[squeak-dev] RE: SSLRon Teitelbaum ron at usmedrec.comMon May 13 00:59:13 UTC 2013
Hi Frank, This is just a guess but maybe the redirect is to a server with a different certificate. Maybe after the redirect a new ssl connection needs to be made? Have you looked at the data you receive? Maybe it's a request to renegotiate a session? Trying this without https I get this: Resource interpreted as Document but transferred with MIME type application/zip: "https://codeload.github.com/frankshearar/Control/legacy.zip/master". I see the permanent redirect response. What happens if you go directly to the redirected link? All the best, Ron Teitelbaum > -----Original Message----- > From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev- > bounces at lists.squeakfoundation.org] On Behalf Of Frank Shearar > Sent: Sunday, May 12, 2013 5:19 AM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > Hi Ron, > > I'm constructing the following expression - WebClient httpGet: > 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to > 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.) > > The SSL connection's established. Then it looks like I receive a chunk or 16372 > bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which > we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd. > #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls > #receiveDataInto:startingAt:. And that results in calling SqueakSSL >> > #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR. > > frank > > On 12 May 2013 02:34, Ron Teitelbaum <ron at usmedrec.com> wrote: > > Hey Frank, > > > > I tried this on my 4.1 image and it works fine. Connecting to a server doesn't > require a cert so this should just work. > > > > | address socket | > > address := NetNameResolver addressForName: 'github.com'. > > socket := SecureSocket newTCP. > > socket connectTo: address port: 443. > > socket waitForConnectionFor: 10. > > socket sslConnect. > > socket certState = 0 ifFalse:[ > > self error: 'The certificate is invalid (code: ', socket certState,')'. > > ]. > > socket sendData: > > 'GET / HTTP/1.0', String crlf, > > 'Host: github.com', String crlf, > > 'Connection: close', String crlf, > > String crlf. > > > > ^socket receiveData > > > > At what point do you get an error? > > > > > > All the best, > > > > Ron Teitelbaum > > Head Of Engineering > > 3d Immersive Collaboration Consulting > > ron at 3dicc.com > > Follow Me On Twitter: @RonTeitelbaum > > www.3dicc.com > > > > > >> -----Original Message----- > >> From: squeak-dev-bounces at lists.squeakfoundation.org > >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf Of > >> Frank Shearar > >> Sent: Saturday, May 11, 2013 6:39 PM > >> To: The general-purpose Squeak developers list > >> Subject: Re: [squeak-dev] RE: SSL > >> > >> On 11 May 2013 23:24, Frank Shearar <frank.shearar at gmail.com> wrote: > >> > Yes, I'd thought of that :) One thing that's weird, and probably > >> > pretty important info, is that the SqueakSSL unit tests _pass_. > >> > It's when I, say, try connect to https://github.com/, that things > >> > break in SqueakSSL >> #primitiveSSLCreate. > >> > > >> > I've been digging with strace. The SSL_connect thing happens on Cog > >> > because of something funny with the plugin's file, SqueakSSL. On an > >> > Interpreter VM, I get an error in SecureSocketStream >> > >> > #receiveDataInto:startingAt: - "SSL error, code: -5". > >> > >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by > >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or > >> SSL_ERROR_ZERO_RETURN (a clean shutdown). > >> > >> frank > >> > >> > So continuing my explorations with the Interpreter, I do actually > >> > get a WebResponse back from github, looking like this: > >> > > >> > WebResponse(HTTP/1.1 200 OK > >> > connection: close > >> > transfer-encoding: chunked > >> > content-type: application/zip > >> > content-disposition: attachment; > >> > filename=frankshearar-Control-e705021.zip > >> > date: Sat, 11 May 2013 22:19:00 GMT > >> > ) > >> > > >> > but the download breaks in the above-mentioned method. > >> > > >> > frank > >> > > >> > > >> > On 11 May 2013 20:43, Ron Teitelbaum <ron at usmedrec.com> wrote: > >> >> Hey Frank, > >> >> > >> >> You must also have OpenSSL installed, but if this was working > >> >> previously then > >> I expect that you have it installed. > >> >> > >> >> All the best, > >> >> > >> >> Ron > >> >> > >> >>> -----Original Message----- > >> >>> From: squeak-dev-bounces at lists.squeakfoundation.org > >> >>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf > >> >>> Of Frank Shearar > >> >>> Sent: Saturday, May 11, 2013 2:58 PM > >> >>> To: The general-purpose Squeak developers list > >> >>> Subject: Re: [squeak-dev] RE: SSL > >> >>> > >> >>> The build.squeak.org tests run on a CentOS box. They also fail on > >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used > >> >>> to work just fine, on Cog.r2714, and then one day stopped > >> >>> working. That does sound like possible cert expiration. The main > >> >>> trouble I have is that my debugging info is usually just > >> >>> "primitive failed", without any clue as to > >> _why_. > >> >>> > >> >>> I'll try run some things just now and report back. > >> >>> > >> >>> frank > >> >>> > >> >>> On 11 May 2013 18:24, Ron Teitelbaum <ron at usmedrec.com> wrote: > >> >>> > Hello, > >> >>> > > >> >>> > > >> >>> > > >> >>> > The problem is the certificate. What os is this running on? > >> >>> > > >> >>> > > >> >>> > > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >> >>> > > >> >>> > 30183:error:140AD009:SSL > >> >>> > routines:SSL_CTX_use_certificate_file:PEM > >> >>> > lib:ssl_rsa.c:491: > >> >>> > > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >> >>> > > >> >>> > 30183:error:140B0009:SSL > >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM > >> >>> > lib:ssl_rsa.c:669: > >> >>> > > >> >>> > > >> >>> > > >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for > windows. > >> >>> > I'm thinking that the cert may be expired. > >> >>> > > >> >>> > > >> >>> > > >> >>> > On Linux it creates a new cert so it wouldn't be a problem. To > >> >>> > fix this you should create a sample cert for windows and then > >> >>> > point the test case to that cert, or replace the hardcoded cert. > >> >>> > > >> >>> > > >> >>> > > >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the > >> >>> > existing SSL test code and it worked fine. So it may not be > >> >>> > the sample > >> cert. > >> >>> > > >> >>> > > >> >>> > > >> >>> > Need more info. > >> >>> > > >> >>> > > >> >>> > > >> >>> > All the best, > >> >>> > > >> >>> > > >> >>> > > >> >>> > Ron Teitelbaum > >> >>> > > >> >>> > Head Of Engineering > >> >>> > > >> >>> > 3d Immersive Collaboration Consulting > >> >>> > > >> >>> > ron at 3dicc.com > >> >>> > > >> >>> > Follow Me On Twitter: @RonTeitelbaum > >> >>> > > >> >>> > www.3dicc.com > >> >>> > > >> >>> > 3d ICC on G+ > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> >> -----Original Message----- > >> >>> > > >> >>> >> From: squeak-dev-bounces at lists.squeakfoundation.org > >> >>> >> [mailto:squeak-dev- > >> >>> > > >> >>> >> bounces at lists.squeakfoundation.org] On Behalf Of Patrick > >> >>> >> Shouse > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> Hi, Ron. Here's a link to one > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> You can click on the Console Ouput link on this page to see the details. > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> -- > >> >>> > > >> >>> >> View this message in context: http://forum.world.st/SSL- > >> >>> > > >> >>> >> tp4686693p4686815.html > >> >>> > > >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >> >>> > > >> >>> >> > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > >> >> > >> >> > >> >> > >> > > > > > > >
More information about the Squeak-dev mailing list |