[squeak-dev] SSL/Socket error code interpretation

Tobias Pape Das.Linux at gmx.de
Tue May 12 11:37:45 UTC 2020


Hi Timothy,

> On 12.05.2020, at 13:30, gettimothy via Squeak-dev <squeak-dev at lists.squeakfoundation.org> wrote:
> 
> Check your systems time.
> 
> My 32 bit machine loses date time on loss of power.
> 
> During squeak install preference wizard at step to optionally load git, osprocess, ffi, etc, the yes button is disabled with a warning message.
> 
> Set system date time with nntp calls and it works.

It's not a date issue. Its an issue with unavailability of intermetidate/root certs. The comodo ones are just not trusted by default on OpenSSL.

Best regards
	-Tobias

> 
> 
> ---- On Mon, 11 May 2020 21:48:37 -0400 tim at rowledge.org wrote ----
> 
> I'm trying to make an https connection to a site and it isn't a happy thing.
> 
> After digging further into the SSL plugin than I ever wanted I found the logLevel setting and set it to 1 in SecureSocketStream>>#sslConnectTo: and got some plausibly useful info out of it.
> The key item seems to be 
> sqConnectSSL: SSL_get_verify_result = 20
> and if I've interpreted the code in ~opensmalltalk-vm/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.inc and opensmalltalk-vm/platforms/Cross/plugins/SqueakSSL/SqueakSSL.h properly then an error code of 20 means SQSSL_INVALID_CN and SQSSL_CERT_EXPIRED. 
> 
> Can anyone reassure me or correct me on that?
> 
> The problem is that according to the SSL code in *VW* the certificate I get has this info - 
> Validity
>     Not Before: Nov 15 00:00:00 2018 GMT
>     Not After: Nov 14 23:59:59 2020 GMT
> Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=sagetea.ai
> 
> ... which looks in-date to me and a fairly reasonable CN. 
> 
> Aaaargh!
> 
> tim





More information about the Squeak-dev mailing list