[squeak-dev] RE: SSL

Frank Shearar frank.shearar at gmail.com
Mon May 13 06:11:53 UTC 2013 

Hi Ron,

It's definitely not the redirect. WebClient merrilly follows the
redirect, and I get partway through a download. In the decoded instvar
I can see the filenames I expect to see. And then at some point during
the download, I get the reported failure. PERHAPS it's because of the
chunk encoding, but I'd put a low probability on that.

Did you manage to successfully download that URL using WebClient?

frank

On 13 May 2013 01:59, Ron Teitelbaum <ron at usmedrec.com> wrote:
> Hi Frank,
>
> This is just a guess but maybe the redirect is to a server with a different certificate.  Maybe after the redirect a new ssl connection needs to be made?  Have you looked at the data you receive?  Maybe it's a request to renegotiate a session?
>
> Trying this without https I get this:
>
> Resource interpreted as Document but transferred with MIME type application/zip: "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
>
> I see the permanent redirect response.
>
> What happens if you go directly to the redirected link?
>
> All the best,
>
> Ron Teitelbaum
>
>> -----Original Message-----
>> From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev-
>> bounces at lists.squeakfoundation.org] On Behalf Of Frank Shearar
>> Sent: Sunday, May 12, 2013 5:19 AM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> Hi Ron,
>>
>> I'm constructing the following expression - WebClient httpGet:
>> 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to
>> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.)
>>
>> The SSL connection's established. Then it looks like I receive a chunk or 16372
>> bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which
>> we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd.
>> #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls
>> #receiveDataInto:startingAt:. And that results in calling SqueakSSL >>
>> #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR.
>>
>> frank
>>
>> On 12 May 2013 02:34, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> > Hey Frank,
>> >
>> > I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't
>> require a cert so this should just work.
>> >
>> > | address socket |
>> >         address := NetNameResolver addressForName: 'github.com'.
>> >         socket := SecureSocket newTCP.
>> >         socket connectTo: address port: 443.
>> >         socket waitForConnectionFor: 10.
>> >         socket sslConnect.
>> >         socket certState = 0 ifFalse:[
>> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>> >         ].
>> >         socket sendData:
>> >                 'GET / HTTP/1.0', String crlf,
>> >                 'Host: github.com', String crlf,
>> >                 'Connection: close', String crlf,
>> >                 String crlf.
>> >
>> >         ^socket receiveData
>> >
>> > At what point do you get an error?
>> >
>> >
>> > All the best,
>> >
>> > Ron Teitelbaum
>> > Head Of Engineering
>> > 3d Immersive Collaboration Consulting
>> > ron at 3dicc.com
>> > Follow Me On Twitter: @RonTeitelbaum
>> > www.3dicc.com
>> >
>> >
>> >> -----Original Message-----
>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf Of
>> >> Frank Shearar
>> >> Sent: Saturday, May 11, 2013 6:39 PM
>> >> To: The general-purpose Squeak developers list
>> >> Subject: Re: [squeak-dev] RE: SSL
>> >>
>> >> On 11 May 2013 23:24, Frank Shearar <frank.shearar at gmail.com> wrote:
>> >> > Yes, I'd thought of that :) One thing that's weird, and probably
>> >> > pretty important info, is that the SqueakSSL unit tests _pass_.
>> >> > It's when I, say, try connect to https://github.com/, that things
>> >> > break in SqueakSSL >> #primitiveSSLCreate.
>> >> >
>> >> > I've been digging with strace. The SSL_connect thing happens on Cog
>> >> > because of something funny with the plugin's file, SqueakSSL. On an
>> >> > Interpreter VM, I get an error in SecureSocketStream >>
>> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>> >>
>> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by
>> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
>> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
>> >>
>> >> frank
>> >>
>> >> > So continuing my explorations with the Interpreter, I do actually
>> >> > get a WebResponse back from github, looking like this:
>> >> >
>> >> > WebResponse(HTTP/1.1 200 OK
>> >> > connection: close
>> >> > transfer-encoding: chunked
>> >> > content-type: application/zip
>> >> > content-disposition: attachment;
>> >> > filename=frankshearar-Control-e705021.zip
>> >> > date: Sat, 11 May 2013 22:19:00 GMT
>> >> > )
>> >> >
>> >> > but the download breaks in the above-mentioned method.
>> >> >
>> >> > frank
>> >> >
>> >> >
>> >> > On 11 May 2013 20:43, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> >> Hey Frank,
>> >> >>
>> >> >> You must also have OpenSSL installed, but if this was working
>> >> >> previously then
>> >> I expect that you have it installed.
>> >> >>
>> >> >> All the best,
>> >> >>
>> >> >> Ron
>> >> >>
>> >> >>> -----Original Message-----
>> >> >>> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf
>> >> >>> Of Frank Shearar
>> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >> >>> To: The general-purpose Squeak developers list
>> >> >>> Subject: Re: [squeak-dev] RE: SSL
>> >> >>>
>> >> >>> The build.squeak.org tests run on a CentOS box. They also fail on
>> >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used
>> >> >>> to work just fine, on Cog.r2714, and then one day stopped
>> >> >>> working. That does sound like possible cert expiration. The main
>> >> >>> trouble I have is that my debugging info is usually just
>> >> >>> "primitive failed", without any clue as to
>> >> _why_.
>> >> >>>
>> >> >>> I'll try run some things just now and report back.
>> >> >>>
>> >> >>> frank
>> >> >>>
>> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> >>> > Hello,
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > The problem is the certificate.  What os is this running on?
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >> >>> >
>> >> >>> > 30183:error:140AD009:SSL
>> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
>> >> >>> > lib:ssl_rsa.c:491:
>> >> >>> >
>> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >> >>> >
>> >> >>> > 30183:error:140B0009:SSL
>> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
>> >> >>> > lib:ssl_rsa.c:669:
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for
>> windows.
>> >> >>> > I'm thinking that the cert may be expired.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
>> >> >>> > fix this you should create a sample cert for windows and then
>> >> >>> > point the test case to that cert, or replace the hardcoded cert.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>> >> >>> > existing SSL test code and it worked fine.  So it may not be
>> >> >>> > the sample
>> >> cert.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Need more info.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > All the best,
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Ron Teitelbaum
>> >> >>> >
>> >> >>> > Head Of Engineering
>> >> >>> >
>> >> >>> > 3d Immersive Collaboration Consulting
>> >> >>> >
>> >> >>> > ron at 3dicc.com
>> >> >>> >
>> >> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >> >>> >
>> >> >>> > www.3dicc.com
>> >> >>> >
>> >> >>> > 3d ICC on G+
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >> -----Original Message-----
>> >> >>> >
>> >> >>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >>> >> [mailto:squeak-dev-
>> >> >>> >
>> >> >>> >> bounces at lists.squeakfoundation.org] On Behalf Of Patrick
>> >> >>> >> Shouse
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> Hi, Ron. Here's a link to one
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> You can click on the Console Ouput link on this page to see the details.
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> --
>> >> >>> >
>> >> >>> >> View this message in context: http://forum.world.st/SSL-
>> >> >>> >
>> >> >>> >> tp4686693p4686815.html
>> >> >>> >
>> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >
>> >
>> >
>>
>
>
>

More information about the Squeak-dev mailing list