Hi,

I've been playing around with SqueakSSL in Squeak and Cuis recently and 
found that most of the tests fail under Linux. It seems that the root of 
the problem is that the example test certificate in 
SqueakSSL>>#exampleCertFile is both expired (only valid from 2011->2012) 
and also using cyphers no longer supported in TLS 1.3. This breaks the 
tests using local connections.


I am nowhere even close to being a crypto expert so I'm asking how 
should this be handled?

I believe that the certificate was supposed to be replaced every year 
(or longer with longer valid dates) but don't want to do this without 
some advice.

Should we just replace the old certificate with a new one with longer 
validity or should there be some kind of automatic infrastructure to 
generate them as appropriate? Maybe one that can be downloaded?

Another problem I found is that WebClient/SqueakSSL apparently *does not 
verify* server certificates on MacOS. I don't know if this is just in 
the tests or if it's for all TLS/SSL connection but it should be 
clarified and/or fixed.

In addition to this, I found that some of the SqueakSSL tests ping 
Google, Facebook and Yahoo urls. Changing these would be nice.

Finally, is SqueakSSL an appropriate name for a *TLS* library used on 
both Squeak and Cuis? ;)

Thanks

P.S. Ordinary Squeak client to remote https servers connections work 
fine on my linux machine. Wireshark shows TLS 1.3 connections.