Smalltalk › Pharo › Pharo Smalltalk Users

Client cerificate authentication with ZnClient?

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

7 messages Options

Attila Magyar

Client cerificate authentication with ZnClient?

Hi,

Is certificate based authentication supported by ZnClient?

Attila

Sven Van Caekenberghe-2

Re: Client cerificate authentication with ZnClient?

Hi Attila,

I just committed (into #bleedingEdge) :

===
Name: Zinc-HTTP-SvenVanCaekenberghe.416
Author: SvenVanCaekenberghe
Time: 17 October 2014, 1:40:18.538322 pm
UUID: 92867ea6-9aea-4631-a673-9f48a1fdecf8
Ancestors: Zinc-HTTP-SvenVanCaekenberghe.415

Add conceptual framework/code to work with TLS/SSL certificates from ZnClient

Added ZnClient>>#certificate[:]

Moved SSL session #connect logic from ZnNetworkingUtils>>#socketStreamToUrlDirectly: to ZnClient>>#newConnectionTo: and added optional certificate configuration of the plugin
===

Now this is untested and I suspect this will not work everywhere. I know that certificate support is non-existing for the Mac OS X implementation of the SSL plugin. I know that a server side certificate works on Linux (an obvious requirement for an HTTPS server of course).

Please report back if you get this working client side.

Thanks,

Sven

On 16 Oct 2014, at 21:05, Attila Magyar <[hidden email]> wrote:

> Hi,
>
> Is certificate based authentication supported by ZnClient?
>
> Attila
>
>
>
> --
> View this message in context: http://forum.world.st/Client-cerificate-authentication-with-ZnClient-tp4784981.html
> Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
>

Attila Magyar

Re: Client cerificate authentication with ZnClient?

wow, thanks. I will test it on Monday.

Attila Magyar

Re: Client cerificate authentication with ZnClient?

In reply to this post by Sven Van Caekenberghe-2

I couldn't get it working so far. Is there a way to enable some logging in the underlying SqueakSSL?

Sven Van Caekenberghe-2

Re: Client cerificate authentication with ZnClient?

> On 22 Oct 2014, at 13:12, Attila Magyar <[hidden email]> wrote:
>
> I couldn't get it working so far. Is there a way to enable some logging in
> the underlying SqueakSSL?

What platform/version are you trying ?

Like I said, maybe it works on Win/Linux, but even there I would be surprised.

Did you look at the C code of the plugin ? Is there even C code that does what you expect it to do ?

I do not know how to enable the logging inside the plugin, Chris Gybels just told me that he got that working, maybe he can answer. Kris ?

Kris Gybels-2

Re: Client cerificate authentication with ZnClient?

Op 22-okt.-2014, om 13:39 heeft Sven Van Caekenberghe <[hidden email]> het volgende geschreven:

> I do not know how to enable the logging inside the plugin, Chris Gybels just told me that he got that working, maybe he can answer. Kris ?

Here's a version of Zodiac-Core with ZdcPluginSSLSession changed to enable the logging done by the SSL plugin, if that helps.

On a Mac, to see the output of the plugin, you need to run the VM from the Terminal. If you execute [ ZnClient new url: 'https://www.google.com'; get ] in a workspace, you should see some output like this in the Terminal:

$ /Applications/Pharo.app/Contents/MacOS/Pharo Pharo.image
sqConnectSSL: 2d9a30
sqConnectSSL: input token 0 bytes
sqConnectSSL: Setting up SSL
sqSetupSSL: Setting up new context
SqueakSSLWrite: Writing 158 bytes, having 17408 free
SqueakSSLRead: Requesting 1 bytes, having 0 bytes
sqConnectSSL: Produced 158 token bytes
sqConnectSSL: 2d9a30
[...]

The output on Linux / Windows will be somewhat different I assume, I haven't tried it. To understand what is being logged, you'll need to look at the C code of the plugin:

https://code.google.com/p/squeakssl/source/browse/src/#src

Zodiac-Core-KrisGybels.32.mcz (28K) Download Attachment

Sven Van Caekenberghe-2

Re: Client cerificate authentication with ZnClient?

Kris,

I merged your changes in (except for the default being false instead of true for logging) - Thanks!

===
Name: Zodiac-Core-SvenVanCaekenberghe.35
Author: SvenVanCaekenberghe
Time: 24 October 2014, 1:56:40.080389 pm
UUID: d27bbfa1-187d-4ab9-b7e8-5a77a34aeb6a
Ancestors: Zodiac-Core-KrisGybels.32

Merging in Kris' code to enable logging of the native code inside the plugin (Thx Kris Gybels)

Disabled the experimental changes in 32

Jumping over some versions that exist out there
===

Sven

> On 24 Oct 2014, at 12:55, Kris Gybels <[hidden email]> wrote:
>
> Op 22-okt.-2014, om 13:39 heeft Sven Van Caekenberghe <[hidden email]> het volgende geschreven:
>
>> I do not know how to enable the logging inside the plugin, Chris Gybels just told me that he got that working, maybe he can answer. Kris ?
>
> Here's a version of Zodiac-Core with ZdcPluginSSLSession changed to enable the logging done by the SSL plugin, if that helps.
>
> On a Mac, to see the output of the plugin, you need to run the VM from the Terminal. If you execute [ ZnClient new url: 'https://www.google.com'; get ] in a workspace, you should see some output like this in the Terminal:
>
> $ /Applications/Pharo.app/Contents/MacOS/Pharo Pharo.image
> sqConnectSSL: 2d9a30
> sqConnectSSL: input token 0 bytes
> sqConnectSSL: Setting up SSL
> sqSetupSSL: Setting up new context
> SqueakSSLWrite: Writing 158 bytes, having 17408 free
> SqueakSSLRead: Requesting 1 bytes, having 0 bytes
> sqConnectSSL: Produced 158 token bytes
> sqConnectSSL: 2d9a30
> [...]
>
> The output on Linux / Windows will be somewhat different I assume, I haven't tried it. To understand what is being logged, you'll need to look at the C code of the plugin:
>
> https://code.google.com/p/squeakssl/source/browse/src/#src
>
> <Zodiac-Core-KrisGybels.32.mcz>