[squeak-dev] Re: WebClient + SqueakSSL = https
Levente Uzonyi
leves at elte.hu
Mon Jul 26 14:17:57 UTC 2010
On Mon, 26 Jul 2010, Levente Uzonyi wrote:
> On Sun, 25 Jul 2010, Andreas Raab wrote:
>
>> On 7/25/2010 7:55 PM, Levente Uzonyi wrote:
>>> It works for me, but I always get 'Invalid certificate' error, even for
>>> google.com. #certState is always 1 (generic error). If I just ignore the
>>> error, everything is fine. Is there a way to debug it?
>>> (Ubuntu 8.04 x86_64 CogVM)
>>
>> Interesting. I suspect it's something in OpenSSL plugin code. The thing to
>> try is to to change SecureSocketStream>>sslConnect from:
>>
>> squeakSSL := SqueakSSL new.
>>
>> to the following:
>>
>> squeakSSL := SqueakSSL new.
>>
>> "Logs extra info stdout"
>> squeakSSL logLevel: 1.
>>
>> You should be getting a bunch of console output as a result which should
>> prove helpful.
>
> I found a few issues with logging on unix:
> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
> #primitiveSetStringProperty instead of #primitiveSetIntProperty.
> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
> returns 0, it should return 1 at the end of the function.
> After fixing these #logLevel: with argument 1 didn't give any output. It
> works with 2 and 3. It's a bit annoying that the log messages are not flushed
> (printf is buffered), so one has to generate a few requests to see the result
> of the first one (I can't flush stdout without FFI or OSProcess).
>
>>
>> Also, you might try to see whether going directly to encrypted.google.com
>> makes a difference (the https request to www.google.com is first redirected
>> to encrypted.google.com and perhaps the problem is somewhere in the
>> redirect handling):
>>
>> WebClient httpGet: 'https://encrypted.google.com/search?q=squeak'.
>
> It's the same.
>
> I attached the output of [WebClient httpGet:
> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.
I took a look at the log again, and found this
"sqConnectSSL: SSL_get_verify_result = 20"
So it turned out that some CA certificates were missing. After installing
the ca-certificates package SqueakSSL is working fine. :)
Levente
>
>
> Levente
>
>>
>> Cheers,
>> - Andreas
>>
>
More information about the Squeak-dev
mailing list
|