Hi All,
now that we're on github would those who build the SSLPlugin be willing to fold in their build to the standard VM builds so that SSLPlugin is built alongside the others?
_,,,^..^,,,_ best, Eliot
On 24.06.2016, at 22:15, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
now that we're on github would those who build the SSLPlugin be willing to fold in their build to the standard VM builds so that SSLPlugin is built alongside the others?
On principle, yes. It's hairy, still (see other mail)
Best -Tobias
Hi Tobias,
On Fri, Jun 24, 2016 at 1:48 PM, Tobias Pape Das.Linux@gmx.de wrote:
On 24.06.2016, at 22:15, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
now that we're on github would those who build the SSLPlugin be
willing to fold in their build to the standard VM builds so that SSLPlugin is built alongside the others?
On principle, yes. It's hairy, still (see other mail)
got a link? Why is it hairy? Isn't it just a matter of updating HowToBuild with instructions, and then updating makefiles etc to build the same way that SSLPlugin is built? If it's in the other mail, just post a link to the mail. It passed me by and I don't see it.
thx!!
P.S. Loving the amount of energy and activity in our communities right now. Lovely!! _,,,^..^,,,_ best, Eliot
Hi Eliot,
On 24.06.2016, at 23:24, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi Tobias,
On Fri, Jun 24, 2016 at 1:48 PM, Tobias Pape Das.Linux@gmx.de wrote:
On 24.06.2016, at 22:15, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
now that we're on github would those who build the SSLPlugin be willing to fold in their build to the standard VM builds so that SSLPlugin is built alongside the others?
On principle, yes. It's hairy, still (see other mail)
got a link?
http://forum.world.st/Fetch-zip-file-from-web-unzip-save-constituent-parts-t...
Why is it hairy?
I statically link libressl to evade the different so-names of centos vs debian.
Isn't it just a matter of updating HowToBuild with instructions, and then updating makefiles etc to build the same way that SSLPlugin is built? If it's in the other mail, just post a link to the mail. It passed me by and I don't see it.
The problem here is pulling in the Dependency for Linux, LibreSSL.
[tl;dr: I'm still trying to re-write some parts of SqueakSSL]
What's more, I am dissatisfied with "vanilla" openssl as the api to tackle.
This is the code Levente wrote to extract the subjectAlternateName(s) (SAN) from the certificate sent by the server on connect:
https://github.com/squeak-smalltalk/squeakssl/pull/3/files#diff-9e4c3c0adfa4...
, in order to verify it. This code is correct and Levente as always did a good job here. But I liked it more he did not have to write it in the first place.
You know what the way of SChannel(win) and SecureTransport(macOS) is? Pass the server name on connect to the Lib. It then handles SAN and SNI. That's how it has to be, because we do not know enough about crypto to get it right.
So My plan for the Unix plugin is to go with the libtls api of LibreSSL, which wraps the OpenSSL-API behind quite foolproof. You do SAN and SNI by passing the server-name on connect. Sounds familiar? Right :D.
Only problem: Squeak has Socket and SqueakSSL nicely-decoupled, so there's no way to just pass the socket or some fd from one to the other, and libtls is not yet fit for that.
Hence I want to contribute to LibreSSL/libtls a way to do a conntect with r/w-callbacks, which should fit our architecture
[/end]
Other than that, stuff is in https://github.com/squeak-smalltalk/squeakssl and should actually match the tree in opensmalltalk-vm.
Best and thanks for listening -Tobias [Writing C again X-O ]
thx!!
P.S. Loving the amount of energy and activity in our communities right now. Lovely!! _,,,^..^,,,_ best, Eliot
Hi
On 24.06.2016, at 23:46, Tobias Pape Das.Linux@gmx.de wrote:
Hi Eliot,
[…snip…]
Other than that, stuff is in https://github.com/squeak-smalltalk/squeakssl and should actually match the tree in opensmalltalk-vm.
_except_ that I then used the interpreter tree with Ian's cmake infrastructure for unix, hence the config.cmake, which makes sure openssl is somehow there. The one I used for building the static one is admittedly slightly different, but I lost interest when I tried to integrate into the autoconf-based process, hence the libressl setup is not in that file. Best -Tobias
Best and thanks for listening -Tobias [Writing C again X-O ]
thx!!
P.S. Loving the amount of energy and activity in our communities right now. Lovely!! _,,,^..^,,,_ best, Eliot
vm-dev@lists.squeakfoundation.org