[squeak-dev] Re: Combining SqueakSSL and SMTPClient?

Andreas Raab andreas.raab at gmx.de
Wed Oct 6 00:29:00 UTC 2010 

On 10/5/2010 2:16 PM, Bernhard Pieber wrote:
> My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.

Yes.

> I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.

Correct.

> Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:
>
> ensureConnection
> 	| sqSSL |
> 	self isConnected
> 		ifTrue: [^self].
> 	self stream
> 		ifNotNil: [self stream close].
>
> 	self stream: (SecureSocketStream openConnectionToHost: self host port: self port).
> 	sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing'].
> 	"Convert the stream to a secure stream"
> 	self stream: (sqSSL secureSocketStream on: stream socket).
> 	"Do the SSL handshake"
> 	stream sslConnect.
> 	"And cert verification"
> 	stream verifyCert: self serverName.
> 	self checkResponse.
> 	self login
>
> This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.
>
> At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?

If you get a connection timeout, it means the server isn't listening on 
the port. There is nothing 'magical' about SSL - it simply does a TCP 
connect followed by the SSL handshake. If no connection can be 
established, it means nothing is listening on the other end; almost 
always because you're using the wrong port.

FWIW, Wikipedia points out that "although some servers support port 465 
for legacy secure SMTP in violation of the specifications, it is 
preferable to use standard ports and standard ESMTP commands[14] 
according to RFC 3207 if a secure session needs to be used between the 
client and the server."

RFC 3207 has this nice usage example:

    The following dialog illustrates how a client and server can start a
    TLS session:

    S: <waits for connection on TCP port 25>
    C: <opens connection>
    S: 220 mail.imc.org SMTP service ready
    C: EHLO mail.example.com
    S: 250-mail.imc.org offers a warm hug of welcome
    S: 250-8BITMIME
    S: 250-STARTTLS
    S: 250 DSN
    C: STARTTLS
    S: 220 Go ahead
    C: <starts TLS negotiation>
    C & S: <negotiate a TLS session>
    C & S: <check result of negotiation>
    C: EHLO mail.example.com
    S: 250-mail.imc.org touches your hand gently for a moment
    S: 250-8BITMIME
    S: 250 DSN

Note that the above uses port 25 (and not 465) combined with the 
STARTTLS command.

Cheers,
   - Andreas

More information about the Squeak-dev mailing list