Hi Ron,

I'm constructing the following expression - WebClient httpGet:
'https://github.com/frankshearar/Control/zipball/master'. (This
redirects to 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.)

The SSL connection's established. Then it looks like I receive a chunk
or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to
skip a CRLF, after which we try get more data. By this time the Socket
is #otherEndClosedButNotThisEnd. #skip: calls #receiveData:, which
calls #receiveAvailableData, which finally calls
#receiveDataInto:startingAt:. And that results in calling SqueakSSL >>
#decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR.

frank

On 12 May 2013 02:34, Ron Teitelbaum <ron at usmedrec.com> wrote:
> Hey Frank,
>
> I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't require a cert so this should just work.
>
> | address socket |
>         address := NetNameResolver addressForName: 'github.com'.
>         socket := SecureSocket newTCP.
>         socket connectTo: address port: 443.
>         socket waitForConnectionFor: 10.
>         socket sslConnect.
>         socket certState = 0 ifFalse:[
>                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>         ].
>         socket sendData:
>                 'GET / HTTP/1.0', String crlf,
>                 'Host: github.com', String crlf,
>                 'Connection: close', String crlf,
>                 String crlf.
>
>         ^socket receiveData
>
> At what point do you get an error?
>
>
> All the best,
>
> Ron Teitelbaum
> Head Of Engineering
> 3d Immersive Collaboration Consulting
> ron at 3dicc.com
> Follow Me On Twitter: @RonTeitelbaum
> www.3dicc.com
>
>
>> -----Original Message-----
>> From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev-
>> bounces at lists.squeakfoundation.org] On Behalf Of Frank Shearar
>> Sent: Saturday, May 11, 2013 6:39 PM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> On 11 May 2013 23:24, Frank Shearar <frank.shearar at gmail.com> wrote:
>> > Yes, I'd thought of that :) One thing that's weird, and probably
>> > pretty important info, is that the SqueakSSL unit tests _pass_. It's
>> > when I, say, try connect to https://github.com/, that things break in
>> > SqueakSSL >> #primitiveSSLCreate.
>> >
>> > I've been digging with strace. The SSL_connect thing happens on Cog
>> > because of something funny with the plugin's file, SqueakSSL. On an
>> > Interpreter VM, I get an error in SecureSocketStream >>
>> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>>
>> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read
>> isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a
>> clean shutdown).
>>
>> frank
>>
>> > So continuing my explorations with the Interpreter, I do actually get
>> > a WebResponse back from github, looking like this:
>> >
>> > WebResponse(HTTP/1.1 200 OK
>> > connection: close
>> > transfer-encoding: chunked
>> > content-type: application/zip
>> > content-disposition: attachment;
>> > filename=frankshearar-Control-e705021.zip
>> > date: Sat, 11 May 2013 22:19:00 GMT
>> > )
>> >
>> > but the download breaks in the above-mentioned method.
>> >
>> > frank
>> >
>> >
>> > On 11 May 2013 20:43, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> Hey Frank,
>> >>
>> >> You must also have OpenSSL installed, but if this was working previously then
>> I expect that you have it installed.
>> >>
>> >> All the best,
>> >>
>> >> Ron
>> >>
>> >>> -----Original Message-----
>> >>> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf Of
>> >>> Frank Shearar
>> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >>> To: The general-purpose Squeak developers list
>> >>> Subject: Re: [squeak-dev] RE: SSL
>> >>>
>> >>> The build.squeak.org tests run on a CentOS box. They also fail on my
>> >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work
>> >>> just fine, on Cog.r2714, and then one day stopped working. That does
>> >>> sound like possible cert expiration. The main trouble I have is that
>> >>> my debugging info is usually just "primitive failed", without any clue as to
>> _why_.
>> >>>
>> >>> I'll try run some things just now and report back.
>> >>>
>> >>> frank
>> >>>
>> >>> On 11 May 2013 18:24, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >>> > Hello,
>> >>> >
>> >>> >
>> >>> >
>> >>> > The problem is the certificate.  What os is this running on?
>> >>> >
>> >>> >
>> >>> >
>> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >>> >
>> >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
>> >>> > lib:ssl_rsa.c:491:
>> >>> >
>> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >>> >
>> >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
>> >>> > lib:ssl_rsa.c:669:
>> >>> >
>> >>> >
>> >>> >
>> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
>> >>> > I'm thinking that the cert may be expired.
>> >>> >
>> >>> >
>> >>> >
>> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
>> >>> > fix this you should create a sample cert for windows and then
>> >>> > point the test case to that cert, or replace the hardcoded cert.
>> >>> >
>> >>> >
>> >>> >
>> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>> >>> > existing SSL test code and it worked fine.  So it may not be the sample
>> cert.
>> >>> >
>> >>> >
>> >>> >
>> >>> > Need more info.
>> >>> >
>> >>> >
>> >>> >
>> >>> > All the best,
>> >>> >
>> >>> >
>> >>> >
>> >>> > Ron Teitelbaum
>> >>> >
>> >>> > Head Of Engineering
>> >>> >
>> >>> > 3d Immersive Collaboration Consulting
>> >>> >
>> >>> > ron at 3dicc.com
>> >>> >
>> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >>> >
>> >>> > www.3dicc.com
>> >>> >
>> >>> > 3d ICC on G+
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >> -----Original Message-----
>> >>> >
>> >>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >>> >> [mailto:squeak-dev-
>> >>> >
>> >>> >> bounces at lists.squeakfoundation.org] On Behalf Of Patrick Shouse
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> Hi, Ron. Here's a link to one
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> You can click on the Console Ouput link on this page to see the details.
>> >>> >
>> >>> >>
>> >>> >
>> >>> >>
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> --
>> >>> >
>> >>> >> View this message in context: http://forum.world.st/SSL-
>> >>> >
>> >>> >> tp4686693p4686815.html
>> >>> >
>> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >>> >
>> >>> >>
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>>
>> >>
>> >>
>> >>
>>
>
>
>