Has anyone used Zodiac and Seaside to for https?
Locked
Has anyone used Zodiac and Seaside to for https?
 
|
Hi. Let's say I have a seaside running over HTTP with a ZnZincServerAdaptor. Is there a Zodiac adaptor I can use to have my seaside app running over HTTPS?
Thanks,
Mariano http://marianopeck.wordpress.com _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
Hi there Mariano,
On 18 Apr 2013, at 22:03, Mariano Martinez Peck <[hidden email]> wrote: > Hi. Let's say I have a seaside running over HTTP with a ZnZincServerAdaptor. Is there a Zodiac adaptor I can use to have my seaside app running over HTTPS? > > Thanks, > > -- > Mariano > http://marianopeck.wordpress.com This is Pharo Smalltalk, of course you can do that ;-) The trick is to use #server: to give the adaptor a specific server instance to use, in this case a configured ZnSecureServer instance. Something along these lines (I haven't actually tried it) | httpsServer | (httpsServer := ZnSecureServer on: 1443) certificate: '/home/sven/ssl/key-cert.pem'. ZnZincServerAdaptor default server: httpsServer; configureDelegate; configureServerForBinaryReading; start. You could best test the httpsServer on its own (you need to get the certificate right). Problem is, this won't work on Mac OS X. If you can't get it to work, let me know and I can try on a Linux machine (but not right away). Sven PS: Maybe ZnZincServerAdaptor>>#server: should send the 2 #configure messages itself, now that I look at it. -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
On 18 Apr 2013, at 22:23, Sven Van Caekenberghe <[hidden email]> wrote: > You could best test the httpsServer on its own (you need to get the certificate right). I always forget how to make the key-cert.pem This is one pointer that might help http://devsec.org/info/ssl-cert.html I believe it is the thing they call server.pem Sven -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Sven Van Caekenberghe-2
On 18 April 2013 22:23, Sven Van Caekenberghe <[hidden email]> wrote:
> Hi there Mariano, > > On 18 Apr 2013, at 22:03, Mariano Martinez Peck <[hidden email]> wrote: > >> Hi. Let's say I have a seaside running over HTTP with a ZnZincServerAdaptor. Is there a Zodiac adaptor I can use to have my seaside app running over HTTPS? >> >> Thanks, >> >> -- >> Mariano >> http://marianopeck.wordpress.com > > This is Pharo Smalltalk, of course you can do that ;-) > > The trick is to use #server: to give the adaptor a specific server instance to use, in this case a configured ZnSecureServer instance. > > Something along these lines (I haven't actually tried it) > > | httpsServer | > > (httpsServer := ZnSecureServer on: 1443) > certificate: '/home/sven/ssl/key-cert.pem'. > > ZnZincServerAdaptor default > server: httpsServer; > configureDelegate; > configureServerForBinaryReading; > start. > > You could best test the httpsServer on its own (you need to get the certificate right). > Problem is, this won't work on Mac OS X. > anything i can help with? > If you can't get it to work, let me know and I can try on a Linux machine (but not right away). > > Sven > > PS: Maybe ZnZincServerAdaptor>>#server: should send the 2 #configure messages itself, now that I look at it. > > -- > Sven Van Caekenberghe > Proudly supporting Pharo > http://pharo.org > http://association.pharo.org > http://consortium.pharo.org > > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside -- Best regards, Igor Stasenko. _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Sven Van Caekenberghe-2
Just as a follow on. Free CA certs are available from
http://www.startssl.com/ And Sean Allen has a writeup about using Nginx to terminate SSL connections to Seaside images here http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https-client-for-glass.html On 04/18/2013 01:56 PM, Sven Van Caekenberghe wrote: > > On 18 Apr 2013, at 22:23, Sven Van Caekenberghe <[hidden email]> wrote: > >> You could best test the httpsServer on its own (you need to get the certificate right). > > I always forget how to make the key-cert.pem > > This is one pointer that might help > > http://devsec.org/info/ssl-cert.html > > I believe it is the thing they call server.pem > > Sven > > > -- > Sven Van Caekenberghe > Proudly supporting Pharo > http://pharo.org > http://association.pharo.org > http://consortium.pharo.org > > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
On 18 Apr 2013, at 23:23, Paul DeBruicker <[hidden email]> wrote: > Just as a follow on. Free CA certs are available from > > http://www.startssl.com/ Indeed, we have used that as well. > And Sean Allen has a writeup about using Nginx to terminate SSL > connections to Seaside images here > > http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https-client-for-glass.html For production usages, fronting Seaside/Pharo with a heavy duty server doing the HTTPS work is much better. > On 04/18/2013 01:56 PM, Sven Van Caekenberghe wrote: >> >> On 18 Apr 2013, at 22:23, Sven Van Caekenberghe <[hidden email]> wrote: >> >>> You could best test the httpsServer on its own (you need to get the certificate right). >> >> I always forget how to make the key-cert.pem >> >> This is one pointer that might help >> >> http://devsec.org/info/ssl-cert.html >> >> I believe it is the thing they call server.pem >> >> Sven >> >> >> -- >> Sven Van Caekenberghe >> Proudly supporting Pharo >> http://pharo.org >> http://association.pharo.org >> http://consortium.pharo.org >> >> >> >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Sven Van Caekenberghe-2
On 18 Apr 2013, at 22:56, Sven Van Caekenberghe <[hidden email]> wrote: > > On 18 Apr 2013, at 22:23, Sven Van Caekenberghe <[hidden email]> wrote: > >> You could best test the httpsServer on its own (you need to get the certificate right). > > I always forget how to make the key-cert.pem > > This is one pointer that might help > > http://devsec.org/info/ssl-cert.html > > I believe it is the thing they call server.pem > > Sven Here is how it worked for me (the ZnSecureServer part): sven@netbook:~/ssl$ openssl genrsa -out privkey.pem 1024 Generating RSA private key, 1024 bit long modulus ..........................................................++++++ .++++++ e is 65537 (0x10001) sven@netbook:~/ssl$ openssl req -new -key privkey.pem -out certreq.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:BE State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:Hasselt Organization Name (eg, company) [Internet Widgits Pty Ltd]:STfx.eu Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:Sven Van Caekenberghe Email Address []:[hidden email] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: sven@netbook:~/ssl$ ls certreq.csr privkey.pem sven@netbook:~/ssl$ openssl x509 -req -days 3650 -in certreq.csr -signkey privkey.pem -out newcert.pem Signature ok subject=/C=BE/ST=Some-State/L=Hasselt/O=STfx.eu/CN=Sven Van Caekenberghe/emailAddress=[hidden email] Getting Private key sven@netbook:~/ssl$ ( openssl x509 -in newcert.pem; cat privkey.pem ) > server.pem (ZnSecureServer on: 1443) certificate: '/home/sven/ssl/server.pem'; logToTranscript; start; yourself. _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] [Seaside] Re: Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Igor Stasenko
Igor,
On 18 Apr 2013, at 23:21, Igor Stasenko <[hidden email]> wrote: > why? > anything i can help with? Well, last time I looked (eons ago), in the C code of the Mac SSL plugin, the certificate was not used/implemented. For starters, follow ZdcPluginSSLSession>>#certiificate[:] to find the primitive. Then see ihow/if that actually does something and/or is being used - in the C/plugin code. It would be really great if we could fix this. Sven -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Paul DeBruicker
Am 18.04.2013 um 23:23 schrieb Paul DeBruicker <[hidden email]>: > Just as a follow on. Free CA certs are available from > > http://www.startssl.com/ > > > And Sean Allen has a writeup about using Nginx to terminate SSL > connections to Seaside images here > > http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https-client-for-glass.html > Norbert > > > On 04/18/2013 01:56 PM, Sven Van Caekenberghe wrote: >> >> On 18 Apr 2013, at 22:23, Sven Van Caekenberghe <[hidden email]> wrote: >> >>> You could best test the httpsServer on its own (you need to get the certificate right). >> >> I always forget how to make the key-cert.pem >> >> This is one pointer that might help >> >> http://devsec.org/info/ssl-cert.html >> >> I believe it is the thing they call server.pem >> >> Sven >> >> >> -- >> Sven Van Caekenberghe >> Proudly supporting Pharo >> http://pharo.org >> http://association.pharo.org >> http://consortium.pharo.org >> >> >> >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside >> > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] [Seaside] Re: Has anyone used Zodiac and Seaside to for https?
|
|
In reply to this post by Sven Van Caekenberghe-2
On 18 April 2013 23:46, Sven Van Caekenberghe <[hidden email]> wrote:
> Igor, > > On 18 Apr 2013, at 23:21, Igor Stasenko <[hidden email]> wrote: > >> why? >> anything i can help with? > > Well, last time I looked (eons ago), in the C code of the Mac SSL plugin, the certificate was not used/implemented. > > For starters, follow ZdcPluginSSLSession>>#certiificate[:] to find the primitive. > > Then see ihow/if that actually does something and/or is being used - in the C/plugin code. > > It would be really great if we could fix this. > for Mac VM. (so plugin works with vanilla ssl library on all platforms). Not true. We should fix that: it worked for windows, don't see why it won't work for Mac. I added this to my todo list. > Sven > > > -- > Sven Van Caekenberghe > Proudly supporting Pharo > http://pharo.org > http://association.pharo.org > http://consortium.pharo.org > > > > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside -- Best regards, Igor Stasenko. _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] [Seaside] Re: Has anyone used Zodiac and Seaside to for https?
|
|
On 19 Apr 2013, at 00:59, Igor Stasenko <[hidden email]> wrote: > For some reason i was thinking that we already using bundled SSL libs > for Mac VM. > (so plugin works with vanilla ssl library on all platforms). > Not true. We should fix that: it worked for windows, don't see why it > won't work for Mac. > I added this to my todo list. Thanks a lot, that would be really great ! Sven -- Sven Van Caekenberghe Proudly supporting Pharo http://pharo.org http://association.pharo.org http://consortium.pharo.org _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
|
|
In reply to this post by Igor Stasenko
On Apr 19, 2013, at 12:59 AM, Igor Stasenko <[hidden email]> wrote: > On 18 April 2013 23:46, Sven Van Caekenberghe <[hidden email]> wrote: >> Igor, >> >> On 18 Apr 2013, at 23:21, Igor Stasenko <[hidden email]> wrote: >> >>> why? >>> anything i can help with? >> >> Well, last time I looked (eons ago), in the C code of the Mac SSL plugin, the certificate was not used/implemented. >> >> For starters, follow ZdcPluginSSLSession>>#certiificate[:] to find the primitive. >> >> Then see ihow/if that actually does something and/or is being used - in the C/plugin code. >> >> It would be really great if we could fix this. >> > For some reason i was thinking that we already using bundled SSL libs > for Mac VM. we are. but I remember there where a problem with certificates and mac... > (so plugin works with vanilla ssl library on all platforms). > Not true. We should fix that: it worked for windows, don't see why it > won't work for Mac. > I added this to my todo list. > >> Sven >> >> >> -- >> Sven Van Caekenberghe >> Proudly supporting Pharo >> http://pharo.org >> http://association.pharo.org >> http://consortium.pharo.org >> >> >> >> >> _______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > > > -- > Best regards, > Igor Stasenko. > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: [Pharo-project] [Seaside] Re: Has anyone used Zodiac and Seaside to for https?
|
|
I forgot to thanks this thread. Thanks Sven for your help, it was very helpful and much appreciated! On Fri, Apr 19, 2013 at 7:01 AM, Esteban Lorenzano <[hidden email]> wrote:
Mariano http://marianopeck.wordpress.com _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |