[squeak-dev] RE: SSL

Sat May 18 23:19:06 UTC 2013

Hi Ron,

Right, my bad in not adding instructions for non-Rubyists. I've
updated the README to say:

# Install RVM
$ \curl -L https://get.rvm.io | bash -s stable --ruby=1.9.3
$ cd squeak-ci
$ which ruby
/home/frank/.rvm/rubies/ruby-1.9.3-p392/bin/ruby

$ gem install bundle # if necessary
$ bundle install

And now you should be able to run `rake build` to build the kind of VM
I use in the tests.

frank

On 14 May 2013 02:14, Ron Teitelbaum <ron at usmedrec.com> wrote:
> Hi Frank,
>
> It failed to build:
>
> no such file to load -- ci/reporter/rake/rspec
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: squeak-dev-bounces at lists.squeakfoundation.org [mailto:squeak-dev-
>> bounces at lists.squeakfoundation.org] On Behalf Of Frank Shearar
>> Sent: Monday, May 13, 2013 1:54 PM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> Hi Ron,
>>
>> If I use a Cog r.2714 I get a primitiveCreateSSL error because the SqueakSSL
>> plugin there has some weird linking problem.
>>
>> So I've been using the latest Unix Interpreter VM, 4.10.2.2614. I build them fresh
>> using some Ruby. I usually use a 4.5 era image. I see the errors on Lucid Lynx,
>> but (and I must stress this), this used to work!
>>
>> frank
>>
>> [1] If you download a copy of the squeak-ci environment
>> (https://github.com/frankshearar/squeak-ci/archive/master.zip) you can
>> recreate this VM with `rake build`. This will build an Interpreter VM, download
>> SqueakSSL.so and put it in the right place.
>>
>> On 13 May 2013 18:42, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> > Hi Frank,
>> >
>> > I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they
>> would affect you.
>> >
>> > I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine.
>> >
>> > WebResponse(HTTP/1.1 200 OK
>> > connection: close
>> > transfer-encoding: chunked
>> > content-type: application/zip
>> > content-disposition: attachment;
>> > filename=frankshearar-Control-e705021.zip
>> > date: Mon, 13 May 2013 17:32:08 GMT
>> >
>> > )
>> >
>> > I checked this on CentOS and Win 7 and they both work fine on a 4.1 based
>> image.
>> >
>> > So far I can't get it to break.  What image and vm should I use to reproduce the
>> problem?
>> >
>> > All the best,
>> >
>> > Ron Teitelbaum
>> >
>> >
>> >> -----Original Message-----
>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf Of
>> >> Frank Shearar
>> >> Sent: Monday, May 13, 2013 9:41 AM
>> >> To: The general-purpose Squeak developers list
>> >> Subject: Re: [squeak-dev] RE: SSL
>> >>
>> >> Hi Ron,
>> >>
>> >> That's quite an old version - I'm using WebClient-Core-ar.92 (and
>> >> more importantly, SqueakSSL-Core-ar.26).
>> >>
>> >> frank
>> >>
>> >> On 13 May 2013 14:31, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> > Hi Frank,
>> >> >
>> >> > On my 4.1 based image this just works:
>> >> >
>> >> > WebClient httpGet:
>> 'https://github.com/frankshearar/Control/zipball/master'
>> >> >
>> >> > I got:
>> >> >
>> >> > WebResponse(HTTP/1.1 200 OK
>> >> > connection: close
>> >> > transfer-encoding: chunked
>> >> > content-type: application/zip
>> >> > content-disposition: attachment;
>> >> > filename=frankshearar-Control-e705021.zip
>> >> > date: Mon, 13 May 2013 13:17:34 GMT
>> >> >
>> >> > )
>> >> >
>> >> > Content length was 98488
>> >> >
>> >> > I checked and it is using SSL, the stream is:
>> >> > SecureSocketStream[inbuf:64kb/outbuf:4kb]
>> >> >
>> >> > What version of WebClient-Core do you have?  I'm running
>> >> > WebClient-Core-
>> >> ar.83.
>> >> >
>> >> > All the best,
>> >> >
>> >> > Ron Teitelbaum
>> >> >
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On Behalf
>> >> >> Of Frank Shearar
>> >> >> Sent: Monday, May 13, 2013 2:12 AM
>> >> >> To: The general-purpose Squeak developers list
>> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >>
>> >> >> Hi Ron,
>> >> >>
>> >> >> It's definitely not the redirect. WebClient merrilly follows the
>> >> >> redirect, and I get partway through a download. In the decoded
>> >> >> instvar I can see the filenames I expect to see. And then at some
>> >> >> point during the download, I get the reported failure. PERHAPS
>> >> >> it's because of the chunk encoding, but I'd put a low probability on that.
>> >> >>
>> >> >> Did you manage to successfully download that URL using WebClient?
>> >> >>
>> >> >> frank
>> >> >>
>> >> >> On 13 May 2013 01:59, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> >> > Hi Frank,
>> >> >> >
>> >> >> > This is just a guess but maybe the redirect is to a server with
>> >> >> > a different
>> >> >> certificate.  Maybe after the redirect a new ssl connection needs to be
>> made?
>> >> >> Have you looked at the data you receive?  Maybe it's a request to
>> >> >> renegotiate a session?
>> >> >> >
>> >> >> > Trying this without https I get this:
>> >> >> >
>> >> >> > Resource interpreted as Document but transferred with MIME type
>> >> >> application/zip:
>> >> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
>> >> >> >
>> >> >> > I see the permanent redirect response.
>> >> >> >
>> >> >> > What happens if you go directly to the redirected link?
>> >> >> >
>> >> >> > All the best,
>> >> >> >
>> >> >> > Ron Teitelbaum
>> >> >> >
>> >> >> >> -----Original Message-----
>> >> >> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >> >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On
>> >> >> >> Behalf Of Frank Shearar
>> >> >> >> Sent: Sunday, May 12, 2013 5:19 AM
>> >> >> >> To: The general-purpose Squeak developers list
>> >> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >>
>> >> >> >> Hi Ron,
>> >> >> >>
>> >> >> >> I'm constructing the following expression - WebClient httpGet:
>> >> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
>> >> >> >> redirects to
>> >> >> >>
>> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
>> >> >> >> )
>> >> >> >>
>> >> >> >> The SSL connection's established. Then it looks like I receive
>> >> >> >> a chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
>> >> >> >> 2 to skip a CRLF, after which we try get more data. By this
>> >> >> >> time the Socket is
>> >> >> #otherEndClosedButNotThisEnd.
>> >> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData,
>> >> >> >> which finally calls #receiveDataInto:startingAt:. And that
>> >> >> >> results in calling SqueakSSL >> #decrypt:from:to:into:, which
>> >> >> >> returns the
>> >> >> SQSSL_GENERIC_ERROR.
>> >> >> >>
>> >> >> >> frank
>> >> >> >>
>> >> >> >> On 12 May 2013 02:34, Ron Teitelbaum <ron at usmedrec.com> wrote:
>> >> >> >> > Hey Frank,
>> >> >> >> >
>> >> >> >> > I tried this on my 4.1 image and it works fine.  Connecting
>> >> >> >> > to a server doesn't
>> >> >> >> require a cert so this should just work.
>> >> >> >> >
>> >> >> >> > | address socket |
>> >> >> >> >         address := NetNameResolver addressForName: 'github.com'.
>> >> >> >> >         socket := SecureSocket newTCP.
>> >> >> >> >         socket connectTo: address port: 443.
>> >> >> >> >         socket waitForConnectionFor: 10.
>> >> >> >> >         socket sslConnect.
>> >> >> >> >         socket certState = 0 ifFalse:[
>> >> >> >> >                 self error: 'The certificate is invalid (code: ', socket
>> certState,')'.
>> >> >> >> >         ].
>> >> >> >> >         socket sendData:
>> >> >> >> >                 'GET / HTTP/1.0', String crlf,
>> >> >> >> >                 'Host: github.com', String crlf,
>> >> >> >> >                 'Connection: close', String crlf,
>> >> >> >> >                 String crlf.
>> >> >> >> >
>> >> >> >> >         ^socket receiveData
>> >> >> >> >
>> >> >> >> > At what point do you get an error?
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > All the best,
>> >> >> >> >
>> >> >> >> > Ron Teitelbaum
>> >> >> >> > Head Of Engineering
>> >> >> >> > 3d Immersive Collaboration Consulting ron at 3dicc.com Follow Me
>> >> >> >> > On
>> >> >> >> > Twitter: @RonTeitelbaum www.3dicc.com
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >> -----Original Message-----
>> >> >> >> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >> >> >> [mailto:squeak-dev- bounces at lists.squeakfoundation.org] On
>> >> >> >> >> Behalf Of Frank Shearar
>> >> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM
>> >> >> >> >> To: The general-purpose Squeak developers list
>> >> >> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >> >>
>> >> >> >> >> On 11 May 2013 23:24, Frank Shearar
>> >> >> >> >> <frank.shearar at gmail.com>
>> >> wrote:
>> >> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and
>> >> >> >> >> > probably pretty important info, is that the SqueakSSL unit
>> >> >> >> >> > tests
>> >> _pass_.
>> >> >> >> >> > It's when I, say, try connect to https://github.com/, that
>> >> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
>> >> >> >> >> >
>> >> >> >> >> > I've been digging with strace. The SSL_connect thing
>> >> >> >> >> > happens on Cog because of something funny with the
>> >> >> >> >> > plugin's file, SqueakSSL. On an Interpreter VM, I get an
>> >> >> >> >> > error in SecureSocketStream >>
>> >> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>> >> >> >> >>
>> >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error
>> >> >> >> >> returned by SSL_read isn't SSL_ERROR_WANT_READ
>> >> >> >> >> (renegotiation) or SSL_ERROR_ZERO_RETURN (a clean shutdown).
>> >> >> >> >>
>> >> >> >> >> frank
>> >> >> >> >>
>> >> >> >> >> > So continuing my explorations with the Interpreter, I do
>> >> >> >> >> > actually get a WebResponse back from github, looking like this:
>> >> >> >> >> >
>> >> >> >> >> > WebResponse(HTTP/1.1 200 OK
>> >> >> >> >> > connection: close
>> >> >> >> >> > transfer-encoding: chunked
>> >> >> >> >> > content-type: application/zip
>> >> >> >> >> > content-disposition: attachment;
>> >> >> >> >> > filename=frankshearar-Control-e705021.zip
>> >> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
>> >> >> >> >> > )
>> >> >> >> >> >
>> >> >> >> >> > but the download breaks in the above-mentioned method.
>> >> >> >> >> >
>> >> >> >> >> > frank
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <ron at usmedrec.com>
>> >> wrote:
>> >> >> >> >> >> Hey Frank,
>> >> >> >> >> >>
>> >> >> >> >> >> You must also have OpenSSL installed, but if this was
>> >> >> >> >> >> working previously then
>> >> >> >> >> I expect that you have it installed.
>> >> >> >> >> >>
>> >> >> >> >> >> All the best,
>> >> >> >> >> >>
>> >> >> >> >> >> Ron
>> >> >> >> >> >>
>> >> >> >> >> >>> -----Original Message-----
>> >> >> >> >> >>> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >> >> >> >>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org]
>> >> >> >> >> >>> On Behalf Of Frank Shearar
>> >> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >> >> >> >> >>> To: The general-purpose Squeak developers list
>> >> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >> >> >>>
>> >> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They
>> >> >> >> >> >>> also fail on my Ubuntu Lucid box. I've mentioned this before:
>> >> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then
>> >> >> >> >> >>> one day stopped working. That does sound like possible
>> >> >> >> >> >>> cert expiration. The main trouble I have is that my
>> >> >> >> >> >>> debugging info is usually just "primitive failed",
>> >> >> >> >> >>> without any clue as to
>> >> >> >> >> _why_.
>> >> >> >> >> >>>
>> >> >> >> >> >>> I'll try run some things just now and report back.
>> >> >> >> >> >>>
>> >> >> >> >> >>> frank
>> >> >> >> >> >>>
>> >> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <ron at usmedrec.com>
>> >> wrote:
>> >> >> >> >> >>> > Hello,
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > The problem is the certificate.  What os is this running on?
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no
>> >> >> >> >> >>> > start
>> >> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 30183:error:140AD009:SSL
>> >> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
>> >> >> >> >> >>> > lib:ssl_rsa.c:491:
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no
>> >> >> >> >> >>> > start
>> >> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 30183:error:140B0009:SSL
>> >> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
>> >> >> >> >> >>> > lib:ssl_rsa.c:669:
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is
>> >> >> >> >> >>> > hardcoded for
>> >> >> >> windows.
>> >> >> >> >> >>> > I'm thinking that the cert may be expired.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
>> >> >> >> >> >>> > To fix this you should create a sample cert for
>> >> >> >> >> >>> > windows and then point the test case to that cert, or
>> >> >> >> >> >>> > replace the
>> >> hardcoded cert.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image,
>> >> >> >> >> >>> > with the existing SSL test code and it worked fine.
>> >> >> >> >> >>> > So it may not be the sample
>> >> >> >> >> cert.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > Need more info.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > All the best,
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > Ron Teitelbaum
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > Head Of Engineering
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 3d Immersive Collaboration Consulting
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > ron at 3dicc.com
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > www.3dicc.com
>> >> >> >> >> >>> >
>> >> >> >> >> >>> > 3d ICC on G+
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> -----Original Message-----
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> From: squeak-dev-bounces at lists.squeakfoundation.org
>> >> >> >> >> >>> >> [mailto:squeak-dev-
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> bounces at lists.squeakfoundation.org] On Behalf Of
>> >> >> >> >> >>> >> Patrick Shouse
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> Hi, Ron. Here's a link to one
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.
>> >> >> >> >> >>> >> 3/8
>> >> >> >> >> >>> >> 2/
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> You can click on the Console Ouput link on this page
>> >> >> >> >> >>> >> to see the
>> >> >> details.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> --
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> View this message in context:
>> >> >> >> >> >>> >> http://forum.world.st/SSL-
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> tp4686693p4686815.html
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at
>> Nabble.com.
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >>
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>> >
>> >> >> >> >> >>>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> >
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>> >
>>
>
>
>