[squeak-dev] SqueakSSL questions and problems
Douglas Brebner
kirtai+st at gmail.com
Tue Oct 27 20:25:50 UTC 2020
On 27/10/2020 20:00, Tobias Pape wrote:
>
>> On 27.10.2020, at 19:31, Douglas Brebner <kirtai+st at gmail.com> wrote:
++> All in all, SqueakSSL _used_to_ only verify on Windows, because it
did not work anywhere else.
For Unix/openssl, I implemented Cert checking in so far that the
hostname is ok, (maybe more? i cant remember), for libressl/libtls, it
should validate most things.
Ok, something to take a look at then.
> For Mac, things were meeeh. I even debugged into CommonCrypto and such just to find that it goes "should I verify here?" which was deeeply frustrating.
Ouch, so Mac users just have to keep a close eye on things then.
> In theory, things should validate, in practice, not so much.
Wonderful. Something else to investigate.
>> In addition to this, I found that some of the SqueakSSL tests ping Google, Facebook and Yahoo urls. Changing these would be nice.
>
> Hmm. These ones are useful and maaaybe are not down so often.
> Anything we control is bound to have more downtime ¯\_(ツ)_/¯
Alright. I just don't like pinging them. Especially since the tests need
fixed *anyway* due to various errors they're hiding. (The TLS connection
works but the http layer returns errors due to site changes).
>> Finally, is SqueakSSL an appropriate name for a *TLS* library used on both Squeak and Cuis? ;)
>
> History…
Yeah, I just wondered if there was any interest in changing the name or
not. I'm fine with leaving it as is.
>> P.S. Ordinary Squeak client to remote https servers connections work fine on my linux machine. Wireshark shows TLS 1.3 connections.
>
> Depends on your OpenSSL library version :)
I realised that :)
I just meant that it support the latest TLS 1.3 without needing any
changes. I was concerned that SqueakSSL would need updated for that and
that's *definitely* something I don't want to touch.
Thanks
More information about the Squeak-dev
mailing list
|