[ANN] SqueakSSL - a platform interface for SSL/TLS

> Folks -
>
> Since the weekend is over I've decided to release what I got so far and
> consequently I'm happy to announce the availability of a new interface to
> the platform SSL/TLS facilities for Squeak. SqueakSSL is a plugin-based
> approach which utilizes the platform implementation; currently the SCHANNEL
> SSPI on Windows and OpenSSL on Unix.
>
> To use SqueakSSL you need the following pieces:
> 1) The plugin for your platform. For Windows, you can download the plugin
> from
>
>        http://squeakvm.org/win32/release/SqueakSSL.zip
>
> For Unix you'll have to compile your own; I'm attaching the relevant part of
> the platforms tree. Mac support is currently not provided but the OpenSSL
> based version can probably be adapted for Macs.
>
> 2) The SqueakSSL source code and tests. All of this can be found at
>
>        http://www.squeaksource.com/SqueakSSL.html
>
> You need SqueakSSL-Core for the code and SqueakSSL-Tests for the unit tests
> (SqueakSSL-Plugin is the plugin source which you don't need and which we'll
> probably push into VMMaker).
>
> Once you've downloaded and installed everything correctly, you should be
> able to try SqueakSSL via the google example, which makes a query to
> encrypted.google.com:
>
>        SqueakSSL google: 'Squeak'.
>
> If the query fails your plugin is probably not installed correctly (it seems
> unlikely that Google's cert has an issue :-)
>
> 3) For further tests (incl. the unit tests) you will need to provide a
> server certificate that can be used by SqueakSSL. On Unix you can do that
> using the openssl command line tools and once you've generated your cert,
> you can tell SqueakSSLTest to use the cert. On Windows the process is a bit
> more involved - you need to have a valid cert AND have it installed in the
> local certificate store (a description can be found at
> http://support.microsoft.com/kb/816794 but make sure you install it in your
> *user* account not the computer account). Once you have the cert installed,
> you can run the unit tests which should now succeed.
>
> Obviously, this is an early release and there's plenty of work that remains
> to be done, so help is welcome. However, it is starting to become useful and
> consequently I'm intending to update WebServer and WebClient soon for HTTPS
> support.
>
> Cheers,
>  - Andreas
>
>
>
>

> 2010/7/19 Andreas Raab<[hidden email]>:
>> Folks -
>>
>> Since the weekend is over I've decided to release what I got so far and
>> For Unix you'll have to compile your own; I'm attaching the relevant part of
>> the platforms tree. Mac support is currently not provided but the OpenSSL
>> based version can probably be adapted for Macs.
>>
>
>

> On 9/17/2010 5:24 AM, Germán Arduino wrote:
>>
>> Hi:
>>
>> Only now I've the time (and need) of try SSL.
>>
>> Can you comment briefly how to compile the SSL plugin on Linux, to work
>> with Cog
>> (I'm using the cog binary downloaded from
>> http://www.mirandabanda.org/files/Cog/VM/VM.r2219/) ?
>
> There should be no need to recompile it, the version available from
> http://squeakvm.org/win32/release/SqueakSSL-bin.zip should work out of the
> box. Or are you seeing any problems? For recompilation, you'd have to add
> the openssl libraries to the link (i.a., add -lopenssl) but that's pretty
> much all there is to it. Also, check out the post at
> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
> which provides some setup instructions for Ubuntu.
>
> Cheers,
>  - Andreas
>
>> 2010/7/19 Andreas Raab<[hidden email]>:
>>>
>>> Folks -
>>>
>>> Since the weekend is over I've decided to release what I got so far and
>>> For Unix you'll have to compile your own; I'm attaching the relevant part
>>> of
>>> the platforms tree. Mac support is currently not provided but the OpenSSL
>>> based version can probably be adapted for Macs.
>>>
>>
>>
>
>
>

> Yes, sorry the buzz, I was not aware than on the zip of above (related
> to windows) also cames the .so for Linux.
>
> It works ok with Squeak 4,1 normal VM, not tried yet with Cog.
>
> Thanks.
>
>
> About problem I'm trying now
>
> 2010/9/17 Andreas Raab<[hidden email]>:
>> On 9/17/2010 5:24 AM, Germán Arduino wrote:
>>> Hi:
>>>
>>> Only now I've the time (and need) of try SSL.
>>>
>>> Can you comment briefly how to compile the SSL plugin on Linux, to work
>>> with Cog
>>> (I'm using the cog binary downloaded from
>>> http://www.mirandabanda.org/files/Cog/VM/VM.r2219/) ?
>> There should be no need to recompile it, the version available from
>> http://squeakvm.org/win32/release/SqueakSSL-bin.zip should work out of the
>> box. Or are you seeing any problems? For recompilation, you'd have to add
>> the openssl libraries to the link (i.a., add -lopenssl) but that's pretty
>> much all there is to it. Also, check out the post at
>> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
>> which provides some setup instructions for Ubuntu.
>>
>> Cheers,
>>   - Andreas
>>
>>> 2010/7/19 Andreas Raab<[hidden email]>:
>>>> Folks -
>>>>
>>>> Since the weekend is over I've decided to release what I got so far and
>>>> For Unix you'll have to compile your own; I'm attaching the relevant part
>>>> of
>>>> the platforms tree. Mac support is currently not provided but the OpenSSL
>>>> based version can probably be adapted for Macs.
>>>>
>>>
>>
>>
>
>

>
> Lawson
>
> On 9/17/10 2:55 PM, Germán Arduino wrote:
>> Yes, sorry the buzz, I was not aware than on the zip of above (related
>> to windows) also cames the .so for Linux.
>>
>> It works ok with Squeak 4,1 normal VM, not tried yet with Cog.
>>
>> Thanks.
>>
>>
>> About problem I'm trying now
>>
>> 2010/9/17 Andreas Raab<[hidden email]>:
>>> On 9/17/2010 5:24 AM, Germán Arduino wrote:
>>>> Hi:
>>>>
>>>> Only now I've the time (and need) of try SSL.
>>>>
>>>> Can you comment briefly how to compile the SSL plugin on Linux, to work
>>>> with Cog
>>>> (I'm using the cog binary downloaded from
>>>> http://www.mirandabanda.org/files/Cog/VM/VM.r2219/) ?
>>> There should be no need to recompile it, the version available from
>>> http://squeakvm.org/win32/release/SqueakSSL-bin.zip should work out
>>> of the
>>> box. Or are you seeing any problems? For recompilation, you'd have to
>>> add
>>> the openssl libraries to the link (i.a., add -lopenssl) but that's
>>> pretty
>>> much all there is to it. Also, check out the post at
>>> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
>>>
>>> which provides some setup instructions for Ubuntu.
>>>
>>> Cheers,
>>> - Andreas
>>>
>>>> 2010/7/19 Andreas Raab<[hidden email]>:
>>>>> Folks -
>>>>>
>>>>> Since the weekend is over I've decided to release what I got so far
>>>>> and
>>>>> For Unix you'll have to compile your own; I'm attaching the
>>>>> relevant part
>>>>> of
>>>>> the platforms tree. Mac support is currently not provided but the
>>>>> OpenSSL
>>>>> based version can probably be adapted for Macs.
>>>>>
>>>>
>>>
>>>
>>
>>
>
>
>

> On 9/17/2010 5:13 PM, Lawson English wrote:
>> The Mac OS X version isn't in there yet, right?
>
> It is, but the support is incomplete. I haven't made my way through
> the Apple Certificate APIs which means that you cannot:
> * Verify a server certificate (it will always fail)
> * Specify the certificate for a server (i.e., no Seaside support)
> Depending on what you're trying to do this may still be sufficient. If
> all you need is https access for encryption and don't care about the
> certificate validation it will work fine. If you need more then you're
> out of luck for now.
>
> Cheers,
>   - Andreas

> On 9/17/2010 5:13 PM, Lawson English wrote:
>> The Mac OS X version isn't in there yet, right?
>
> It is, but the support is incomplete. I haven't made my way through
> the Apple Certificate APIs which means that you cannot:
> * Verify a server certificate (it will always fail)
> * Specify the certificate for a server (i.e., no Seaside support)
> Depending on what you're trying to do this may still be sufficient. If
> all you need is https access for encryption and don't care about the
> certificate validation it will work fine. If you need more then you're
> out of luck for now.
>
> Cheers,
>   - Andreas
>
>>
>> Lawson
>>
>> On 9/17/10 2:55 PM, Germán Arduino wrote:
>>> Yes, sorry the buzz, I was not aware than on the zip of above (related
>>> to windows) also cames the .so for Linux.
>>>
>>> It works ok with Squeak 4,1 normal VM, not tried yet with Cog.
>>>
>>> Thanks.
>>>
>>>
>>> About problem I'm trying now
>>>
>>> 2010/9/17 Andreas Raab<[hidden email]>:
>>>> On 9/17/2010 5:24 AM, Germán Arduino wrote:
>>>>> Hi:
>>>>>
>>>>> Only now I've the time (and need) of try SSL.
>>>>>
>>>>> Can you comment briefly how to compile the SSL plugin on Linux, to
>>>>> work
>>>>> with Cog
>>>>> (I'm using the cog binary downloaded from
>>>>> http://www.mirandabanda.org/files/Cog/VM/VM.r2219/) ?
>>>> There should be no need to recompile it, the version available from
>>>> http://squeakvm.org/win32/release/SqueakSSL-bin.zip should work out
>>>> of the
>>>> box. Or are you seeing any problems? For recompilation, you'd have to
>>>> add
>>>> the openssl libraries to the link (i.a., add -lopenssl) but that's
>>>> pretty
>>>> much all there is to it. Also, check out the post at
>>>> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/ 
>>>>
>>>>
>>>> which provides some setup instructions for Ubuntu.
>>>>
>>>> Cheers,
>>>> - Andreas
>>>>
>>>>> 2010/7/19 Andreas Raab<[hidden email]>:
>>>>>> Folks -
>>>>>>
>>>>>> Since the weekend is over I've decided to release what I got so far
>>>>>> and
>>>>>> For Unix you'll have to compile your own; I'm attaching the
>>>>>> relevant part
>>>>>> of
>>>>>> the platforms tree. Mac support is currently not provided but the
>>>>>> OpenSSL
>>>>>> based version can probably be adapted for Macs.
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
>

> I'm probably doing this completely wrong, but this fails:
>
> (WebClient httpGet: 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>
> Error: primitiveSSLCreateFailed/
>
>
> I've got the latest SqueakSSL package and plugin installed, and the
> latest webclient on Squeak 4.1 VM.
>
> The URL doesn't return a valid certificate anyway, its just an xml-rpc
> portal for getting a login URL via an encrypted connection.
>
>
> Lawson
>
> On 9/17/10 5:26 PM, Andreas Raab wrote:
>> On 9/17/2010 5:13 PM, Lawson English wrote:
>>> The Mac OS X version isn't in there yet, right?
>>
>> It is, but the support is incomplete. I haven't made my way through
>> the Apple Certificate APIs which means that you cannot:
>> * Verify a server certificate (it will always fail)
>> * Specify the certificate for a server (i.e., no Seaside support)
>> Depending on what you're trying to do this may still be sufficient. If
>> all you need is https access for encryption and don't care about the
>> certificate validation it will work fine. If you need more then you're
>> out of luck for now.
>>
>> Cheers,
>> - Andreas
>>
>>>
>>> Lawson
>>>
>>> On 9/17/10 2:55 PM, Germán Arduino wrote:
>>>> Yes, sorry the buzz, I was not aware than on the zip of above (related
>>>> to windows) also cames the .so for Linux.
>>>>
>>>> It works ok with Squeak 4,1 normal VM, not tried yet with Cog.
>>>>
>>>> Thanks.
>>>>
>>>>
>>>> About problem I'm trying now
>>>>
>>>> 2010/9/17 Andreas Raab<[hidden email]>:
>>>>> On 9/17/2010 5:24 AM, Germán Arduino wrote:
>>>>>> Hi:
>>>>>>
>>>>>> Only now I've the time (and need) of try SSL.
>>>>>>
>>>>>> Can you comment briefly how to compile the SSL plugin on Linux, to
>>>>>> work
>>>>>> with Cog
>>>>>> (I'm using the cog binary downloaded from
>>>>>> http://www.mirandabanda.org/files/Cog/VM/VM.r2219/) ?
>>>>> There should be no need to recompile it, the version available from
>>>>> http://squeakvm.org/win32/release/SqueakSSL-bin.zip should work out
>>>>> of the
>>>>> box. Or are you seeing any problems? For recompilation, you'd have to
>>>>> add
>>>>> the openssl libraries to the link (i.a., add -lopenssl) but that's
>>>>> pretty
>>>>> much all there is to it. Also, check out the post at
>>>>> http://squeakingalong.wordpress.com/2010/08/07/using-squeakssl-with-seaside/
>>>>>
>>>>>
>>>>> which provides some setup instructions for Ubuntu.
>>>>>
>>>>> Cheers,
>>>>> - Andreas
>>>>>
>>>>>> 2010/7/19 Andreas Raab<[hidden email]>:
>>>>>>> Folks -
>>>>>>>
>>>>>>> Since the weekend is over I've decided to release what I got so far
>>>>>>> and
>>>>>>> For Unix you'll have to compile your own; I'm attaching the
>>>>>>> relevant part
>>>>>>> of
>>>>>>> the platforms tree. Mac support is currently not provided but the
>>>>>>> OpenSSL
>>>>>>> based version can probably be adapted for Macs.
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>

> Hi -
>
> Most likely this means that plugin isn't installed correctly. Make
> sure the bundle is in the right place (i.e., Contents/Resources) and
> that the actual executable (SqueakSSL.bundle/Contents/MacOS/SqueakSSL)
> has executable permissions.
>
> Cheers,
>   - Andreas
>
> On 10/3/2010 8:08 PM, Lawson English wrote:
>> I'm probably doing this completely wrong, but this fails:
>>
>> (WebClient httpGet:
>> 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>>
>> Error: primitiveSSLCreateFailed/
>>
>>
>> I've got the latest SqueakSSL package and plugin installed, and the
>> latest webclient on Squeak 4.1 VM.
>>
>> The URL doesn't return a valid certificate anyway, its just an xml-rpc
>> portal for getting a login URL via an encrypted connection.
>>
>>
>> Lawson
>>
>>>>>
>

> The bundle is in the right place and all the permissions seem to be correct. There IS a difference between this and other plugins though:
>
> the bundle has permissions drwxr-xr-x@ 4   vs   drwxr-xr-x  4  for other bundles.
> the executable has permissions -rwxr-xr-x@ 4   vs   -rwxr-xr-x  4
>
> could the '@' have anything to do with it?
>
> Otherwise, I seem to be stuck.
>
> Thanks,
>
> Lawson
>
> On 10/4/10 10:59 AM, Andreas Raab wrote:
>> Hi -
>>
>> Most likely this means that plugin isn't installed correctly. Make sure the bundle is in the right place (i.e., Contents/Resources) and that the actual executable (SqueakSSL.bundle/Contents/MacOS/SqueakSSL) has executable permissions.
>>
>> Cheers,
>>  - Andreas
>>
>> On 10/3/2010 8:08 PM, Lawson English wrote:
>>> I'm probably doing this completely wrong, but this fails:
>>>
>>> (WebClient httpGet: 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>>>
>>> Error: primitiveSSLCreateFailed/
>>>
>>>
>>> I've got the latest SqueakSSL package and plugin installed, and the
>>> latest webclient on Squeak 4.1 VM.
>>>
>>> The URL doesn't return a valid certificate anyway, its just an xml-rpc
>>> portal for getting a login URL via an encrypted connection.
>>>
>>>
>>> Lawson
>>>
>>>>>>
>>
>
>

> The '@' means there is an extended attribute set on the file.  Use "ls -l@ed" to see what it is.  If it is the "quarantine" bit, it won't execute unless you answer a popup dialog saying it is OK to do so.  You can use the "xattr" command to remove it.  There is no man page for xattr, but "xattr -?" gives an almost usable usage message :).
>
> On 2010-Oct-4, at 13:41, Lawson English wrote:
>
>> The bundle is in the right place and all the permissions seem to be correct. There IS a difference between this and other plugins though:
>>
>> the bundle has permissions drwxr-xr-x@ 4   vs   drwxr-xr-x  4  for other bundles.
>> the executable has permissions -rwxr-xr-x@ 4   vs   -rwxr-xr-x  4
>>
>> could the '@' have anything to do with it?
>>
>> Otherwise, I seem to be stuck.
>>
>> Thanks,
>>
>> Lawson
>>
>> On 10/4/10 10:59 AM, Andreas Raab wrote:
>>> Hi -
>>>
>>> Most likely this means that plugin isn't installed correctly. Make sure the bundle is in the right place (i.e., Contents/Resources) and that the actual executable (SqueakSSL.bundle/Contents/MacOS/SqueakSSL) has executable permissions.
>>>
>>> Cheers,
>>>   - Andreas
>>>
>>> On 10/3/2010 8:08 PM, Lawson English wrote:
>>>> I'm probably doing this completely wrong, but this fails:
>>>>
>>>> (WebClient httpGet: 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>>>>
>>>> Error: primitiveSSLCreateFailed/
>>>>
>>>>
>>>> I've got the latest SqueakSSL package and plugin installed, and the
>>>> latest webclient on Squeak 4.1 VM.
>>>>
>>>> The URL doesn't return a valid certificate anyway, its just an xml-rpc
>>>> portal for getting a login URL via an encrypted connection.
>>>>
>>>>
>>>> Lawson
>>>>
>>>>
>
>
>

> There WAS a quarantine bit, but I removed it by doing xattr -rd "com.apple.quarantine" SqueakSSL.bundle/  which removed the flag all the way down but I still get the same error. :-/
>
>
>
> On 10/4/10 6:12 PM, Tom Rushworth wrote:
>> The '@' means there is an extended attribute set on the file.  Use "ls -l@ed" to see what it is.  If it is the "quarantine" bit, it won't execute unless you answer a popup dialog saying it is OK to do so.  You can use the "xattr" command to remove it.  There is no man page for xattr, but "xattr -?" gives an almost usable usage message :).
>>
>> On 2010-Oct-4, at 13:41, Lawson English wrote:
>>
>>> The bundle is in the right place and all the permissions seem to be correct. There IS a difference between this and other plugins though:
>>>
>>> the bundle has permissions drwxr-xr-x@ 4   vs   drwxr-xr-x  4  for other bundles.
>>> the executable has permissions -rwxr-xr-x@ 4   vs   -rwxr-xr-x  4
>>>
>>> could the '@' have anything to do with it?
>>>
>>> Otherwise, I seem to be stuck.
>>>
>>> Thanks,
>>>
>>> Lawson
>>>
>>> On 10/4/10 10:59 AM, Andreas Raab wrote:
>>>> Hi -
>>>>
>>>> Most likely this means that plugin isn't installed correctly. Make sure the bundle is in the right place (i.e., Contents/Resources) and that the actual executable (SqueakSSL.bundle/Contents/MacOS/SqueakSSL) has executable permissions.
>>>>
>>>> Cheers,
>>>>  - Andreas
>>>>
>>>> On 10/3/2010 8:08 PM, Lawson English wrote:
>>>>> I'm probably doing this completely wrong, but this fails:
>>>>>
>>>>> (WebClient httpGet: 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>>>>>
>>>>> Error: primitiveSSLCreateFailed/
>>>>>
>>>>>
>>>>> I've got the latest SqueakSSL package and plugin installed, and the
>>>>> latest webclient on Squeak 4.1 VM.
>>>>>
>>>>> The URL doesn't return a valid certificate anyway, its just an xml-rpc
>>>>> portal for getting a login URL via an encrypted connection.
>>>>>
>>>>>
>>>>> Lawson
>>>>>
>>>>>
>>
>>
>>
>
>

>  There WAS a quarantine bit, but I removed it by doing xattr -rd
> "com.apple.quarantine" SqueakSSL.bundle/  which removed the flag all
> the way down but I still get the same error. :-/
>
>
>
> On 10/4/10 6:12 PM, Tom Rushworth wrote:
>> The '@' means there is an extended attribute set on the file.  Use
>> "ls -l@ed" to see what it is.  If it is the "quarantine" bit, it
>> won't execute unless you answer a popup dialog saying it is OK to do
>> so.  You can use the "xattr" command to remove it.  There is no man
>> page for xattr, but "xattr -?" gives an almost usable usage message :).
>>
>> On 2010-Oct-4, at 13:41, Lawson English wrote:
>>
>>> The bundle is in the right place and all the permissions seem to be
>>> correct. There IS a difference between this and other plugins though:
>>>
>>> the bundle has permissions drwxr-xr-x@ 4   vs   drwxr-xr-x  4  for
>>> other bundles.
>>> the executable has permissions -rwxr-xr-x@ 4   vs   -rwxr-xr-x  4
>>>
>>> could the '@' have anything to do with it?
>>>
>>> Otherwise, I seem to be stuck.
>>>
>>> Thanks,
>>>
>>> Lawson
>>>
>>> On 10/4/10 10:59 AM, Andreas Raab wrote:
>>>> Hi -
>>>>
>>>> Most likely this means that plugin isn't installed correctly. Make
>>>> sure the bundle is in the right place (i.e., Contents/Resources)
>>>> and that the actual executable
>>>> (SqueakSSL.bundle/Contents/MacOS/SqueakSSL) has executable
>>>> permissions.
>>>>
>>>> Cheers,
>>>>   - Andreas
>>>>
>>>> On 10/3/2010 8:08 PM, Lawson English wrote:
>>>>> I'm probably doing this completely wrong, but this fails:
>>>>>
>>>>> (WebClient httpGet:
>>>>> 'https://login.agni.lindenlab.com/cgi-bin/login.cgi')
>>>>>
>>>>> Error: primitiveSSLCreateFailed/
>>>>>
>>>>>
>>>>> I've got the latest SqueakSSL package and plugin installed, and the
>>>>> latest webclient on Squeak 4.1 VM.
>>>>>
>>>>> The URL doesn't return a valid certificate anyway, its just an
>>>>> xml-rpc
>>>>> portal for getting a login URL via an encrypted connection.
>>>>>
>>>>>
>>>>> Lawson
>>>>>
>>>>>
>>
>>
>>
>
>
>

> Hi Lawson,
>
> I think it works on my Mac. What makes me believe so?
>
> I inspect the following:
> WebClient httpGet: 'https://www.google.com/search?q=squeak'
>
> I get the following notifier twice:
> Error: No certificate was provided(code: -1)
>
> I expected that because of http://lists.squeakfoundation.org/pipermail/squeak-dev/2010-September/153740.html. Why it fails twice, I don't know.
>
> I Proceed twice and then I get an Inspector on a WebResponse with HTTP/1.1 200 OK. The content looks as if it might be correct.
>
> I have Snow Leopard 10.6.4 on an Mac Pro (Dual-Core Intel Xenon). I use the Squeak 5.8b10 VM from John.
>
> Here you can see how I installed the bundle after unzipping SqueakSSL-bin.zip:
>