Yah, you're right about the certificate. I actually mentioned it back in early May (about 300 years ago, amiright?) and we promptly did nothing about it.

> On 2020-10-27, at 11:31 AM, Douglas Brebner <kirtai+st at gmail.com> wrote:
> 
> Hi,
> 
> I've been playing around with SqueakSSL in Squeak and Cuis recently and found that most of the tests fail under Linux. It seems that the root of the problem is that the example test certificate in SqueakSSL>>#exampleCertFile is both expired (only valid from 2011->2012) and also using cyphers no longer supported in TLS 1.3. This breaks the tests using local connections.
> 
> 
> I am nowhere even close to being a crypto expert so I'm asking how should this be handled?
> 
> I believe that the certificate was supposed to be replaced every year (or longer with longer valid dates) but don't want to do this without some advice.
> 
> Should we just replace the old certificate with a new one with longer validity or should there be some kind of automatic infrastructure to generate them as appropriate? Maybe one that can be downloaded?
> 
> Another problem I found is that WebClient/SqueakSSL apparently *does not verify* server certificates on MacOS. I don't know if this is just in the tests or if it's for all TLS/SSL connection but it should be clarified and/or fixed.
> 
> In addition to this, I found that some of the SqueakSSL tests ping Google, Facebook and Yahoo urls. Changing these would be nice.
> 
> Finally, is SqueakSSL an appropriate name for a *TLS* library used on both Squeak and Cuis? ;)
> 
> Thanks
> 
> P.S. Ordinary Squeak client to remote https servers connections work fine on my linux machine. Wireshark shows TLS 1.3 connections.
> 
> 


tim
--
tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
Strange OpCodes: PBF: Pay Bus Fare