[squeak-dev] Re: Combining SqueakSSL and SMTPClient?
Andreas Raab
andreas.raab at gmx.de
Wed Oct 6 00:29:00 UTC 2010
On 10/5/2010 2:16 PM, Bernhard Pieber wrote:
> My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.
Yes.
> I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.
Correct.
> Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:
>
> ensureConnection
> | sqSSL |
> self isConnected
> ifTrue: [^self].
> self stream
> ifNotNil: [self stream close].
>
> self stream: (SecureSocketStream openConnectionToHost: self host port: self port).
> sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing'].
> "Convert the stream to a secure stream"
> self stream: (sqSSL secureSocketStream on: stream socket).
> "Do the SSL handshake"
> stream sslConnect.
> "And cert verification"
> stream verifyCert: self serverName.
> self checkResponse.
> self login
>
> This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.
>
> At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?
If you get a connection timeout, it means the server isn't listening on
the port. There is nothing 'magical' about SSL - it simply does a TCP
connect followed by the SSL handshake. If no connection can be
established, it means nothing is listening on the other end; almost
always because you're using the wrong port.
FWIW, Wikipedia points out that "although some servers support port 465
for legacy secure SMTP in violation of the specifications, it is
preferable to use standard ports and standard ESMTP commands[14]
according to RFC 3207 if a secure session needs to be used between the
client and the server."
RFC 3207 has this nice usage example:
The following dialog illustrates how a client and server can start a
TLS session:
S: <waits for connection on TCP port 25>
C: <opens connection>
S: 220 mail.imc.org SMTP service ready
C: EHLO mail.example.com
S: 250-mail.imc.org offers a warm hug of welcome
S: 250-8BITMIME
S: 250-STARTTLS
S: 250 DSN
C: STARTTLS
S: 220 Go ahead
C: <starts TLS negotiation>
C & S: <negotiate a TLS session>
C & S: <check result of negotiation>
C: EHLO mail.example.com
S: 250-mail.imc.org touches your hand gently for a moment
S: 250-8BITMIME
S: 250 DSN
Note that the above uses port 25 (and not 465) combined with the
STARTTLS command.
Cheers,
- Andreas
More information about the Squeak-dev
mailing list
|