[Vm-dev] SSL error on windows 7

Nicolas Cellier nicolas.cellier.aka.nice at gmail.com
Wed Apr 4 14:50:47 UTC 2018 

2018-04-04 13:49 GMT+02:00 Tobias Pape <Das.Linux at gmx.de>:

>
> Hi All,
>
> > On 04.04.2018, at 11:50, Nicolas Cellier <nicolas.cellier.aka.nice@
> gmail.com> wrote:
> >
> >
> >
> > 2018-04-04 11:05 GMT+02:00 Tobias Pape <Das.Linux at gmx.de>:
> >
> > Hi Cyril
> >
> >
> > > On 03.04.2018, at 15:26, Cyril Ferlicot D <cyril at ferlicot.me> wrote:
> > >
> > > Hi Tobias,
> > >
> > > I have a problem with SSL and Winodws 7, I think it might be a VM
> plugin
> > > problem (excuse me if we find at the end that it is not) and I heard
> > > you're the one maintaining the SSL plugin.
> > >
> > > If I execute this code:
> > >
> > > ZnClient new url: 'https://google.com'; get.
> > >
> > > I get a result.
> > >
> > > If I execute this code:
> > >
> > > ZnClient new url: 'https://github.com'; get.
> > >
> > > I get this error: Error: SSL Exception: connect failed [code:-5]
> > >
> > > I tried with both stable and latest vm. (The stable is from august 2017
> > > I think)
> > >
> > > I sent a mail on the Pharo dev ML and we are at least two having this
> > > problem with Windows 7 when it's working with Windows 10.
> > >
> > > Let me know if you need any more details on this issue.
> > >
> > > I opened on issue:
> > > https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/236
> > >
> >
> > Can you please change ZdcSecureSocket>>sslSession to
> >
> > sslSession
> >         ^ sslSession ifNil: [
> >                 sslSession := self sslSessionClass new
> >                         enableLogging;
> >                         yourself].
> >
> >
> > And please paste what appears on stdout?
> >
> > (you may have to execute the vm from the commandline).
> >
> > Best regards
> >         -Tobias
> >
> >
> > I confirm, same behavior as Cyril on windows 7 with latest bintray VM
> pharo.cog.spur_win32x86_201804032021.zip
> >
> > logging output:
>
> This is very strange.
>
> >
> > >PharoConsole.exe Pharo7.0-32bit-b6db964.image
> > sqSetStringPropertySSL(1): (null)
> > sqSetStringPropertySSL(2): github.com
> > sqConnectSSL: input token 0 bytes
> > sqConnectSSL: Input to InitSecCtxt is 0 bytes
> > AquireCredentialsHandle returned: 0
> > InitializeSecurityContext returned: 90312
> > Input Buffers:
> >         buf[0]: 2 (0 bytes) ptr=0
> >         buf[1]: 0 (0 bytes) ptr=0
> >         buf[2]: 0 (0 bytes) ptr=0
> >         buf[3]: 0 (0 bytes) ptr=0
> > Output Buffers:
> >         buf[0]: 2 (122 bytes) ptr=596140
> >         buf[1]: 0 (0 bytes) ptr=0
> > sqCopyDescToken:
> >          type=2, size=122
> >          type=0, size=0
> > sqConnectSSL: input token 7 bytes
>
> This looks very short.
> It means that 122 bytes for the security token are passed on to the image,
> and then 7 token bytes are re-used and sent from the image to the plugn.
>
> Compare to Squeak 6, same bintray (means IDENTICAL plugin)
>
> =-=-=-=
> sqSetStringPropertySSL(2): github.com
> sqConnectSSL: input token 0 bytes
> sqConnectSSL: Input to InitSecCtxt is 0 bytes
> AquireCredentialsHandle returned: 0
> InitializeSecurityContext returned: 90312
> Input Buffers:
>         buf[0]: 2 (0 bytes) ptr=0
>         buf[1]: 0 (0 bytes) ptr=0
>         buf[2]: 0 (0 bytes) ptr=0
>         buf[3]: 0 (0 bytes) ptr=0
> Output Buffers:
>         buf[0]: 2 (178 bytes) ptr=16d3c78
>         buf[1]: 0 (0 bytes) ptr=0
> sqCopyDescToken:
>          type=2, size=178
>          type=0, size=0
> sqConnectSSL: input token 3594 bytes
> sqConnectSSL: Input to InitSecCtxt is 3594 bytes
> InitializeSecurityContext returned: 90312
> Input Buffers:
>         buf[0]: 2 (3594 bytes) ptr=17dbf48
>         buf[1]: 0 (0 bytes) ptr=0
>         buf[2]: 0 (0 bytes) ptr=0
>         buf[3]: 0 (0 bytes) ptr=0
> Output Buffers:
>         buf[0]: 2 (166 bytes) ptr=1706dd0
>         buf[1]: 0 (0 bytes) ptr=0
> sqCopyDescToken:
>          type=2, size=166
>          type=0, size=0
> sqConnectSSL: input token 91 bytes
> sqConnectSSL: Input to InitSecCtxt is 91 bytes
> InitializeSecurityContext returned: 0
> Input Buffers:
>         buf[0]: 2 (91 bytes) ptr=17dbf48
>         buf[1]: 0 (0 bytes) ptr=0
>         buf[2]: 0 (0 bytes) ptr=0
>         buf[3]: 0 (0 bytes) ptr=0
> Output Buffers:
>         buf[0]: 2 (0 bytes) ptr=0
>         buf[1]: 0 (0 bytes) ptr=0
> sqConnectSSL: Maximum message size is 16384 bytes
> sqExtractPeerName: Peer name is github.com
> sqEncryptSSL: Encrypting 139 bytes
> =-=-=-=
>
> Here, 178 bytes of token are copied to the image, and the image
> (SqueakSSL) continues with ca 4k of data (which includes the token)
>
> Maybe there's a fault in the Zodiac code?
>
> > sqConnectSSL: Input to InitSecCtxt is 7 bytes
> > InitializeSecurityContext returned: 80090302
>
> This means (According to https://msdn.microsoft.com/en-us/library/dd721886
> )
>
> SEC_E_UNSUPPORTED_FUNCTION (aka TLS1_ALERT_PROTOCOL_VERSION 0x70).
>
> This in turn means (according to https://stackoverflow.com/a/
> 5727375/1197440 )
>         unrecognized_name (the answerer there says: "The unrecognized_name
> indicates that the server name you sent in the client hello does not match
> a name known to the server").
>
> And that the server does no know what name you want.
>
> Are you really connecting to github.com?
>
> Two things here:
>  (a) yes, the plugin could give meaningful error messages. This has,
> unfortunately, to wait.
>  (b) It seems that the image side (in case of Pharo, probably Zodiac) does
> not complete the handshake correctly, as it seems to work for SqueakSSL
> (image side)
>
> Best regards
>         -Tobias
>
>
> > Input Buffers:
> >         buf[0]: 2 (7 bytes) ptr=14b8fe0
> >         buf[1]: 0 (0 bytes) ptr=0
> >         buf[2]: 0 (0 bytes) ptr=0
> >         buf[3]: 0 (0 bytes) ptr=0
> > Output Buffers:
> >         buf[0]: 2 (0 bytes) ptr=0
> >         buf[1]: 0 (0 bytes) ptr=0
> > Unexpected return code 2148074242
> >
>
>

Hi Tobias,
On windows 7, I have the same behaviour as Pharo with a Squeak Trunk image

    "this one works:"
    WebClient httpGet: 'https://google.com'.

    "this one not, error SSL connect failed with code: -5"
    WebClient httpGet: 'https://github.com'.

Launching the image both with latest squeak.cog.spur and pharo.cog.spur VM
lead to same symptoms...
The fact that there is a different behavior depending on the OS (other
reported that it works in windows 10) does not militate for a Zodiac
problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20180404/e2e00f5b/attachment-0001.html>

More information about the Vm-dev mailing list