<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2018-04-04 13:49 GMT+02:00 Tobias Pape <span dir="ltr"><<a href="mailto:Das.Linux@gmx.de" target="_blank">Das.Linux@gmx.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Hi All,<br>
<div><div class="gmail-h5"><br>
> On 04.04.2018, at 11:50, Nicolas Cellier <<a href="mailto:nicolas.cellier.aka.nice@gmail.com">nicolas.cellier.aka.nice@<wbr>gmail.com</a>> wrote:<br>
><br>
><br>
><br>
> 2018-04-04 11:05 GMT+02:00 Tobias Pape <<a href="mailto:Das.Linux@gmx.de">Das.Linux@gmx.de</a>>:<br>
><br>
> Hi Cyril<br>
><br>
><br>
> > On 03.04.2018, at 15:26, Cyril Ferlicot D <<a href="mailto:cyril@ferlicot.me">cyril@ferlicot.me</a>> wrote:<br>
> ><br>
> > Hi Tobias,<br>
> ><br>
> > I have a problem with SSL and Winodws 7, I think it might be a VM plugin<br>
> > problem (excuse me if we find at the end that it is not) and I heard<br>
> > you're the one maintaining the SSL plugin.<br>
> ><br>
> > If I execute this code:<br>
> ><br>
> > ZnClient new url: '<a href="https://google.com" rel="noreferrer" target="_blank">https://google.com</a>'; get.<br>
> ><br>
> > I get a result.<br>
> ><br>
> > If I execute this code:<br>
> ><br>
> > ZnClient new url: '<a href="https://github.com" rel="noreferrer" target="_blank">https://github.com</a>'; get.<br>
> ><br>
> > I get this error: Error: SSL Exception: connect failed [code:-5]<br>
> ><br>
> > I tried with both stable and latest vm. (The stable is from august 2017<br>
> > I think)<br>
> ><br>
> > I sent a mail on the Pharo dev ML and we are at least two having this<br>
> > problem with Windows 7 when it's working with Windows 10.<br>
> ><br>
> > Let me know if you need any more details on this issue.<br>
> ><br>
> > I opened on issue:<br>
> > <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/236" rel="noreferrer" target="_blank">https://github.com/<wbr>OpenSmalltalk/opensmalltalk-<wbr>vm/issues/236</a><br>
> ><br>
><br>
> Can you please change ZdcSecureSocket>>sslSession to<br>
><br>
> sslSession<br>
> ^ sslSession ifNil: [<br>
> sslSession := self sslSessionClass new<br>
> enableLogging;<br>
> yourself].<br>
><br>
><br>
> And please paste what appears on stdout?<br>
><br>
> (you may have to execute the vm from the commandline).<br>
><br>
> Best regards<br>
> -Tobias<br>
><br>
><br>
> I confirm, same behavior as Cyril on windows 7 with latest bintray VM pharo.cog.spur_win32x86_<wbr>201804032021.zip<br>
><br>
> logging output:<br>
<br>
</div></div>This is very strange.<br>
<span class="gmail-"><br>
><br>
> >PharoConsole.exe Pharo7.0-32bit-b6db964.image<br>
> sqSetStringPropertySSL(1): (null)<br>
> sqSetStringPropertySSL(2): <a href="http://github.com" rel="noreferrer" target="_blank">github.com</a><br>
> sqConnectSSL: input token 0 bytes<br>
> sqConnectSSL: Input to InitSecCtxt is 0 bytes<br>
> AquireCredentialsHandle returned: 0<br>
> InitializeSecurityContext returned: 90312<br>
> Input Buffers:<br>
> buf[0]: 2 (0 bytes) ptr=0<br>
> buf[1]: 0 (0 bytes) ptr=0<br>
> buf[2]: 0 (0 bytes) ptr=0<br>
> buf[3]: 0 (0 bytes) ptr=0<br>
> Output Buffers:<br>
> buf[0]: 2 (122 bytes) ptr=596140<br>
> buf[1]: 0 (0 bytes) ptr=0<br>
> sqCopyDescToken:<br>
> type=2, size=122<br>
> type=0, size=0<br>
> sqConnectSSL: input token 7 bytes<br>
<br>
</span>This looks very short.<br>
It means that 122 bytes for the security token are passed on to the image, and then 7 token bytes are re-used and sent from the image to the plugn.<br>
<br>
Compare to Squeak 6, same bintray (means IDENTICAL plugin)<br>
<br>
=-=-=-=<br>
<span class="gmail-">sqSetStringPropertySSL(2): <a href="http://github.com" rel="noreferrer" target="_blank">github.com</a><br>
sqConnectSSL: input token 0 bytes<br>
sqConnectSSL: Input to InitSecCtxt is 0 bytes<br>
AquireCredentialsHandle returned: 0<br>
InitializeSecurityContext returned: 90312<br>
Input Buffers:<br>
buf[0]: 2 (0 bytes) ptr=0<br>
buf[1]: 0 (0 bytes) ptr=0<br>
buf[2]: 0 (0 bytes) ptr=0<br>
buf[3]: 0 (0 bytes) ptr=0<br>
Output Buffers:<br>
</span> buf[0]: 2 (178 bytes) ptr=16d3c78<br>
<span class="gmail-"> buf[1]: 0 (0 bytes) ptr=0<br>
sqCopyDescToken:<br>
</span> type=2, size=178<br>
type=0, size=0<br>
sqConnectSSL: input token 3594 bytes<br>
sqConnectSSL: Input to InitSecCtxt is 3594 bytes<br>
<span class="gmail-">InitializeSecurityContext returned: 90312<br>
Input Buffers:<br>
</span> buf[0]: 2 (3594 bytes) ptr=17dbf48<br>
<span class="gmail-"> buf[1]: 0 (0 bytes) ptr=0<br>
buf[2]: 0 (0 bytes) ptr=0<br>
buf[3]: 0 (0 bytes) ptr=0<br>
Output Buffers:<br>
</span> buf[0]: 2 (166 bytes) ptr=1706dd0<br>
<span class="gmail-"> buf[1]: 0 (0 bytes) ptr=0<br>
sqCopyDescToken:<br>
</span> type=2, size=166<br>
type=0, size=0<br>
sqConnectSSL: input token 91 bytes<br>
sqConnectSSL: Input to InitSecCtxt is 91 bytes<br>
InitializeSecurityContext returned: 0<br>
Input Buffers:<br>
buf[0]: 2 (91 bytes) ptr=17dbf48<br>
<span class="gmail-"> buf[1]: 0 (0 bytes) ptr=0<br>
buf[2]: 0 (0 bytes) ptr=0<br>
buf[3]: 0 (0 bytes) ptr=0<br>
Output Buffers:<br>
buf[0]: 2 (0 bytes) ptr=0<br>
buf[1]: 0 (0 bytes) ptr=0<br>
</span>sqConnectSSL: Maximum message size is 16384 bytes<br>
sqExtractPeerName: Peer name is <a href="http://github.com" rel="noreferrer" target="_blank">github.com</a><br>
sqEncryptSSL: Encrypting 139 bytes<br>
=-=-=-=<br>
<br>
Here, 178 bytes of token are copied to the image, and the image (SqueakSSL) continues with ca 4k of data (which includes the token)<br>
<br>
Maybe there's a fault in the Zodiac code?<br>
<span class="gmail-"><br>
> sqConnectSSL: Input to InitSecCtxt is 7 bytes<br>
> InitializeSecurityContext returned: 80090302<br>
<br>
</span>This means (According to <a href="https://msdn.microsoft.com/en-us/library/dd721886" rel="noreferrer" target="_blank">https://msdn.microsoft.com/en-<wbr>us/library/dd721886</a>)<br>
<br>
SEC_E_UNSUPPORTED_FUNCTION (aka TLS1_ALERT_PROTOCOL_VERSION 0x70).<br>
<br>
This in turn means (according to <a href="https://stackoverflow.com/a/5727375/1197440" rel="noreferrer" target="_blank">https://stackoverflow.com/a/<wbr>5727375/1197440</a> )<br>
unrecognized_name (the answerer there says: "The unrecognized_name indicates that the server name you sent in the client hello does not match a name known to the server").<br>
<br>
And that the server does no know what name you want.<br>
<br>
Are you really connecting to <a href="http://github.com" rel="noreferrer" target="_blank">github.com</a>?<br>
<br>
Two things here:<br>
(a) yes, the plugin could give meaningful error messages. This has, unfortunately, to wait.<br>
(b) It seems that the image side (in case of Pharo, probably Zodiac) does not complete the handshake correctly, as it seems to work for SqueakSSL (image side)<br>
<br>
Best regards<br>
<span class="gmail-HOEnZb"><font color="#888888"> -Tobias<br>
</font></span><div class="gmail-HOEnZb"><div class="gmail-h5"><br>
<br>
> Input Buffers:<br>
> buf[0]: 2 (7 bytes) ptr=14b8fe0<br>
> buf[1]: 0 (0 bytes) ptr=0<br>
> buf[2]: 0 (0 bytes) ptr=0<br>
> buf[3]: 0 (0 bytes) ptr=0<br>
> Output Buffers:<br>
> buf[0]: 2 (0 bytes) ptr=0<br>
> buf[1]: 0 (0 bytes) ptr=0<br>
> Unexpected return code 2148074242<br>
><br>
<br>
</div></div></blockquote></div><br><br></div><div class="gmail_extra">Hi Tobias,<br></div><div class="gmail_extra">On windows 7, I have the same behaviour as Pharo with a Squeak Trunk image <br><br></div><div class="gmail_extra"> "this one works:"<br></div><div class="gmail_extra"> WebClient httpGet: '<a href="https://google.com">https://google.com</a>'. <br><br></div><div class="gmail_extra"> "this one not, error SSL connect failed with code: -5"<br></div><div class="gmail_extra"><span class="gmail-im"> WebClient httpGet: '<a href="https://github.com">https://github.com</a>'.<br><br></span></div><div class="gmail_extra"><span class="gmail-im">Launching the image both with latest squeak.cog.spur and pharo.cog.spur VM lead to same symptoms...<br></span></div><div class="gmail_extra"><span class="gmail-im">The fact that there is a different behavior depending on the OS (other reported that it works in windows 10) does not militate for a Zodiac problem.<br></span></div><div class="gmail_extra"><br><br></div></div>