueakSSL. And I'm on windows. </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I think the cert is fine.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">All the best,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Ron</div><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 11, 2020 at 9:48 PM tim Rowledge <<a href="mailto:tim@rowledge.org">tim@rowledge.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I'm trying to make an https connection to a site and it isn't a happy thing.<br>
<br>
After digging further into the SSL plugin than I ever wanted I found the logLevel setting and set it to 1 in SecureSocketStream>>#sslConnectTo: and got some plausibly useful info out of it.<br>
The key item seems to be <br>
sqConnectSSL: SSL_get_verify_result = 20<br>
and if I've interpreted the code in ~opensmalltalk-vm/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.inc and opensmalltalk-vm/platforms/Cross/plugins/SqueakSSL/SqueakSSL.h properly then an error code of 20 means SQSSL_INVALID_CN and SQSSL_CERT_EXPIRED. <br>
<br>
Can anyone reassure me or correct me on that?<br>
<br>
The problem is that according to the SSL code in *VW* the certificate I get has this info - <br>
Validity<br>
Not Before: Nov 15 00:00:00 2018 GMT<br>
Not After: Nov 14 23:59:59 2020 GMT<br>
Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=<a href="http://sagetea.ai" rel="noreferrer" target="_blank">sagetea.ai</a><br>
<br>
... which looks in-date to me and a fairly reasonable CN. <br>
<br>
Aaaargh!<br>
<br>
tim<br>
--<br>
tim Rowledge; <a href="mailto:tim@rowledge.org" target="_blank">tim@rowledge.org</a>; <a href="http://www.rowledge.org/tim" rel="noreferrer" target="_blank">http://www.rowledge.org/tim</a><br>
Strange OpCodes: FR: Flip Record<br>
<br>
<br>
<br>
</blockquote></div>