[Vm-dev] SSL error on windows 7

Tobias Pape Das.Linux at gmx.de
Wed Apr 4 11:49:43 UTC 2018 

Hi All,

> On 04.04.2018, at 11:50, Nicolas Cellier <nicolas.cellier.aka.nice at gmail.com> wrote:
> 
> 
> 
> 2018-04-04 11:05 GMT+02:00 Tobias Pape <Das.Linux at gmx.de>:
> 
> Hi Cyril
> 
> 
> > On 03.04.2018, at 15:26, Cyril Ferlicot D <cyril at ferlicot.me> wrote:
> >
> > Hi Tobias,
> >
> > I have a problem with SSL and Winodws 7, I think it might be a VM plugin
> > problem (excuse me if we find at the end that it is not) and I heard
> > you're the one maintaining the SSL plugin.
> >
> > If I execute this code:
> >
> > ZnClient new url: 'https://google.com'; get.
> >
> > I get a result.
> >
> > If I execute this code:
> >
> > ZnClient new url: 'https://github.com'; get.
> >
> > I get this error: Error: SSL Exception: connect failed [code:-5]
> >
> > I tried with both stable and latest vm. (The stable is from august 2017
> > I think)
> >
> > I sent a mail on the Pharo dev ML and we are at least two having this
> > problem with Windows 7 when it's working with Windows 10.
> >
> > Let me know if you need any more details on this issue.
> >
> > I opened on issue:
> > https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/236
> >
> 
> Can you please change ZdcSecureSocket>>sslSession to
> 
> sslSession
>         ^ sslSession ifNil: [
>                 sslSession := self sslSessionClass new
>                         enableLogging;
>                         yourself].
> 
> 
> And please paste what appears on stdout?
> 
> (you may have to execute the vm from the commandline).
> 
> Best regards
>         -Tobias
> 
> 
> I confirm, same behavior as Cyril on windows 7 with latest bintray VM pharo.cog.spur_win32x86_201804032021.zip
> 
> logging output:

This is very strange.

> 
> >PharoConsole.exe Pharo7.0-32bit-b6db964.image
> sqSetStringPropertySSL(1): (null)
> sqSetStringPropertySSL(2): github.com
> sqConnectSSL: input token 0 bytes
> sqConnectSSL: Input to InitSecCtxt is 0 bytes
> AquireCredentialsHandle returned: 0
> InitializeSecurityContext returned: 90312
> Input Buffers:
>         buf[0]: 2 (0 bytes) ptr=0
>         buf[1]: 0 (0 bytes) ptr=0
>         buf[2]: 0 (0 bytes) ptr=0
>         buf[3]: 0 (0 bytes) ptr=0
> Output Buffers:
>         buf[0]: 2 (122 bytes) ptr=596140
>         buf[1]: 0 (0 bytes) ptr=0
> sqCopyDescToken:
>          type=2, size=122
>          type=0, size=0
> sqConnectSSL: input token 7 bytes

This looks very short. 
It means that 122 bytes for the security token are passed on to the image, and then 7 token bytes are re-used and sent from the image to the plugn.

Compare to Squeak 6, same bintray (means IDENTICAL plugin)

=-=-=-=
sqSetStringPropertySSL(2): github.com
sqConnectSSL: input token 0 bytes
sqConnectSSL: Input to InitSecCtxt is 0 bytes
AquireCredentialsHandle returned: 0
InitializeSecurityContext returned: 90312
Input Buffers:
        buf[0]: 2 (0 bytes) ptr=0
        buf[1]: 0 (0 bytes) ptr=0
        buf[2]: 0 (0 bytes) ptr=0
        buf[3]: 0 (0 bytes) ptr=0
Output Buffers:
        buf[0]: 2 (178 bytes) ptr=16d3c78
        buf[1]: 0 (0 bytes) ptr=0
sqCopyDescToken:
         type=2, size=178
         type=0, size=0
sqConnectSSL: input token 3594 bytes
sqConnectSSL: Input to InitSecCtxt is 3594 bytes
InitializeSecurityContext returned: 90312
Input Buffers:
        buf[0]: 2 (3594 bytes) ptr=17dbf48
        buf[1]: 0 (0 bytes) ptr=0
        buf[2]: 0 (0 bytes) ptr=0
        buf[3]: 0 (0 bytes) ptr=0
Output Buffers:
        buf[0]: 2 (166 bytes) ptr=1706dd0
        buf[1]: 0 (0 bytes) ptr=0
sqCopyDescToken:
         type=2, size=166
         type=0, size=0
sqConnectSSL: input token 91 bytes
sqConnectSSL: Input to InitSecCtxt is 91 bytes
InitializeSecurityContext returned: 0
Input Buffers:
        buf[0]: 2 (91 bytes) ptr=17dbf48
        buf[1]: 0 (0 bytes) ptr=0
        buf[2]: 0 (0 bytes) ptr=0
        buf[3]: 0 (0 bytes) ptr=0
Output Buffers:
        buf[0]: 2 (0 bytes) ptr=0
        buf[1]: 0 (0 bytes) ptr=0
sqConnectSSL: Maximum message size is 16384 bytes
sqExtractPeerName: Peer name is github.com
sqEncryptSSL: Encrypting 139 bytes
=-=-=-=

Here, 178 bytes of token are copied to the image, and the image (SqueakSSL) continues with ca 4k of data (which includes the token)

Maybe there's a fault in the Zodiac code?

> sqConnectSSL: Input to InitSecCtxt is 7 bytes
> InitializeSecurityContext returned: 80090302

This means (According to https://msdn.microsoft.com/en-us/library/dd721886)

SEC_E_UNSUPPORTED_FUNCTION (aka TLS1_ALERT_PROTOCOL_VERSION 0x70).

This in turn means (according to https://stackoverflow.com/a/5727375/1197440 )
	unrecognized_name (the answerer there says: "The unrecognized_name indicates that the server name you sent in the client hello does not match a name known to the server").

And that the server does no know what name you want.

Are you really connecting to github.com? 

Two things here:
 (a) yes, the plugin could give meaningful error messages. This has, unfortunately, to wait.
 (b) It seems that the image side (in case of Pharo, probably Zodiac) does not complete the handshake correctly, as it seems to work for SqueakSSL (image side)

Best regards
	-Tobias


> Input Buffers:
>         buf[0]: 2 (7 bytes) ptr=14b8fe0
>         buf[1]: 0 (0 bytes) ptr=0
>         buf[2]: 0 (0 bytes) ptr=0
>         buf[3]: 0 (0 bytes) ptr=0
> Output Buffers:
>         buf[0]: 2 (0 bytes) ptr=0
>         buf[1]: 0 (0 bytes) ptr=0
> Unexpected return code 2148074242
>

More information about the Vm-dev mailing list