[Cryptography Team] Fwd: [squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...)

Simon Kirk simon at pinesoft.co.uk
Sun Feb 22 22:32:23 UTC 2009 

Hi all.

This list has been quiet for ages, but I hope that we can get some  
kind of response here as there's been nothing on Squeak-Dev.

Please see the forwarded message below. It's part of a two-message  
thread, there are two parties (my company, and pierre-edouard.portier at insa-lyon.fr 
) trying to use SSLSocket, and having no joy.

Please can anybody help? I'm trying to use CurlPlugin as a workaround,  
but this is for XML-RPC calls, which needs POST requests with a  
customer content-type. The upshot is that CurlPlugin is unsuitable.

Ultimately, I'm thinking that if SSLSocket doesn't work, I'm going to  
have to look to Gemstone or something, and that's a totally foreign  
environment to me!

Cheers,
Simon

Begin forwarded message:

> From: Simon Kirk <simon.kirk at pinesoft.co.uk>
> Date: 20 February 2009 15:51:18 GMT
> To: The general-purpose Squeak developers list <squeak-dev at lists.squeakfoundation.org 
> >
> Subject: Re: [squeak-dev] SSLSocket and basic http auth  
> (api.del.icio.us or mail.google.com or ...)
> Reply-To: The general-purpose Squeak developers list <squeak-dev at lists.squeakfoundation.org 
> >
>
> I hate to say it but I'm getting even worse behaviour. For HTTPS  
> sites that don't require HTTP auth at all, they also fail.
>
> For instance:
>
> 'https://www.amazon.com' asUrl retrieveContents content
>
> Printit yields:  'error occured retrieving https://www.amazon.com/:  
> Server www.amazon.com is not responding'
>
> Ditto for lots of other sites, such as Google.
>
> Interestingly, it still works for *some* of the examples from the  
> SSL Workspace provided with the SSL package (https://investing.schwab.com/ 
>  and 'https://www.usaa.com') but not others.
>
> This implies some sort of cipher or protocol the SSL suite doesn't  
> support.
>
> This is pretty bad for us, as we need to do some stuff for a client  
> that involves XML-RPC calls to an SSL server, which I've just  
> discovered doesn't work with the SSL package :(
>
> Cheers,
> Simon
>
>
> On 20 Feb 2009, at 12:57, Pierre-Edouard PORTIER wrote:
>
>> Hi!
>> I try to connect to SSL + Basic HTTP Auth sites, for example : https://mail.google.com 
>>  or https://api.del.icio.us
>> When I try :
>>
>> | conn |
>> conn := SSLSocket newConnectionAddress: (NetNameResolver  
>> addressForName: 'mail.google.com') port: 443
>>
>> I obtain a socket with state: SSLConnectionClosed.
>> With sites that do not require HTTP Basic authentication :
>>
>> | conn |
>> conn := SSLSocket newConnectionAddress: (NetNameResolver  
>> addressForName: 'www.usaa.com') port: 443
>>
>> I obtain a SSLSocket with state: SSLConnectionConnected.
>> But don't we need an open socket in order to send the request with  
>> the authentication data in the header ?
>>
>> In fact, inside the HttpsSocket>>httpsGetDocumentFromUrl: url args:  
>> args accept: mimeType request: requestString we find:
>>
>> sock := HttpsSocket new.
>>         sock connectTo: serverAddr port: connectToPort.
>>         (sock waitForConnectionUntil: (Time millisecondClockValue +  
>> (10000) truncated)) ifTrue: [
>>             sock sendCommand: 'GET ', page, ' HTTP/1.0', String crlf,
>>                 (mimeType ifNotNil: ['ACCEPT: ', mimeType, String  
>> crlf] ifNil: ['']),
>>                 'ACCEPT: text/html', String crlf,    "Always accept  
>> plain text"
>>                 requestString,    "extra user request. Authorization"
>>                 'Host: ', serverName, ':', port printString, String  
>> crlf.
>> etc.etc.
>> with the possibility to put the authentication header inside the  
>> requestString.
>>
>> Has someone any idea how to solve this problem?
>>
>> Thank you.
>>
>> pep
>>
>>
>>
>> Click here to report this email as spam.
>>
>>
>
>
>
>
> ü Consider your responsibility to the environment - think before you  
> print!
>
> *******************************************************************************************************************************************
>
> This email is from Pinesoft Limited. Its contents are confidential  
> to the intended recipient(s) at the email address(es) to which it  
> has been addressed. It may not be disclosed to or used by anyone  
> other than the addressee(s), nor may it be copied in anyway. If  
> received in error, please contact the sender, then delete it from  
> your system. Although this email and attachments are believed to be  
> free of virus, or any other defect which might affect any computer  
> or IT system into which they are received and opened, it is the  
> responsibility of the recipient to ensure that they are virus free  
> and no responsibility is accepted by Pinesoft for any loss or damage  
> arising in any way from receipt or use thereof.
>
> *******************************************************************************************************************************************
>
>
> Pinesoft Limited are registered in England, Registered number:  
> 2914825. Registered office: 266-268 High Street, Waltham Cross,  
> Herts, EN8 7EA
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20090222/f5fc0ee2/attachment.htm

More information about the Cryptography mailing list