Combining SqueakSSL and SMTPClient?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
bpi
Reply | Threaded
Open this post in threaded view
|

Combining SqueakSSL and SMTPClient?

bpi
Dear fellow Squeakers,

I want to connect to an SMTP server which is secured by using SSL from Squeak, in fact the MobileMe SMTP server.

I thought this might be a good use case for SqueakSSL. I installed it on my Mac. I think it works, see http://lists.squeakfoundation.org/pipermail/squeak-dev/2010-October/154203.html.

I use the following code:

| smtp |
smtp := SMTPClient new.
smtp user: 'myname'.
smtp password: 'mypassword'.
[smtp openOnHost: (NetNameResolver addressForName: 'smtp.me.com' timeout: 20) port: 465.
smtp mailFrom: '[hidden email]'
        to: '[hidden email]'
        text: 'Hello from Squeak''s SMTPClient'.
smtp quit] ensure: [smtp close].

My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.

I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.

Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:

ensureConnection
        | sqSSL |
        self isConnected
                ifTrue: [^self].
        self stream
                ifNotNil: [self stream close].

        self stream: (SecureSocketStream openConnectionToHost: self host port: self port).
        sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing'].
        "Convert the stream to a secure stream"
        self stream: (sqSSL secureSocketStream on: stream socket).
        "Do the SSL handshake"
        stream sslConnect.
        "And cert verification"
        stream verifyCert: self serverName.
        self checkResponse.
        self login

This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.

At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?

Cheers,
Bernhard
Reply | Threaded
Open this post in threaded view
|

Re: Combining SqueakSSL and SMTPClient?

Andreas.Raab
On 10/5/2010 2:16 PM, Bernhard Pieber wrote:
> My first question: Is SecureSocketStream from SqueakSSL-Core polymorphic to SocketStream which is used in SMTPClient's stream inst var? See ProtocolClient>>ensureConnection.

Yes.

> I tried to replace it with a SecureSocketStream in my own SecureSMTPClient subclass. That alone does not work. I kind of guessed that because at least a handshake will very probably be needed.

Correct.

> Then I looked at WebClient>>sslConnect as an example and tried to do something similar in my subclass:
>
> ensureConnection
> | sqSSL |
> self isConnected
> ifTrue: [^self].
> self stream
> ifNotNil: [self stream close].
>
> self stream: (SecureSocketStream openConnectionToHost: self host port: self port).
> sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL is missing'].
> "Convert the stream to a secure stream"
> self stream: (sqSSL secureSocketStream on: stream socket).
> "Do the SSL handshake"
> stream sslConnect.
> "And cert verification"
> stream verifyCert: self serverName.
> self checkResponse.
> self login
>
> This still does not work. I get ConnectionTimedOut: Cannot connect to 17.148.17.61:465.
>
> At this point I thought I might ask here. Has anyone done this already maybe? What could I try next?

If you get a connection timeout, it means the server isn't listening on
the port. There is nothing 'magical' about SSL - it simply does a TCP
connect followed by the SSL handshake. If no connection can be
established, it means nothing is listening on the other end; almost
always because you're using the wrong port.

FWIW, Wikipedia points out that "although some servers support port 465
for legacy secure SMTP in violation of the specifications, it is
preferable to use standard ports and standard ESMTP commands[14]
according to RFC 3207 if a secure session needs to be used between the
client and the server."

RFC 3207 has this nice usage example:

    The following dialog illustrates how a client and server can start a
    TLS session:

    S: <waits for connection on TCP port 25>
    C: <opens connection>
    S: 220 mail.imc.org SMTP service ready
    C: EHLO mail.example.com
    S: 250-mail.imc.org offers a warm hug of welcome
    S: 250-8BITMIME
    S: 250-STARTTLS
    S: 250 DSN
    C: STARTTLS
    S: 220 Go ahead
    C: <starts TLS negotiation>
    C & S: <negotiate a TLS session>
    C & S: <check result of negotiation>
    C: EHLO mail.example.com
    S: 250-mail.imc.org touches your hand gently for a moment
    S: 250-8BITMIME
    S: 250 DSN

Note that the above uses port 25 (and not 465) combined with the
STARTTLS command.

Cheers,
   - Andreas


Reply | Threaded
Open this post in threaded view
|

Re: Combining SqueakSSL and SMTPClient?

giuliano.vitali
In reply to this post by bpi
I'm quite doing the same of Bernhard,
but without success: connection is successful but
I still get a timeOut, so my questions are:

do I need some certificate when working with a Client ?

does SqueakSSL manage STARTTLS protocol="smtp" (OpenSSL format) ?

Many thanks, Giuliano