[Vm-dev] Re: [squeak-dev] SqueakSSL + SAN certificates
leves at elte.hu
Tue Jun 2 03:56:46 UTC 2015
There's a debate about how SAN certificates - and server name
verification in general - should be handled.
I tend to agree with Tobias on verifying the server name in the plugin,
but getting there will require further efforts - especially on the unix
While this version solves a particular case, and is backwards compatible
on the image side, I think we should look for a better, more general
On Mon, 1 Jun 2015, David T. Lewis wrote:
> Hi Levente,
> Regarding your VM changes for SqueakSSL, shall I commit these to the SVN
> trunk repository? Ian delegated access to platforms/unix so that I can do
> that for you if you like.
> We have several Mantis entries to track your SqueakSSL work:
> http://bugs.squeak.org/view.php?id=7751 (Add SSL plugin)
> http://bugs.squeak.org/view.php?id=7793 (Memory leak in the SqueakSSL plugin on unix)
> http://bugs.squeak.org/view.php?id=7824 (Add TLS SNI Server Name Indication support to SqueakSSL plugin)
> Your latest version http://leves.web.elte.hu/squeak/SqueakSSL/ adds
> the SAN certificates support, so I think we should commit your latest
> version and close the Mantis issues.
> If you agree I will update the SVN files.
> p.s. There are still issues in SqueakSSL when sizeof(sqInt) is 8
> (64 bit images) but that is a separate discussion.
> On Tue, May 26, 2015 at 11:55:42PM +0200, Levente Uzonyi wrote:
>> Hi All,
>> I've implemented support for reading the domain names from the
>> certificate's SAN extension in SqueakSSL.
>> The image side code is in the Inbox. It is backwards compatible --
>> everything works as before without the VM changes.
>> I've also uploaded the modified files for the unix platform, and a
>> diff (which somehow doesn't include the changes of the .h file).
>> The VM support code for other platforms are to be done.
>> These changes fix the failing SqueakSSL test in the Trunk, so I suggest
>> including the .mcz file in the 4.6 release.
>>  https://en.wikipedia.org/wiki/SubjectAltName
>>  http://leves.web.elte.hu/squeak/SqueakSSL/SqueakSSL.h
>>  http://leves.web.elte.hu/squeak/SqueakSSL/sqUnixOpenSSL.c
>>  http://leves.web.elte.hu/squeak/SqueakSSL/diff.txt
More information about the Vm-dev