[squeak-dev] Re: WebClient + SqueakSSL = https

Levente Uzonyi leves at elte.hu
Mon Jul 26 14:17:57 UTC 2010 

On Mon, 26 Jul 2010, Levente Uzonyi wrote:

> On Sun, 25 Jul 2010, Andreas Raab wrote:
>
>> On 7/25/2010 7:55 PM, Levente Uzonyi wrote:
>>> It works for me, but I always get 'Invalid certificate' error, even for
>>> google.com. #certState is always 1 (generic error). If I just ignore the
>>> error, everything is fine. Is there a way to debug it?
>>> (Ubuntu 8.04 x86_64 CogVM)
>> 
>> Interesting. I suspect it's something in OpenSSL plugin code. The thing to 
>> try is to to change SecureSocketStream>>sslConnect from:
>>
>> 	squeakSSL := SqueakSSL new.
>> 
>> to the following:
>>
>> 	squeakSSL := SqueakSSL new.
>>
>> 	"Logs extra info stdout"
>> 	squeakSSL logLevel: 1.
>> 
>> You should be getting a bunch of console output as a result which should 
>> prove helpful.
>
> I found a few issues with logging on unix:
> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
>  #primitiveSetStringProperty instead of #primitiveSetIntProperty.
> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
>  returns 0, it should return 1 at the end of the function.
> After fixing these #logLevel: with argument 1 didn't give any output. It 
> works with 2 and 3. It's a bit annoying that the log messages are not flushed 
> (printf is buffered), so one has to generate a few requests to see the result 
> of the first one (I can't flush stdout without FFI or OSProcess).
>
>> 
>> Also, you might try to see whether going directly to encrypted.google.com 
>> makes a difference (the https request to www.google.com is first redirected 
>> to encrypted.google.com and perhaps the problem is somewhere in the 
>> redirect handling):
>>
>> 	WebClient httpGet: 'https://encrypted.google.com/search?q=squeak'.
>
> It's the same.
>
> I attached the output of [WebClient httpGet: 
> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.

I took a look at the log again, and found this
"sqConnectSSL: SSL_get_verify_result = 20"
So it turned out that some CA certificates were missing. After installing 
the ca-certificates package SqueakSSL is working fine. :)


Levente

>
>
> Levente
>
>> 
>> Cheers,
>>  - Andreas
>> 
>

More information about the Squeak-dev mailing list