<html><head></head><body>
<p>Done so. SSLCertificateStore is now X509CertificateStore in the
CryptographyX509 package. <br/>
</p>
<p>DoIt to load latest:</p>
<blockquote>
<p>"Load Cryptography, Tests, ThunkStack, ParrotTalk & SSL"<br/>
Installer ss<br/>
project: 'Cryptography'; install: 'ProCrypto-1-1-1';<br/>
project: 'Cryptography'; install: 'ProCryptoTests-1-1-1';<br/>
project: 'Cryptography'; install: 'SSLLoader'.</p>
</blockquote>
<p>DoIt: "Returns a map from subject name collection to
Certificate."<br/>
</p>
<blockquote>| certMap |<br/>
certMap := Dictionary new.<br/>
X509CertificateStore new rootCerts<br/>
do: [:e | certMap <br/>
at: e tbsCertificate subject<br/>
put: e].<br/>
^ certMap</blockquote>
<p>K, r<br/>
</p>
<div class="moz-cite-prefix">On 5/19/20 2:32 PM, Robert wrote:<br/>
</div>
<blockquote type="cite" cite="mid:c5858754-ef10-65bc-6f49-56293a2653fd@pm.me">
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
<p>Oh yes, the SSLCertificateStore has zero dependency on SSL and
could be moved to ProCrypto</p>
<p>K, r<br/>
</p>
<div class="moz-cite-prefix">On 5/19/20 2:29 PM, Robert wrote:<br/>
</div>
<blockquote type="cite" cite="mid:d86f05d5-826c-ede3-1f93-8a45dd10e7af@pm.me">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8"/>
<p>Hi Tobias,</p>
<p>If the CI server could load the following config maps, you
can access rootCerts in the SSLCertificateStore, when the CI
server is running your tests. <br/>
</p>
<p><b>NOTE: </b>I would really like to see the Cryptography and
ParrotTalk packages in the auto-testing regimen!<br/>
</p>
<p>"Load Cryptography, Tests, ThunkStack, ParrotTalk. & SSL"<br/>
Installer ss<br/>
project: 'Cryptography'; install: 'ProCrypto-1-1-1';<br/>
project: 'Cryptography'; install: 'ProCryptoTests-1-1-1';<br/>
project: 'Cryptography'; install: 'SSLLoader'.<br/>
</p>
<p>"The loading of the SSL package is what loaded the
SSLCertificateStore. Please explore the result and see roiot
certificates."<br/>
SSLCertificateStore new.</p>
<p>There are a couple of certs read in, surely one of them would
meet your needs.</p>
<p>Kindly,<br/>
Robert<br/>
</p>
<div class="moz-cite-prefix">On 5/19/20 1:01 PM, Tobias Pape
wrote:<br/>
</div>
<blockquote type="cite" cite="mid:5AAA0191-C057-4E06-89BE-09545F85308B@gmx.de">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On 19.05.2020, at 01:45, tim Rowledge <a class="moz-txt-link-rfc2396E" href="mailto:tim@rowledge.org" moz-do-not-send="true"><tim@rowledge.org></a> wrote:
Follow up info just for the record - my sysadmin was able to correctly (re)install the certificate so we now get an 'A' report from ssllabs.com and the cURL etc checks all work. Thanks for the suggestions!
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Cool!
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">As an aside, Squeak 5.3-19435 running on the 20200429xxxxx ARMv6linux VM still fails the SSL test, but I think we established that the certificate included in the image for testing is a bit out of date?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">It is. But it already was when Andreas poured its contents into the image…
so it may be on purpose?
What's the remedy?
A long-term self-singed cert? This is only marginally better to test whether certificate checking works and no better to test whether TLS-encryption works :)
Best regards
-Tobias
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On 2020-05-12, at 10:34 AM, tim Rowledge <a class="moz-txt-link-rfc2396E" href="mailto:tim@rowledge.org" moz-do-not-send="true"><tim@rowledge.org></a> wrote:
Thank you *very* much to Tobias and Levente for explaining this. At least it isn't just something I screwed up, so that makes me feel a bit less stupid. The connection has been working ok until recently though, which I suspect means somebody has been Fiddling With The Server. Hands may get slapped.
I thought I knew more about these certificate things than I ever wanted; now I know I know nothing. Which is *still* more than I ever wanted :-)
tim
--
tim Rowledge; <a class="moz-txt-link-abbreviated" href="mailto:tim@rowledge.org" moz-do-not-send="true">tim@rowledge.org</a>; <a class="moz-txt-link-freetext" href="http://www.rowledge.org/tim" moz-do-not-send="true">http://www.rowledge.org/tim</a>
Useful random insult:- Can easily be confused with facts.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">tim
</pre>
</blockquote>
</blockquote>
<pre class="moz-signature" cols="72">--
Kindly,
Robert</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Kindly,
Robert</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Kindly,
Robert</pre>
</body></html>