[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] Cannot connect to SSL host (Issue #652)

edoneel notifications at github.com
Tue Aug 30 18:34:40 UTC 2022 

So on Linux (Raspberry Pi) I get the following message on the terminal

SSL routines:ssl3_read_bytes:tlsv1 unrecognized name:../ssl/record/rec_layer_s3.c:1543:SSL alert number 112

This leads us to

https://techcommunity.microsoft.com/t5/iis-support-blog/ssl-tls-alert-protocol-and-the-alert-codes/ba-p/377132

which mentions that 112 is unrecognized_name(112).

When I run it through the Qualsys SSL checker 

https://www.ssllabs.com/ssltest/analyze.html?d=stream.data.alpaca.markets

it does mention that 

This site works only in browsers with SNI support.

so I'm guessing at the level that sslConnect is working it is not getting SNI right.

=================

Now the good news is that this works (again Linux on a PI)


WebClient httpHead: 'https://stream.data.alpaca.markets' 

returning

WebResponse(HTTP/1.1 404 Not Found
date: Tue, 30 Aug 2022 18:22:48 GMT
content-type: text/plain; charset=utf-8
content-length: 21
connection: keep-alive
strict-transport-security: max-age=15724800; includeSubDomains
) 


Now we know that it should work because WebClient works, and it sounds like SNI is an issue.

SecureSocketStream sslConnect just calls self sslConnectTo: nil

And that leads us to the comment in sslConnectTo:

"Perform the SSL client handshake. This method uses all the common SocketStream methods to adhere to the various timeout/signalling settings of SocketStream. It only installs the SSL instance after the handshake is complete. If serverName is not nil, then try to use it for SNI."

So, if one modifies your code as above it seems to work

stream := SecureSocketStream openConnectionToHostNamed: 'stream.data.alpaca.markets' port: 443.
stream sslConnectTo: 'stream.data.alpaca.markets'.
stream binary.
stream halt.
stream close

-- 
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/issues/652#issuecomment-1232022044
You are receiving this because you are subscribed to this thread.

Message ID: <OpenSmalltalk/opensmalltalk-vm/issues/652/1232022044 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20220830/21b4d81c/attachment.html>

More information about the Vm-dev mailing list