SSL

> Hello,
>
>
>
> The problem is the certificate.  What os is this running on?
>
>
>
> 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:650:Expecting: CERTIFICATE
>
> 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
> lib:ssl_rsa.c:491:
>
> 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>
> 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> lib:ssl_rsa.c:669:
>
>
>
> The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.  I'm
> thinking that the cert may be expired.
>
>
>
> On Linux it creates a new cert so it wouldn't be a problem.  To fix this you
> should create a sample cert for windows and then point the test case to that
> cert, or replace the hardcoded cert.
>
>
>
> Hmmm, just ran this on my windows 7, 4.1 based image, with the existing SSL
> test code and it worked fine.  So it may not be the sample cert.
>
>
>
> Need more info.
>
>
>
> All the best,
>
>
>
> Ron Teitelbaum
>
> Head Of Engineering
>
> 3d Immersive Collaboration Consulting
>
> [hidden email]
>
> Follow Me On Twitter: @RonTeitelbaum
>
> www.3dicc.com
>
> 3d ICC on G+
>
>
>
>
>
>
>
>> -----Original Message-----
>
>> From: [hidden email] [mailto:squeak-dev-
>
>> [hidden email]] On Behalf Of Patrick Shouse
>
>>
>
>> Hi, Ron. Here's a link to one
>
>>
>
>> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>
>>
>
>> You can click on the Console Ouput link on this page to see the details.
>
>>
>
>>
>
>>
>
>> --
>
>> View this message in context: http://forum.world.st/SSL-
>
>> tp4686693p4686815.html
>
>> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>
>>
>
>
>
>
>
>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Saturday, May 11, 2013 2:58 PM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu
> Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on
> Cog.r2714, and then one day stopped working. That does sound like possible
> cert expiration. The main trouble I have is that my debugging info is usually just
> "primitive failed", without any clue as to _why_.
>
> I'll try run some things just now and report back.
>
> frank
>
> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
> > Hello,
> >
> >
> >
> > The problem is the certificate.  What os is this running on?
> >
> >
> >
> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >
> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
> > lib:ssl_rsa.c:491:
> >
> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >
> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> > lib:ssl_rsa.c:669:
> >
> >
> >
> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
> > I'm thinking that the cert may be expired.
> >
> >
> >
> > On Linux it creates a new cert so it wouldn't be a problem.  To fix
> > this you should create a sample cert for windows and then point the
> > test case to that cert, or replace the hardcoded cert.
> >
> >
> >
> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
> > existing SSL test code and it worked fine.  So it may not be the sample cert.
> >
> >
> >
> > Need more info.
> >
> >
> >
> > All the best,
> >
> >
> >
> > Ron Teitelbaum
> >
> > Head Of Engineering
> >
> > 3d Immersive Collaboration Consulting
> >
> > [hidden email]
> >
> > Follow Me On Twitter: @RonTeitelbaum
> >
> > www.3dicc.com
> >
> > 3d ICC on G+
> >
> >
> >
> >
> >
> >
> >
> >> -----Original Message-----
> >
> >> From: [hidden email]
> >> [mailto:squeak-dev-
> >
> >> [hidden email]] On Behalf Of Patrick Shouse
> >
> >>
> >
> >> Hi, Ron. Here's a link to one
> >
> >>
> >
> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
> >
> >>
> >
> >> You can click on the Console Ouput link on this page to see the details.
> >
> >>
> >
> >>
> >
> >>
> >
> >> --
> >
> >> View this message in context: http://forum.world.st/SSL-
> >
> >> tp4686693p4686815.html
> >
> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >
> >>
> >
> >
> >
> >
> >
> >
>

> Hey Frank,
>
> You must also have OpenSSL installed, but if this was working previously then I expect that you have it installed.
>
> All the best,
>
> Ron
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Frank Shearar
>> Sent: Saturday, May 11, 2013 2:58 PM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu
>> Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on
>> Cog.r2714, and then one day stopped working. That does sound like possible
>> cert expiration. The main trouble I have is that my debugging info is usually just
>> "primitive failed", without any clue as to _why_.
>>
>> I'll try run some things just now and report back.
>>
>> frank
>>
>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
>> > Hello,
>> >
>> >
>> >
>> > The problem is the certificate.  What os is this running on?
>> >
>> >
>> >
>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >
>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
>> > lib:ssl_rsa.c:491:
>> >
>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >
>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
>> > lib:ssl_rsa.c:669:
>> >
>> >
>> >
>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
>> > I'm thinking that the cert may be expired.
>> >
>> >
>> >
>> > On Linux it creates a new cert so it wouldn't be a problem.  To fix
>> > this you should create a sample cert for windows and then point the
>> > test case to that cert, or replace the hardcoded cert.
>> >
>> >
>> >
>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>> > existing SSL test code and it worked fine.  So it may not be the sample cert.
>> >
>> >
>> >
>> > Need more info.
>> >
>> >
>> >
>> > All the best,
>> >
>> >
>> >
>> > Ron Teitelbaum
>> >
>> > Head Of Engineering
>> >
>> > 3d Immersive Collaboration Consulting
>> >
>> > [hidden email]
>> >
>> > Follow Me On Twitter: @RonTeitelbaum
>> >
>> > www.3dicc.com
>> >
>> > 3d ICC on G+
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >> -----Original Message-----
>> >
>> >> From: [hidden email]
>> >> [mailto:squeak-dev-
>> >
>> >> [hidden email]] On Behalf Of Patrick Shouse
>> >
>> >>
>> >
>> >> Hi, Ron. Here's a link to one
>> >
>> >>
>> >
>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >
>> >>
>> >
>> >> You can click on the Console Ouput link on this page to see the details.
>> >
>> >>
>> >
>> >>
>> >
>> >>
>> >
>> >> --
>> >
>> >> View this message in context: http://forum.world.st/SSL-
>> >
>> >> tp4686693p4686815.html
>> >
>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >
>> >>
>> >
>> >
>> >
>> >
>> >
>> >
>>
>
>
>

> So continuing my explorations with the Interpreter, I do actually get
> a WebResponse back from github, looking like this:
>
> WebResponse(HTTP/1.1 200 OK
> connection: close
> transfer-encoding: chunked
> content-type: application/zip
> content-disposition: attachment; filename=frankshearar-Control-e705021.zip
> date: Sat, 11 May 2013 22:19:00 GMT
> )
>
> but the download breaks in the above-mentioned method.
>
> frank
>
>
> On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
>> Hey Frank,
>>
>> You must also have OpenSSL installed, but if this was working previously then I expect that you have it installed.
>>
>> All the best,
>>
>> Ron
>>
>>> -----Original Message-----
>>> From: [hidden email] [mailto:squeak-dev-
>>> [hidden email]] On Behalf Of Frank Shearar
>>> Sent: Saturday, May 11, 2013 2:58 PM
>>> To: The general-purpose Squeak developers list
>>> Subject: Re: [squeak-dev] RE: SSL
>>>
>>> The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu
>>> Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on
>>> Cog.r2714, and then one day stopped working. That does sound like possible
>>> cert expiration. The main trouble I have is that my debugging info is usually just
>>> "primitive failed", without any clue as to _why_.
>>>
>>> I'll try run some things just now and report back.
>>>
>>> frank
>>>
>>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
>>> > Hello,
>>> >
>>> >
>>> >
>>> > The problem is the certificate.  What os is this running on?
>>> >
>>> >
>>> >
>>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>>> >
>>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
>>> > lib:ssl_rsa.c:491:
>>> >
>>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>>> >
>>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
>>> > lib:ssl_rsa.c:669:
>>> >
>>> >
>>> >
>>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
>>> > I'm thinking that the cert may be expired.
>>> >
>>> >
>>> >
>>> > On Linux it creates a new cert so it wouldn't be a problem.  To fix
>>> > this you should create a sample cert for windows and then point the
>>> > test case to that cert, or replace the hardcoded cert.
>>> >
>>> >
>>> >
>>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>>> > existing SSL test code and it worked fine.  So it may not be the sample cert.
>>> >
>>> >
>>> >
>>> > Need more info.
>>> >
>>> >
>>> >
>>> > All the best,
>>> >
>>> >
>>> >
>>> > Ron Teitelbaum
>>> >
>>> > Head Of Engineering
>>> >
>>> > 3d Immersive Collaboration Consulting
>>> >
>>> > [hidden email]
>>> >
>>> > Follow Me On Twitter: @RonTeitelbaum
>>> >
>>> > www.3dicc.com
>>> >
>>> > 3d ICC on G+
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >> -----Original Message-----
>>> >
>>> >> From: [hidden email]
>>> >> [mailto:squeak-dev-
>>> >
>>> >> [hidden email]] On Behalf Of Patrick Shouse
>>> >
>>> >>
>>> >
>>> >> Hi, Ron. Here's a link to one
>>> >
>>> >>
>>> >
>>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>>> >
>>> >>
>>> >
>>> >> You can click on the Console Ouput link on this page to see the details.
>>> >
>>> >>
>>> >
>>> >>
>>> >
>>> >>
>>> >
>>> >> --
>>> >
>>> >> View this message in context: http://forum.world.st/SSL-
>>> >
>>> >> tp4686693p4686815.html
>>> >
>>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>>> >
>>> >>
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>
>>
>>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Saturday, May 11, 2013 6:39 PM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
> > Yes, I'd thought of that :) One thing that's weird, and probably
> > pretty important info, is that the SqueakSSL unit tests _pass_. It's
> > when I, say, try connect to https://github.com/, that things break in
> > SqueakSSL >> #primitiveSSLCreate.
> >
> > I've been digging with strace. The SSL_connect thing happens on Cog
> > because of something funny with the plugin's file, SqueakSSL. On an
> > Interpreter VM, I get an error in SecureSocketStream >>
> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>
> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read
> isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a
> clean shutdown).
>
> frank
>
> > So continuing my explorations with the Interpreter, I do actually get
> > a WebResponse back from github, looking like this:
> >
> > WebResponse(HTTP/1.1 200 OK
> > connection: close
> > transfer-encoding: chunked
> > content-type: application/zip
> > content-disposition: attachment;
> > filename=frankshearar-Control-e705021.zip
> > date: Sat, 11 May 2013 22:19:00 GMT
> > )
> >
> > but the download breaks in the above-mentioned method.
> >
> > frank
> >
> >
> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
> >> Hey Frank,
> >>
> >> You must also have OpenSSL installed, but if this was working previously then
> I expect that you have it installed.
> >>
> >> All the best,
> >>
> >> Ron
> >>
> >>> -----Original Message-----
> >>> From: [hidden email]
> >>> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >>> Frank Shearar
> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >>> To: The general-purpose Squeak developers list
> >>> Subject: Re: [squeak-dev] RE: SSL
> >>>
> >>> The build.squeak.org tests run on a CentOS box. They also fail on my
> >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work
> >>> just fine, on Cog.r2714, and then one day stopped working. That does
> >>> sound like possible cert expiration. The main trouble I have is that
> >>> my debugging info is usually just "primitive failed", without any clue as to
> _why_.
> >>>
> >>> I'll try run some things just now and report back.
> >>>
> >>> frank
> >>>
> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
> >>> > Hello,
> >>> >
> >>> >
> >>> >
> >>> > The problem is the certificate.  What os is this running on?
> >>> >
> >>> >
> >>> >
> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >>> >
> >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
> >>> > lib:ssl_rsa.c:491:
> >>> >
> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >>> >
> >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
> >>> > lib:ssl_rsa.c:669:
> >>> >
> >>> >
> >>> >
> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
> >>> > I'm thinking that the cert may be expired.
> >>> >
> >>> >
> >>> >
> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
> >>> > fix this you should create a sample cert for windows and then
> >>> > point the test case to that cert, or replace the hardcoded cert.
> >>> >
> >>> >
> >>> >
> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
> >>> > existing SSL test code and it worked fine.  So it may not be the sample
> cert.
> >>> >
> >>> >
> >>> >
> >>> > Need more info.
> >>> >
> >>> >
> >>> >
> >>> > All the best,
> >>> >
> >>> >
> >>> >
> >>> > Ron Teitelbaum
> >>> >
> >>> > Head Of Engineering
> >>> >
> >>> > 3d Immersive Collaboration Consulting
> >>> >
> >>> > [hidden email]
> >>> >
> >>> > Follow Me On Twitter: @RonTeitelbaum
> >>> >
> >>> > www.3dicc.com
> >>> >
> >>> > 3d ICC on G+
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >> -----Original Message-----
> >>> >
> >>> >> From: [hidden email]
> >>> >> [mailto:squeak-dev-
> >>> >
> >>> >> [hidden email]] On Behalf Of Patrick Shouse
> >>> >
> >>> >>
> >>> >
> >>> >> Hi, Ron. Here's a link to one
> >>> >
> >>> >>
> >>> >
> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
> >>> >
> >>> >>
> >>> >
> >>> >> You can click on the Console Ouput link on this page to see the details.
> >>> >
> >>> >>
> >>> >
> >>> >>
> >>> >
> >>> >>
> >>> >
> >>> >> --
> >>> >
> >>> >> View this message in context: http://forum.world.st/SSL-
> >>> >
> >>> >> tp4686693p4686815.html
> >>> >
> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >>> >
> >>> >>
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>> >
> >>>
> >>
> >>
> >>
>

> Hey Frank,
>
> I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't require a cert so this should just work.
>
> | address socket |
>         address := NetNameResolver addressForName: 'github.com'.
>         socket := SecureSocket newTCP.
>         socket connectTo: address port: 443.
>         socket waitForConnectionFor: 10.
>         socket sslConnect.
>         socket certState = 0 ifFalse:[
>                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>         ].
>         socket sendData:
>                 'GET / HTTP/1.0', String crlf,
>                 'Host: github.com', String crlf,
>                 'Connection: close', String crlf,
>                 String crlf.
>
>         ^socket receiveData
>
> At what point do you get an error?
>
>
> All the best,
>
> Ron Teitelbaum
> Head Of Engineering
> 3d Immersive Collaboration Consulting
> [hidden email]
> Follow Me On Twitter: @RonTeitelbaum
> www.3dicc.com
>
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Frank Shearar
>> Sent: Saturday, May 11, 2013 6:39 PM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
>> > Yes, I'd thought of that :) One thing that's weird, and probably
>> > pretty important info, is that the SqueakSSL unit tests _pass_. It's
>> > when I, say, try connect to https://github.com/, that things break in
>> > SqueakSSL >> #primitiveSSLCreate.
>> >
>> > I've been digging with strace. The SSL_connect thing happens on Cog
>> > because of something funny with the plugin's file, SqueakSSL. On an
>> > Interpreter VM, I get an error in SecureSocketStream >>
>> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>>
>> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read
>> isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a
>> clean shutdown).
>>
>> frank
>>
>> > So continuing my explorations with the Interpreter, I do actually get
>> > a WebResponse back from github, looking like this:
>> >
>> > WebResponse(HTTP/1.1 200 OK
>> > connection: close
>> > transfer-encoding: chunked
>> > content-type: application/zip
>> > content-disposition: attachment;
>> > filename=frankshearar-Control-e705021.zip
>> > date: Sat, 11 May 2013 22:19:00 GMT
>> > )
>> >
>> > but the download breaks in the above-mentioned method.
>> >
>> > frank
>> >
>> >
>> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
>> >> Hey Frank,
>> >>
>> >> You must also have OpenSSL installed, but if this was working previously then
>> I expect that you have it installed.
>> >>
>> >> All the best,
>> >>
>> >> Ron
>> >>
>> >>> -----Original Message-----
>> >>> From: [hidden email]
>> >>> [mailto:squeak-dev- [hidden email]] On Behalf Of
>> >>> Frank Shearar
>> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >>> To: The general-purpose Squeak developers list
>> >>> Subject: Re: [squeak-dev] RE: SSL
>> >>>
>> >>> The build.squeak.org tests run on a CentOS box. They also fail on my
>> >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work
>> >>> just fine, on Cog.r2714, and then one day stopped working. That does
>> >>> sound like possible cert expiration. The main trouble I have is that
>> >>> my debugging info is usually just "primitive failed", without any clue as to
>> _why_.
>> >>>
>> >>> I'll try run some things just now and report back.
>> >>>
>> >>> frank
>> >>>
>> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
>> >>> > Hello,
>> >>> >
>> >>> >
>> >>> >
>> >>> > The problem is the certificate.  What os is this running on?
>> >>> >
>> >>> >
>> >>> >
>> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >>> >
>> >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM
>> >>> > lib:ssl_rsa.c:491:
>> >>> >
>> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >>> >
>> >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
>> >>> > lib:ssl_rsa.c:669:
>> >>> >
>> >>> >
>> >>> >
>> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows.
>> >>> > I'm thinking that the cert may be expired.
>> >>> >
>> >>> >
>> >>> >
>> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
>> >>> > fix this you should create a sample cert for windows and then
>> >>> > point the test case to that cert, or replace the hardcoded cert.
>> >>> >
>> >>> >
>> >>> >
>> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>> >>> > existing SSL test code and it worked fine.  So it may not be the sample
>> cert.
>> >>> >
>> >>> >
>> >>> >
>> >>> > Need more info.
>> >>> >
>> >>> >
>> >>> >
>> >>> > All the best,
>> >>> >
>> >>> >
>> >>> >
>> >>> > Ron Teitelbaum
>> >>> >
>> >>> > Head Of Engineering
>> >>> >
>> >>> > 3d Immersive Collaboration Consulting
>> >>> >
>> >>> > [hidden email]
>> >>> >
>> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >>> >
>> >>> > www.3dicc.com
>> >>> >
>> >>> > 3d ICC on G+
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >> -----Original Message-----
>> >>> >
>> >>> >> From: [hidden email]
>> >>> >> [mailto:squeak-dev-
>> >>> >
>> >>> >> [hidden email]] On Behalf Of Patrick Shouse
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> Hi, Ron. Here's a link to one
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> You can click on the Console Ouput link on this page to see the details.
>> >>> >
>> >>> >>
>> >>> >
>> >>> >>
>> >>> >
>> >>> >>
>> >>> >
>> >>> >> --
>> >>> >
>> >>> >> View this message in context: http://forum.world.st/SSL-
>> >>> >
>> >>> >> tp4686693p4686815.html
>> >>> >
>> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >>> >
>> >>> >>
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>>
>> >>
>> >>
>> >>
>>
>
>
>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Sunday, May 12, 2013 5:19 AM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> Hi Ron,
>
> I'm constructing the following expression - WebClient httpGet:
> 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to
> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.)
>
> The SSL connection's established. Then it looks like I receive a chunk or 16372
> bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which
> we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd.
> #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls
> #receiveDataInto:startingAt:. And that results in calling SqueakSSL >>
> #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR.
>
> frank
>
> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
> > Hey Frank,
> >
> > I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't
> require a cert so this should just work.
> >
> > | address socket |
> >         address := NetNameResolver addressForName: 'github.com'.
> >         socket := SecureSocket newTCP.
> >         socket connectTo: address port: 443.
> >         socket waitForConnectionFor: 10.
> >         socket sslConnect.
> >         socket certState = 0 ifFalse:[
> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
> >         ].
> >         socket sendData:
> >                 'GET / HTTP/1.0', String crlf,
> >                 'Host: github.com', String crlf,
> >                 'Connection: close', String crlf,
> >                 String crlf.
> >
> >         ^socket receiveData
> >
> > At what point do you get an error?
> >
> >
> > All the best,
> >
> > Ron Teitelbaum
> > Head Of Engineering
> > 3d Immersive Collaboration Consulting
> > [hidden email]
> > Follow Me On Twitter: @RonTeitelbaum
> > www.3dicc.com
> >
> >
> >> -----Original Message-----
> >> From: [hidden email]
> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >> Frank Shearar
> >> Sent: Saturday, May 11, 2013 6:39 PM
> >> To: The general-purpose Squeak developers list
> >> Subject: Re: [squeak-dev] RE: SSL
> >>
> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
> >> > Yes, I'd thought of that :) One thing that's weird, and probably
> >> > pretty important info, is that the SqueakSSL unit tests _pass_.
> >> > It's when I, say, try connect to https://github.com/, that things
> >> > break in SqueakSSL >> #primitiveSSLCreate.
> >> >
> >> > I've been digging with strace. The SSL_connect thing happens on Cog
> >> > because of something funny with the plugin's file, SqueakSSL. On an
> >> > Interpreter VM, I get an error in SecureSocketStream >>
> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
> >>
> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by
> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
> >>
> >> frank
> >>
> >> > So continuing my explorations with the Interpreter, I do actually
> >> > get a WebResponse back from github, looking like this:
> >> >
> >> > WebResponse(HTTP/1.1 200 OK
> >> > connection: close
> >> > transfer-encoding: chunked
> >> > content-type: application/zip
> >> > content-disposition: attachment;
> >> > filename=frankshearar-Control-e705021.zip
> >> > date: Sat, 11 May 2013 22:19:00 GMT
> >> > )
> >> >
> >> > but the download breaks in the above-mentioned method.
> >> >
> >> > frank
> >> >
> >> >
> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
> >> >> Hey Frank,
> >> >>
> >> >> You must also have OpenSSL installed, but if this was working
> >> >> previously then
> >> I expect that you have it installed.
> >> >>
> >> >> All the best,
> >> >>
> >> >> Ron
> >> >>
> >> >>> -----Original Message-----
> >> >>> From: [hidden email]
> >> >>> [mailto:squeak-dev- [hidden email]] On Behalf
> >> >>> Of Frank Shearar
> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >> >>> To: The general-purpose Squeak developers list
> >> >>> Subject: Re: [squeak-dev] RE: SSL
> >> >>>
> >> >>> The build.squeak.org tests run on a CentOS box. They also fail on
> >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used
> >> >>> to work just fine, on Cog.r2714, and then one day stopped
> >> >>> working. That does sound like possible cert expiration. The main
> >> >>> trouble I have is that my debugging info is usually just
> >> >>> "primitive failed", without any clue as to
> >> _why_.
> >> >>>
> >> >>> I'll try run some things just now and report back.
> >> >>>
> >> >>> frank
> >> >>>
> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
> >> >>> > Hello,
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > The problem is the certificate.  What os is this running on?
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >> >>> >
> >> >>> > 30183:error:140AD009:SSL
> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
> >> >>> > lib:ssl_rsa.c:491:
> >> >>> >
> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >> >>> >
> >> >>> > 30183:error:140B0009:SSL
> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
> >> >>> > lib:ssl_rsa.c:669:
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for
> windows.
> >> >>> > I'm thinking that the cert may be expired.
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
> >> >>> > fix this you should create a sample cert for windows and then
> >> >>> > point the test case to that cert, or replace the hardcoded cert.
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
> >> >>> > existing SSL test code and it worked fine.  So it may not be
> >> >>> > the sample
> >> cert.
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > Need more info.
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > All the best,
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> > Ron Teitelbaum
> >> >>> >
> >> >>> > Head Of Engineering
> >> >>> >
> >> >>> > 3d Immersive Collaboration Consulting
> >> >>> >
> >> >>> > [hidden email]
> >> >>> >
> >> >>> > Follow Me On Twitter: @RonTeitelbaum
> >> >>> >
> >> >>> > www.3dicc.com
> >> >>> >
> >> >>> > 3d ICC on G+
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >> -----Original Message-----
> >> >>> >
> >> >>> >> From: [hidden email]
> >> >>> >> [mailto:squeak-dev-
> >> >>> >
> >> >>> >> [hidden email]] On Behalf Of Patrick
> >> >>> >> Shouse
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >> Hi, Ron. Here's a link to one
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >> You can click on the Console Ouput link on this page to see the details.
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >> --
> >> >>> >
> >> >>> >> View this message in context: http://forum.world.st/SSL-
> >> >>> >
> >> >>> >> tp4686693p4686815.html
> >> >>> >
> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >> >>> >
> >> >>> >>
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>> >
> >> >>>
> >> >>
> >> >>
> >> >>
> >>
> >
> >
> >
>

> Hi Frank,
>
> This is just a guess but maybe the redirect is to a server with a different certificate.  Maybe after the redirect a new ssl connection needs to be made?  Have you looked at the data you receive?  Maybe it's a request to renegotiate a session?
>
> Trying this without https I get this:
>
> Resource interpreted as Document but transferred with MIME type application/zip: "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
>
> I see the permanent redirect response.
>
> What happens if you go directly to the redirected link?
>
> All the best,
>
> Ron Teitelbaum
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Frank Shearar
>> Sent: Sunday, May 12, 2013 5:19 AM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> Hi Ron,
>>
>> I'm constructing the following expression - WebClient httpGet:
>> 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to
>> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.)
>>
>> The SSL connection's established. Then it looks like I receive a chunk or 16372
>> bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which
>> we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd.
>> #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls
>> #receiveDataInto:startingAt:. And that results in calling SqueakSSL >>
>> #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR.
>>
>> frank
>>
>> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
>> > Hey Frank,
>> >
>> > I tried this on my 4.1 image and it works fine.  Connecting to a server doesn't
>> require a cert so this should just work.
>> >
>> > | address socket |
>> >         address := NetNameResolver addressForName: 'github.com'.
>> >         socket := SecureSocket newTCP.
>> >         socket connectTo: address port: 443.
>> >         socket waitForConnectionFor: 10.
>> >         socket sslConnect.
>> >         socket certState = 0 ifFalse:[
>> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>> >         ].
>> >         socket sendData:
>> >                 'GET / HTTP/1.0', String crlf,
>> >                 'Host: github.com', String crlf,
>> >                 'Connection: close', String crlf,
>> >                 String crlf.
>> >
>> >         ^socket receiveData
>> >
>> > At what point do you get an error?
>> >
>> >
>> > All the best,
>> >
>> > Ron Teitelbaum
>> > Head Of Engineering
>> > 3d Immersive Collaboration Consulting
>> > [hidden email]
>> > Follow Me On Twitter: @RonTeitelbaum
>> > www.3dicc.com
>> >
>> >
>> >> -----Original Message-----
>> >> From: [hidden email]
>> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
>> >> Frank Shearar
>> >> Sent: Saturday, May 11, 2013 6:39 PM
>> >> To: The general-purpose Squeak developers list
>> >> Subject: Re: [squeak-dev] RE: SSL
>> >>
>> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
>> >> > Yes, I'd thought of that :) One thing that's weird, and probably
>> >> > pretty important info, is that the SqueakSSL unit tests _pass_.
>> >> > It's when I, say, try connect to https://github.com/, that things
>> >> > break in SqueakSSL >> #primitiveSSLCreate.
>> >> >
>> >> > I've been digging with strace. The SSL_connect thing happens on Cog
>> >> > because of something funny with the plugin's file, SqueakSSL. On an
>> >> > Interpreter VM, I get an error in SecureSocketStream >>
>> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>> >>
>> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by
>> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
>> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
>> >>
>> >> frank
>> >>
>> >> > So continuing my explorations with the Interpreter, I do actually
>> >> > get a WebResponse back from github, looking like this:
>> >> >
>> >> > WebResponse(HTTP/1.1 200 OK
>> >> > connection: close
>> >> > transfer-encoding: chunked
>> >> > content-type: application/zip
>> >> > content-disposition: attachment;
>> >> > filename=frankshearar-Control-e705021.zip
>> >> > date: Sat, 11 May 2013 22:19:00 GMT
>> >> > )
>> >> >
>> >> > but the download breaks in the above-mentioned method.
>> >> >
>> >> > frank
>> >> >
>> >> >
>> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
>> >> >> Hey Frank,
>> >> >>
>> >> >> You must also have OpenSSL installed, but if this was working
>> >> >> previously then
>> >> I expect that you have it installed.
>> >> >>
>> >> >> All the best,
>> >> >>
>> >> >> Ron
>> >> >>
>> >> >>> -----Original Message-----
>> >> >>> From: [hidden email]
>> >> >>> [mailto:squeak-dev- [hidden email]] On Behalf
>> >> >>> Of Frank Shearar
>> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >> >>> To: The general-purpose Squeak developers list
>> >> >>> Subject: Re: [squeak-dev] RE: SSL
>> >> >>>
>> >> >>> The build.squeak.org tests run on a CentOS box. They also fail on
>> >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used
>> >> >>> to work just fine, on Cog.r2714, and then one day stopped
>> >> >>> working. That does sound like possible cert expiration. The main
>> >> >>> trouble I have is that my debugging info is usually just
>> >> >>> "primitive failed", without any clue as to
>> >> _why_.
>> >> >>>
>> >> >>> I'll try run some things just now and report back.
>> >> >>>
>> >> >>> frank
>> >> >>>
>> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
>> >> >>> > Hello,
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > The problem is the certificate.  What os is this running on?
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >> >>> >
>> >> >>> > 30183:error:140AD009:SSL
>> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
>> >> >>> > lib:ssl_rsa.c:491:
>> >> >>> >
>> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >> >>> >
>> >> >>> > 30183:error:140B0009:SSL
>> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
>> >> >>> > lib:ssl_rsa.c:669:
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for
>> windows.
>> >> >>> > I'm thinking that the cert may be expired.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.  To
>> >> >>> > fix this you should create a sample cert for windows and then
>> >> >>> > point the test case to that cert, or replace the hardcoded cert.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the
>> >> >>> > existing SSL test code and it worked fine.  So it may not be
>> >> >>> > the sample
>> >> cert.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Need more info.
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > All the best,
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> > Ron Teitelbaum
>> >> >>> >
>> >> >>> > Head Of Engineering
>> >> >>> >
>> >> >>> > 3d Immersive Collaboration Consulting
>> >> >>> >
>> >> >>> > [hidden email]
>> >> >>> >
>> >> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >> >>> >
>> >> >>> > www.3dicc.com
>> >> >>> >
>> >> >>> > 3d ICC on G+
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >> -----Original Message-----
>> >> >>> >
>> >> >>> >> From: [hidden email]
>> >> >>> >> [mailto:squeak-dev-
>> >> >>> >
>> >> >>> >> [hidden email]] On Behalf Of Patrick
>> >> >>> >> Shouse
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> Hi, Ron. Here's a link to one
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> You can click on the Console Ouput link on this page to see the details.
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >> --
>> >> >>> >
>> >> >>> >> View this message in context: http://forum.world.st/SSL-
>> >> >>> >
>> >> >>> >> tp4686693p4686815.html
>> >> >>> >
>> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >> >>> >
>> >> >>> >>
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>> >
>> >> >>>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >
>> >
>> >
>>
>
>
>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Monday, May 13, 2013 2:12 AM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> Hi Ron,
>
> It's definitely not the redirect. WebClient merrilly follows the redirect, and I get
> partway through a download. In the decoded instvar I can see the filenames I
> expect to see. And then at some point during the download, I get the reported
> failure. PERHAPS it's because of the chunk encoding, but I'd put a low probability
> on that.
>
> Did you manage to successfully download that URL using WebClient?
>
> frank
>
> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote:
> > Hi Frank,
> >
> > This is just a guess but maybe the redirect is to a server with a different
> certificate.  Maybe after the redirect a new ssl connection needs to be made?
> Have you looked at the data you receive?  Maybe it's a request to renegotiate a
> session?
> >
> > Trying this without https I get this:
> >
> > Resource interpreted as Document but transferred with MIME type
> application/zip:
> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
> >
> > I see the permanent redirect response.
> >
> > What happens if you go directly to the redirected link?
> >
> > All the best,
> >
> > Ron Teitelbaum
> >
> >> -----Original Message-----
> >> From: [hidden email]
> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >> Frank Shearar
> >> Sent: Sunday, May 12, 2013 5:19 AM
> >> To: The general-purpose Squeak developers list
> >> Subject: Re: [squeak-dev] RE: SSL
> >>
> >> Hi Ron,
> >>
> >> I'm constructing the following expression - WebClient httpGet:
> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
> >> redirects to
> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
> >> )
> >>
> >> The SSL connection's established. Then it looks like I receive a
> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
> >> 2 to skip a CRLF, after which we try get more data. By this time the Socket is
> #otherEndClosedButNotThisEnd.
> >> #skip: calls #receiveData:, which calls #receiveAvailableData, which
> >> finally calls #receiveDataInto:startingAt:. And that results in
> >> calling SqueakSSL >> #decrypt:from:to:into:, which returns the
> SQSSL_GENERIC_ERROR.
> >>
> >> frank
> >>
> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
> >> > Hey Frank,
> >> >
> >> > I tried this on my 4.1 image and it works fine.  Connecting to a
> >> > server doesn't
> >> require a cert so this should just work.
> >> >
> >> > | address socket |
> >> >         address := NetNameResolver addressForName: 'github.com'.
> >> >         socket := SecureSocket newTCP.
> >> >         socket connectTo: address port: 443.
> >> >         socket waitForConnectionFor: 10.
> >> >         socket sslConnect.
> >> >         socket certState = 0 ifFalse:[
> >> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
> >> >         ].
> >> >         socket sendData:
> >> >                 'GET / HTTP/1.0', String crlf,
> >> >                 'Host: github.com', String crlf,
> >> >                 'Connection: close', String crlf,
> >> >                 String crlf.
> >> >
> >> >         ^socket receiveData
> >> >
> >> > At what point do you get an error?
> >> >
> >> >
> >> > All the best,
> >> >
> >> > Ron Teitelbaum
> >> > Head Of Engineering
> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On
> >> > Twitter: @RonTeitelbaum www.3dicc.com
> >> >
> >> >
> >> >> -----Original Message-----
> >> >> From: [hidden email]
> >> >> [mailto:squeak-dev- [hidden email]] On Behalf
> >> >> Of Frank Shearar
> >> >> Sent: Saturday, May 11, 2013 6:39 PM
> >> >> To: The general-purpose Squeak developers list
> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >>
> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
> >> >> > Yes, I'd thought of that :) One thing that's weird, and probably
> >> >> > pretty important info, is that the SqueakSSL unit tests _pass_.
> >> >> > It's when I, say, try connect to https://github.com/, that
> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
> >> >> >
> >> >> > I've been digging with strace. The SSL_connect thing happens on
> >> >> > Cog because of something funny with the plugin's file,
> >> >> > SqueakSSL. On an Interpreter VM, I get an error in
> >> >> > SecureSocketStream >>
> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
> >> >>
> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by
> >> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
> >> >>
> >> >> frank
> >> >>
> >> >> > So continuing my explorations with the Interpreter, I do
> >> >> > actually get a WebResponse back from github, looking like this:
> >> >> >
> >> >> > WebResponse(HTTP/1.1 200 OK
> >> >> > connection: close
> >> >> > transfer-encoding: chunked
> >> >> > content-type: application/zip
> >> >> > content-disposition: attachment;
> >> >> > filename=frankshearar-Control-e705021.zip
> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
> >> >> > )
> >> >> >
> >> >> > but the download breaks in the above-mentioned method.
> >> >> >
> >> >> > frank
> >> >> >
> >> >> >
> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
> >> >> >> Hey Frank,
> >> >> >>
> >> >> >> You must also have OpenSSL installed, but if this was working
> >> >> >> previously then
> >> >> I expect that you have it installed.
> >> >> >>
> >> >> >> All the best,
> >> >> >>
> >> >> >> Ron
> >> >> >>
> >> >> >>> -----Original Message-----
> >> >> >>> From: [hidden email]
> >> >> >>> [mailto:squeak-dev- [hidden email]] On
> >> >> >>> Behalf Of Frank Shearar
> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >> >> >>> To: The general-purpose Squeak developers list
> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
> >> >> >>>
> >> >> >>> The build.squeak.org tests run on a CentOS box. They also fail
> >> >> >>> on my Ubuntu Lucid box. I've mentioned this before: SqueakSSL
> >> >> >>> used to work just fine, on Cog.r2714, and then one day stopped
> >> >> >>> working. That does sound like possible cert expiration. The
> >> >> >>> main trouble I have is that my debugging info is usually just
> >> >> >>> "primitive failed", without any clue as to
> >> >> _why_.
> >> >> >>>
> >> >> >>> I'll try run some things just now and report back.
> >> >> >>>
> >> >> >>> frank
> >> >> >>>
> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
> >> >> >>> > Hello,
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > The problem is the certificate.  What os is this running on?
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >> >> >>> >
> >> >> >>> > 30183:error:140AD009:SSL
> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
> >> >> >>> > lib:ssl_rsa.c:491:
> >> >> >>> >
> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >> >> >>> >
> >> >> >>> > 30183:error:140B0009:SSL
> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
> >> >> >>> > lib:ssl_rsa.c:669:
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for
> >> windows.
> >> >> >>> > I'm thinking that the cert may be expired.
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
> >> >> >>> > To fix this you should create a sample cert for windows and
> >> >> >>> > then point the test case to that cert, or replace the hardcoded cert.
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with
> >> >> >>> > the existing SSL test code and it worked fine.  So it may
> >> >> >>> > not be the sample
> >> >> cert.
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > Need more info.
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > All the best,
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> > Ron Teitelbaum
> >> >> >>> >
> >> >> >>> > Head Of Engineering
> >> >> >>> >
> >> >> >>> > 3d Immersive Collaboration Consulting
> >> >> >>> >
> >> >> >>> > [hidden email]
> >> >> >>> >
> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
> >> >> >>> >
> >> >> >>> > www.3dicc.com
> >> >> >>> >
> >> >> >>> > 3d ICC on G+
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >> -----Original Message-----
> >> >> >>> >
> >> >> >>> >> From: [hidden email]
> >> >> >>> >> [mailto:squeak-dev-
> >> >> >>> >
> >> >> >>> >> [hidden email]] On Behalf Of Patrick
> >> >> >>> >> Shouse
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >> Hi, Ron. Here's a link to one
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >> You can click on the Console Ouput link on this page to see the
> details.
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >> --
> >> >> >>> >
> >> >> >>> >> View this message in context: http://forum.world.st/SSL-
> >> >> >>> >
> >> >> >>> >> tp4686693p4686815.html
> >> >> >>> >
> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >> >> >>> >
> >> >> >>> >>
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>> >
> >> >> >>>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>

> Hi Frank,
>
> On my 4.1 based image this just works:
>
> WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master'
>
> I got:
>
> WebResponse(HTTP/1.1 200 OK
> connection: close
> transfer-encoding: chunked
> content-type: application/zip
> content-disposition: attachment; filename=frankshearar-Control-e705021.zip
> date: Mon, 13 May 2013 13:17:34 GMT
>
> )
>
> Content length was 98488
>
> I checked and it is using SSL, the stream is: SecureSocketStream[inbuf:64kb/outbuf:4kb]
>
> What version of WebClient-Core do you have?  I'm running WebClient-Core-ar.83.
>
> All the best,
>
> Ron Teitelbaum
>
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Frank Shearar
>> Sent: Monday, May 13, 2013 2:12 AM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> Hi Ron,
>>
>> It's definitely not the redirect. WebClient merrilly follows the redirect, and I get
>> partway through a download. In the decoded instvar I can see the filenames I
>> expect to see. And then at some point during the download, I get the reported
>> failure. PERHAPS it's because of the chunk encoding, but I'd put a low probability
>> on that.
>>
>> Did you manage to successfully download that URL using WebClient?
>>
>> frank
>>
>> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote:
>> > Hi Frank,
>> >
>> > This is just a guess but maybe the redirect is to a server with a different
>> certificate.  Maybe after the redirect a new ssl connection needs to be made?
>> Have you looked at the data you receive?  Maybe it's a request to renegotiate a
>> session?
>> >
>> > Trying this without https I get this:
>> >
>> > Resource interpreted as Document but transferred with MIME type
>> application/zip:
>> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
>> >
>> > I see the permanent redirect response.
>> >
>> > What happens if you go directly to the redirected link?
>> >
>> > All the best,
>> >
>> > Ron Teitelbaum
>> >
>> >> -----Original Message-----
>> >> From: [hidden email]
>> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
>> >> Frank Shearar
>> >> Sent: Sunday, May 12, 2013 5:19 AM
>> >> To: The general-purpose Squeak developers list
>> >> Subject: Re: [squeak-dev] RE: SSL
>> >>
>> >> Hi Ron,
>> >>
>> >> I'm constructing the following expression - WebClient httpGet:
>> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
>> >> redirects to
>> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
>> >> )
>> >>
>> >> The SSL connection's established. Then it looks like I receive a
>> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
>> >> 2 to skip a CRLF, after which we try get more data. By this time the Socket is
>> #otherEndClosedButNotThisEnd.
>> >> #skip: calls #receiveData:, which calls #receiveAvailableData, which
>> >> finally calls #receiveDataInto:startingAt:. And that results in
>> >> calling SqueakSSL >> #decrypt:from:to:into:, which returns the
>> SQSSL_GENERIC_ERROR.
>> >>
>> >> frank
>> >>
>> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
>> >> > Hey Frank,
>> >> >
>> >> > I tried this on my 4.1 image and it works fine.  Connecting to a
>> >> > server doesn't
>> >> require a cert so this should just work.
>> >> >
>> >> > | address socket |
>> >> >         address := NetNameResolver addressForName: 'github.com'.
>> >> >         socket := SecureSocket newTCP.
>> >> >         socket connectTo: address port: 443.
>> >> >         socket waitForConnectionFor: 10.
>> >> >         socket sslConnect.
>> >> >         socket certState = 0 ifFalse:[
>> >> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>> >> >         ].
>> >> >         socket sendData:
>> >> >                 'GET / HTTP/1.0', String crlf,
>> >> >                 'Host: github.com', String crlf,
>> >> >                 'Connection: close', String crlf,
>> >> >                 String crlf.
>> >> >
>> >> >         ^socket receiveData
>> >> >
>> >> > At what point do you get an error?
>> >> >
>> >> >
>> >> > All the best,
>> >> >
>> >> > Ron Teitelbaum
>> >> > Head Of Engineering
>> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On
>> >> > Twitter: @RonTeitelbaum www.3dicc.com
>> >> >
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: [hidden email]
>> >> >> [mailto:squeak-dev- [hidden email]] On Behalf
>> >> >> Of Frank Shearar
>> >> >> Sent: Saturday, May 11, 2013 6:39 PM
>> >> >> To: The general-purpose Squeak developers list
>> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >>
>> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
>> >> >> > Yes, I'd thought of that :) One thing that's weird, and probably
>> >> >> > pretty important info, is that the SqueakSSL unit tests _pass_.
>> >> >> > It's when I, say, try connect to https://github.com/, that
>> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
>> >> >> >
>> >> >> > I've been digging with strace. The SSL_connect thing happens on
>> >> >> > Cog because of something funny with the plugin's file,
>> >> >> > SqueakSSL. On an Interpreter VM, I get an error in
>> >> >> > SecureSocketStream >>
>> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>> >> >>
>> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by
>> >> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
>> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
>> >> >>
>> >> >> frank
>> >> >>
>> >> >> > So continuing my explorations with the Interpreter, I do
>> >> >> > actually get a WebResponse back from github, looking like this:
>> >> >> >
>> >> >> > WebResponse(HTTP/1.1 200 OK
>> >> >> > connection: close
>> >> >> > transfer-encoding: chunked
>> >> >> > content-type: application/zip
>> >> >> > content-disposition: attachment;
>> >> >> > filename=frankshearar-Control-e705021.zip
>> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
>> >> >> > )
>> >> >> >
>> >> >> > but the download breaks in the above-mentioned method.
>> >> >> >
>> >> >> > frank
>> >> >> >
>> >> >> >
>> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote:
>> >> >> >> Hey Frank,
>> >> >> >>
>> >> >> >> You must also have OpenSSL installed, but if this was working
>> >> >> >> previously then
>> >> >> I expect that you have it installed.
>> >> >> >>
>> >> >> >> All the best,
>> >> >> >>
>> >> >> >> Ron
>> >> >> >>
>> >> >> >>> -----Original Message-----
>> >> >> >>> From: [hidden email]
>> >> >> >>> [mailto:squeak-dev- [hidden email]] On
>> >> >> >>> Behalf Of Frank Shearar
>> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >> >> >>> To: The general-purpose Squeak developers list
>> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >>>
>> >> >> >>> The build.squeak.org tests run on a CentOS box. They also fail
>> >> >> >>> on my Ubuntu Lucid box. I've mentioned this before: SqueakSSL
>> >> >> >>> used to work just fine, on Cog.r2714, and then one day stopped
>> >> >> >>> working. That does sound like possible cert expiration. The
>> >> >> >>> main trouble I have is that my debugging info is usually just
>> >> >> >>> "primitive failed", without any clue as to
>> >> >> _why_.
>> >> >> >>>
>> >> >> >>> I'll try run some things just now and report back.
>> >> >> >>>
>> >> >> >>> frank
>> >> >> >>>
>> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote:
>> >> >> >>> > Hello,
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > The problem is the certificate.  What os is this running on?
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >> >> >>> >
>> >> >> >>> > 30183:error:140AD009:SSL
>> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
>> >> >> >>> > lib:ssl_rsa.c:491:
>> >> >> >>> >
>> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >> >> >>> >
>> >> >> >>> > 30183:error:140B0009:SSL
>> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
>> >> >> >>> > lib:ssl_rsa.c:669:
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for
>> >> windows.
>> >> >> >>> > I'm thinking that the cert may be expired.
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
>> >> >> >>> > To fix this you should create a sample cert for windows and
>> >> >> >>> > then point the test case to that cert, or replace the hardcoded cert.
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with
>> >> >> >>> > the existing SSL test code and it worked fine.  So it may
>> >> >> >>> > not be the sample
>> >> >> cert.
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > Need more info.
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > All the best,
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> > Ron Teitelbaum
>> >> >> >>> >
>> >> >> >>> > Head Of Engineering
>> >> >> >>> >
>> >> >> >>> > 3d Immersive Collaboration Consulting
>> >> >> >>> >
>> >> >> >>> > [hidden email]
>> >> >> >>> >
>> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >> >> >>> >
>> >> >> >>> > www.3dicc.com
>> >> >> >>> >
>> >> >> >>> > 3d ICC on G+
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >> -----Original Message-----
>> >> >> >>> >
>> >> >> >>> >> From: [hidden email]
>> >> >> >>> >> [mailto:squeak-dev-
>> >> >> >>> >
>> >> >> >>> >> [hidden email]] On Behalf Of Patrick
>> >> >> >>> >> Shouse
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >> Hi, Ron. Here's a link to one
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >> You can click on the Console Ouput link on this page to see the
>> details.
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >> --
>> >> >> >>> >
>> >> >> >>> >> View this message in context: http://forum.world.st/SSL-
>> >> >> >>> >
>> >> >> >>> >> tp4686693p4686815.html
>> >> >> >>> >
>> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >> >> >>> >
>> >> >> >>> >>
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>> >
>> >> >> >>>
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>> >
>>
>
>
>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Monday, May 13, 2013 9:41 AM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> Hi Ron,
>
> That's quite an old version - I'm using WebClient-Core-ar.92 (and more
> importantly, SqueakSSL-Core-ar.26).
>
> frank
>
> On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote:
> > Hi Frank,
> >
> > On my 4.1 based image this just works:
> >
> > WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master'
> >
> > I got:
> >
> > WebResponse(HTTP/1.1 200 OK
> > connection: close
> > transfer-encoding: chunked
> > content-type: application/zip
> > content-disposition: attachment;
> > filename=frankshearar-Control-e705021.zip
> > date: Mon, 13 May 2013 13:17:34 GMT
> >
> > )
> >
> > Content length was 98488
> >
> > I checked and it is using SSL, the stream is:
> > SecureSocketStream[inbuf:64kb/outbuf:4kb]
> >
> > What version of WebClient-Core do you have?  I'm running WebClient-Core-
> ar.83.
> >
> > All the best,
> >
> > Ron Teitelbaum
> >
> >
> >> -----Original Message-----
> >> From: [hidden email]
> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >> Frank Shearar
> >> Sent: Monday, May 13, 2013 2:12 AM
> >> To: The general-purpose Squeak developers list
> >> Subject: Re: [squeak-dev] RE: SSL
> >>
> >> Hi Ron,
> >>
> >> It's definitely not the redirect. WebClient merrilly follows the
> >> redirect, and I get partway through a download. In the decoded
> >> instvar I can see the filenames I expect to see. And then at some
> >> point during the download, I get the reported failure. PERHAPS it's
> >> because of the chunk encoding, but I'd put a low probability on that.
> >>
> >> Did you manage to successfully download that URL using WebClient?
> >>
> >> frank
> >>
> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote:
> >> > Hi Frank,
> >> >
> >> > This is just a guess but maybe the redirect is to a server with a
> >> > different
> >> certificate.  Maybe after the redirect a new ssl connection needs to be made?
> >> Have you looked at the data you receive?  Maybe it's a request to
> >> renegotiate a session?
> >> >
> >> > Trying this without https I get this:
> >> >
> >> > Resource interpreted as Document but transferred with MIME type
> >> application/zip:
> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
> >> >
> >> > I see the permanent redirect response.
> >> >
> >> > What happens if you go directly to the redirected link?
> >> >
> >> > All the best,
> >> >
> >> > Ron Teitelbaum
> >> >
> >> >> -----Original Message-----
> >> >> From: [hidden email]
> >> >> [mailto:squeak-dev- [hidden email]] On Behalf
> >> >> Of Frank Shearar
> >> >> Sent: Sunday, May 12, 2013 5:19 AM
> >> >> To: The general-purpose Squeak developers list
> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >>
> >> >> Hi Ron,
> >> >>
> >> >> I'm constructing the following expression - WebClient httpGet:
> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
> >> >> redirects to
> >> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
> >> >> )
> >> >>
> >> >> The SSL connection's established. Then it looks like I receive a
> >> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
> >> >> 2 to skip a CRLF, after which we try get more data. By this time
> >> >> the Socket is
> >> #otherEndClosedButNotThisEnd.
> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData,
> >> >> which finally calls #receiveDataInto:startingAt:. And that results
> >> >> in calling SqueakSSL >> #decrypt:from:to:into:, which returns the
> >> SQSSL_GENERIC_ERROR.
> >> >>
> >> >> frank
> >> >>
> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
> >> >> > Hey Frank,
> >> >> >
> >> >> > I tried this on my 4.1 image and it works fine.  Connecting to a
> >> >> > server doesn't
> >> >> require a cert so this should just work.
> >> >> >
> >> >> > | address socket |
> >> >> >         address := NetNameResolver addressForName: 'github.com'.
> >> >> >         socket := SecureSocket newTCP.
> >> >> >         socket connectTo: address port: 443.
> >> >> >         socket waitForConnectionFor: 10.
> >> >> >         socket sslConnect.
> >> >> >         socket certState = 0 ifFalse:[
> >> >> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
> >> >> >         ].
> >> >> >         socket sendData:
> >> >> >                 'GET / HTTP/1.0', String crlf,
> >> >> >                 'Host: github.com', String crlf,
> >> >> >                 'Connection: close', String crlf,
> >> >> >                 String crlf.
> >> >> >
> >> >> >         ^socket receiveData
> >> >> >
> >> >> > At what point do you get an error?
> >> >> >
> >> >> >
> >> >> > All the best,
> >> >> >
> >> >> > Ron Teitelbaum
> >> >> > Head Of Engineering
> >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On
> >> >> > Twitter: @RonTeitelbaum www.3dicc.com
> >> >> >
> >> >> >
> >> >> >> -----Original Message-----
> >> >> >> From: [hidden email]
> >> >> >> [mailto:squeak-dev- [hidden email]] On
> >> >> >> Behalf Of Frank Shearar
> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM
> >> >> >> To: The general-purpose Squeak developers list
> >> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >> >>
> >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]>
> wrote:
> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and
> >> >> >> > probably pretty important info, is that the SqueakSSL unit tests
> _pass_.
> >> >> >> > It's when I, say, try connect to https://github.com/, that
> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
> >> >> >> >
> >> >> >> > I've been digging with strace. The SSL_connect thing happens
> >> >> >> > on Cog because of something funny with the plugin's file,
> >> >> >> > SqueakSSL. On an Interpreter VM, I get an error in
> >> >> >> > SecureSocketStream >>
> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
> >> >> >>
> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned
> >> >> >> by SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
> >> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
> >> >> >>
> >> >> >> frank
> >> >> >>
> >> >> >> > So continuing my explorations with the Interpreter, I do
> >> >> >> > actually get a WebResponse back from github, looking like this:
> >> >> >> >
> >> >> >> > WebResponse(HTTP/1.1 200 OK
> >> >> >> > connection: close
> >> >> >> > transfer-encoding: chunked
> >> >> >> > content-type: application/zip
> >> >> >> > content-disposition: attachment;
> >> >> >> > filename=frankshearar-Control-e705021.zip
> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
> >> >> >> > )
> >> >> >> >
> >> >> >> > but the download breaks in the above-mentioned method.
> >> >> >> >
> >> >> >> > frank
> >> >> >> >
> >> >> >> >
> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]>
> wrote:
> >> >> >> >> Hey Frank,
> >> >> >> >>
> >> >> >> >> You must also have OpenSSL installed, but if this was
> >> >> >> >> working previously then
> >> >> >> I expect that you have it installed.
> >> >> >> >>
> >> >> >> >> All the best,
> >> >> >> >>
> >> >> >> >> Ron
> >> >> >> >>
> >> >> >> >>> -----Original Message-----
> >> >> >> >>> From: [hidden email]
> >> >> >> >>> [mailto:squeak-dev- [hidden email]] On
> >> >> >> >>> Behalf Of Frank Shearar
> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >> >> >> >>> To: The general-purpose Squeak developers list
> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
> >> >> >> >>>
> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They also
> >> >> >> >>> fail on my Ubuntu Lucid box. I've mentioned this before:
> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then
> >> >> >> >>> one day stopped working. That does sound like possible cert
> >> >> >> >>> expiration. The main trouble I have is that my debugging
> >> >> >> >>> info is usually just "primitive failed", without any clue
> >> >> >> >>> as to
> >> >> >> _why_.
> >> >> >> >>>
> >> >> >> >>> I'll try run some things just now and report back.
> >> >> >> >>>
> >> >> >> >>> frank
> >> >> >> >>>
> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]>
> wrote:
> >> >> >> >>> > Hello,
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > The problem is the certificate.  What os is this running on?
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >> >> >> >>> >
> >> >> >> >>> > 30183:error:140AD009:SSL
> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
> >> >> >> >>> > lib:ssl_rsa.c:491:
> >> >> >> >>> >
> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >> >> >> >>> >
> >> >> >> >>> > 30183:error:140B0009:SSL
> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
> >> >> >> >>> > lib:ssl_rsa.c:669:
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded
> >> >> >> >>> > for
> >> >> windows.
> >> >> >> >>> > I'm thinking that the cert may be expired.
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
> >> >> >> >>> > To fix this you should create a sample cert for windows
> >> >> >> >>> > and then point the test case to that cert, or replace the
> hardcoded cert.
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image,
> >> >> >> >>> > with the existing SSL test code and it worked fine.  So
> >> >> >> >>> > it may not be the sample
> >> >> >> cert.
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > Need more info.
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > All the best,
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> > Ron Teitelbaum
> >> >> >> >>> >
> >> >> >> >>> > Head Of Engineering
> >> >> >> >>> >
> >> >> >> >>> > 3d Immersive Collaboration Consulting
> >> >> >> >>> >
> >> >> >> >>> > [hidden email]
> >> >> >> >>> >
> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
> >> >> >> >>> >
> >> >> >> >>> > www.3dicc.com
> >> >> >> >>> >
> >> >> >> >>> > 3d ICC on G+
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >> -----Original Message-----
> >> >> >> >>> >
> >> >> >> >>> >> From: [hidden email]
> >> >> >> >>> >> [mailto:squeak-dev-
> >> >> >> >>> >
> >> >> >> >>> >> [hidden email]] On Behalf Of Patrick
> >> >> >> >>> >> Shouse
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >> Hi, Ron. Here's a link to one
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/8
> >> >> >> >>> >> 2/
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >> You can click on the Console Ouput link on this page to
> >> >> >> >>> >> see the
> >> details.
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >> --
> >> >> >> >>> >
> >> >> >> >>> >> View this message in context: http://forum.world.st/SSL-
> >> >> >> >>> >
> >> >> >> >>> >> tp4686693p4686815.html
> >> >> >> >>> >
> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
> >> >> >> >>> >
> >> >> >> >>> >>
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>> >
> >> >> >> >>>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>

> Hi Frank,
>
> I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they would affect you.
>
> I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine.
>
> WebResponse(HTTP/1.1 200 OK
> connection: close
> transfer-encoding: chunked
> content-type: application/zip
> content-disposition: attachment; filename=frankshearar-Control-e705021.zip
> date: Mon, 13 May 2013 17:32:08 GMT
>
> )
>
> I checked this on CentOS and Win 7 and they both work fine on a 4.1 based image.
>
> So far I can't get it to break.  What image and vm should I use to reproduce the problem?
>
> All the best,
>
> Ron Teitelbaum
>
>
>> -----Original Message-----
>> From: [hidden email] [mailto:squeak-dev-
>> [hidden email]] On Behalf Of Frank Shearar
>> Sent: Monday, May 13, 2013 9:41 AM
>> To: The general-purpose Squeak developers list
>> Subject: Re: [squeak-dev] RE: SSL
>>
>> Hi Ron,
>>
>> That's quite an old version - I'm using WebClient-Core-ar.92 (and more
>> importantly, SqueakSSL-Core-ar.26).
>>
>> frank
>>
>> On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote:
>> > Hi Frank,
>> >
>> > On my 4.1 based image this just works:
>> >
>> > WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master'
>> >
>> > I got:
>> >
>> > WebResponse(HTTP/1.1 200 OK
>> > connection: close
>> > transfer-encoding: chunked
>> > content-type: application/zip
>> > content-disposition: attachment;
>> > filename=frankshearar-Control-e705021.zip
>> > date: Mon, 13 May 2013 13:17:34 GMT
>> >
>> > )
>> >
>> > Content length was 98488
>> >
>> > I checked and it is using SSL, the stream is:
>> > SecureSocketStream[inbuf:64kb/outbuf:4kb]
>> >
>> > What version of WebClient-Core do you have?  I'm running WebClient-Core-
>> ar.83.
>> >
>> > All the best,
>> >
>> > Ron Teitelbaum
>> >
>> >
>> >> -----Original Message-----
>> >> From: [hidden email]
>> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
>> >> Frank Shearar
>> >> Sent: Monday, May 13, 2013 2:12 AM
>> >> To: The general-purpose Squeak developers list
>> >> Subject: Re: [squeak-dev] RE: SSL
>> >>
>> >> Hi Ron,
>> >>
>> >> It's definitely not the redirect. WebClient merrilly follows the
>> >> redirect, and I get partway through a download. In the decoded
>> >> instvar I can see the filenames I expect to see. And then at some
>> >> point during the download, I get the reported failure. PERHAPS it's
>> >> because of the chunk encoding, but I'd put a low probability on that.
>> >>
>> >> Did you manage to successfully download that URL using WebClient?
>> >>
>> >> frank
>> >>
>> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote:
>> >> > Hi Frank,
>> >> >
>> >> > This is just a guess but maybe the redirect is to a server with a
>> >> > different
>> >> certificate.  Maybe after the redirect a new ssl connection needs to be made?
>> >> Have you looked at the data you receive?  Maybe it's a request to
>> >> renegotiate a session?
>> >> >
>> >> > Trying this without https I get this:
>> >> >
>> >> > Resource interpreted as Document but transferred with MIME type
>> >> application/zip:
>> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
>> >> >
>> >> > I see the permanent redirect response.
>> >> >
>> >> > What happens if you go directly to the redirected link?
>> >> >
>> >> > All the best,
>> >> >
>> >> > Ron Teitelbaum
>> >> >
>> >> >> -----Original Message-----
>> >> >> From: [hidden email]
>> >> >> [mailto:squeak-dev- [hidden email]] On Behalf
>> >> >> Of Frank Shearar
>> >> >> Sent: Sunday, May 12, 2013 5:19 AM
>> >> >> To: The general-purpose Squeak developers list
>> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >>
>> >> >> Hi Ron,
>> >> >>
>> >> >> I'm constructing the following expression - WebClient httpGet:
>> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
>> >> >> redirects to
>> >> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
>> >> >> )
>> >> >>
>> >> >> The SSL connection's established. Then it looks like I receive a
>> >> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
>> >> >> 2 to skip a CRLF, after which we try get more data. By this time
>> >> >> the Socket is
>> >> #otherEndClosedButNotThisEnd.
>> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData,
>> >> >> which finally calls #receiveDataInto:startingAt:. And that results
>> >> >> in calling SqueakSSL >> #decrypt:from:to:into:, which returns the
>> >> SQSSL_GENERIC_ERROR.
>> >> >>
>> >> >> frank
>> >> >>
>> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
>> >> >> > Hey Frank,
>> >> >> >
>> >> >> > I tried this on my 4.1 image and it works fine.  Connecting to a
>> >> >> > server doesn't
>> >> >> require a cert so this should just work.
>> >> >> >
>> >> >> > | address socket |
>> >> >> >         address := NetNameResolver addressForName: 'github.com'.
>> >> >> >         socket := SecureSocket newTCP.
>> >> >> >         socket connectTo: address port: 443.
>> >> >> >         socket waitForConnectionFor: 10.
>> >> >> >         socket sslConnect.
>> >> >> >         socket certState = 0 ifFalse:[
>> >> >> >                 self error: 'The certificate is invalid (code: ', socket certState,')'.
>> >> >> >         ].
>> >> >> >         socket sendData:
>> >> >> >                 'GET / HTTP/1.0', String crlf,
>> >> >> >                 'Host: github.com', String crlf,
>> >> >> >                 'Connection: close', String crlf,
>> >> >> >                 String crlf.
>> >> >> >
>> >> >> >         ^socket receiveData
>> >> >> >
>> >> >> > At what point do you get an error?
>> >> >> >
>> >> >> >
>> >> >> > All the best,
>> >> >> >
>> >> >> > Ron Teitelbaum
>> >> >> > Head Of Engineering
>> >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On
>> >> >> > Twitter: @RonTeitelbaum www.3dicc.com
>> >> >> >
>> >> >> >
>> >> >> >> -----Original Message-----
>> >> >> >> From: [hidden email]
>> >> >> >> [mailto:squeak-dev- [hidden email]] On
>> >> >> >> Behalf Of Frank Shearar
>> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM
>> >> >> >> To: The general-purpose Squeak developers list
>> >> >> >> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >>
>> >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]>
>> wrote:
>> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and
>> >> >> >> > probably pretty important info, is that the SqueakSSL unit tests
>> _pass_.
>> >> >> >> > It's when I, say, try connect to https://github.com/, that
>> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
>> >> >> >> >
>> >> >> >> > I've been digging with strace. The SSL_connect thing happens
>> >> >> >> > on Cog because of something funny with the plugin's file,
>> >> >> >> > SqueakSSL. On an Interpreter VM, I get an error in
>> >> >> >> > SecureSocketStream >>
>> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
>> >> >> >>
>> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned
>> >> >> >> by SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or
>> >> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown).
>> >> >> >>
>> >> >> >> frank
>> >> >> >>
>> >> >> >> > So continuing my explorations with the Interpreter, I do
>> >> >> >> > actually get a WebResponse back from github, looking like this:
>> >> >> >> >
>> >> >> >> > WebResponse(HTTP/1.1 200 OK
>> >> >> >> > connection: close
>> >> >> >> > transfer-encoding: chunked
>> >> >> >> > content-type: application/zip
>> >> >> >> > content-disposition: attachment;
>> >> >> >> > filename=frankshearar-Control-e705021.zip
>> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
>> >> >> >> > )
>> >> >> >> >
>> >> >> >> > but the download breaks in the above-mentioned method.
>> >> >> >> >
>> >> >> >> > frank
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]>
>> wrote:
>> >> >> >> >> Hey Frank,
>> >> >> >> >>
>> >> >> >> >> You must also have OpenSSL installed, but if this was
>> >> >> >> >> working previously then
>> >> >> >> I expect that you have it installed.
>> >> >> >> >>
>> >> >> >> >> All the best,
>> >> >> >> >>
>> >> >> >> >> Ron
>> >> >> >> >>
>> >> >> >> >>> -----Original Message-----
>> >> >> >> >>> From: [hidden email]
>> >> >> >> >>> [mailto:squeak-dev- [hidden email]] On
>> >> >> >> >>> Behalf Of Frank Shearar
>> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
>> >> >> >> >>> To: The general-purpose Squeak developers list
>> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
>> >> >> >> >>>
>> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They also
>> >> >> >> >>> fail on my Ubuntu Lucid box. I've mentioned this before:
>> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then
>> >> >> >> >>> one day stopped working. That does sound like possible cert
>> >> >> >> >>> expiration. The main trouble I have is that my debugging
>> >> >> >> >>> info is usually just "primitive failed", without any clue
>> >> >> >> >>> as to
>> >> >> >> _why_.
>> >> >> >> >>>
>> >> >> >> >>> I'll try run some things just now and report back.
>> >> >> >> >>>
>> >> >> >> >>> frank
>> >> >> >> >>>
>> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]>
>> wrote:
>> >> >> >> >>> > Hello,
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > The problem is the certificate.  What os is this running on?
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
>> >> >> >> >>> >
>> >> >> >> >>> > 30183:error:140AD009:SSL
>> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
>> >> >> >> >>> > lib:ssl_rsa.c:491:
>> >> >> >> >>> >
>> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start
>> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
>> >> >> >> >>> >
>> >> >> >> >>> > 30183:error:140B0009:SSL
>> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
>> >> >> >> >>> > lib:ssl_rsa.c:669:
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded
>> >> >> >> >>> > for
>> >> >> windows.
>> >> >> >> >>> > I'm thinking that the cert may be expired.
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
>> >> >> >> >>> > To fix this you should create a sample cert for windows
>> >> >> >> >>> > and then point the test case to that cert, or replace the
>> hardcoded cert.
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image,
>> >> >> >> >>> > with the existing SSL test code and it worked fine.  So
>> >> >> >> >>> > it may not be the sample
>> >> >> >> cert.
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > Need more info.
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > All the best,
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> > Ron Teitelbaum
>> >> >> >> >>> >
>> >> >> >> >>> > Head Of Engineering
>> >> >> >> >>> >
>> >> >> >> >>> > 3d Immersive Collaboration Consulting
>> >> >> >> >>> >
>> >> >> >> >>> > [hidden email]
>> >> >> >> >>> >
>> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
>> >> >> >> >>> >
>> >> >> >> >>> > www.3dicc.com
>> >> >> >> >>> >
>> >> >> >> >>> > 3d ICC on G+
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >> -----Original Message-----
>> >> >> >> >>> >
>> >> >> >> >>> >> From: [hidden email]
>> >> >> >> >>> >> [mailto:squeak-dev-
>> >> >> >> >>> >
>> >> >> >> >>> >> [hidden email]] On Behalf Of Patrick
>> >> >> >> >>> >> Shouse
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >> Hi, Ron. Here's a link to one
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/8
>> >> >> >> >>> >> 2/
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >> You can click on the Console Ouput link on this page to
>> >> >> >> >>> >> see the
>> >> details.
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >> --
>> >> >> >> >>> >
>> >> >> >> >>> >> View this message in context: http://forum.world.st/SSL-
>> >> >> >> >>> >
>> >> >> >> >>> >> tp4686693p4686815.html
>> >> >> >> >>> >
>> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com.
>> >> >> >> >>> >
>> >> >> >> >>> >>
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>> >
>> >> >> >> >>>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >
>> >> >
>> >> >
>> >>
>> >
>> >
>> >
>>
>
>
>

> -----Original Message-----
> From: [hidden email] [mailto:squeak-dev-
> [hidden email]] On Behalf Of Frank Shearar
> Sent: Monday, May 13, 2013 1:54 PM
> To: The general-purpose Squeak developers list
> Subject: Re: [squeak-dev] RE: SSL
>
> Hi Ron,
>
> If I use a Cog r.2714 I get a primitiveCreateSSL error because the SqueakSSL
> plugin there has some weird linking problem.
>
> So I've been using the latest Unix Interpreter VM, 4.10.2.2614. I build them fresh
> using some Ruby. I usually use a 4.5 era image. I see the errors on Lucid Lynx,
> but (and I must stress this), this used to work!
>
> frank
>
> [1] If you download a copy of the squeak-ci environment
> (https://github.com/frankshearar/squeak-ci/archive/master.zip) you can
> recreate this VM with `rake build`. This will build an Interpreter VM, download
> SqueakSSL.so and put it in the right place.
>
> On 13 May 2013 18:42, Ron Teitelbaum <[hidden email]> wrote:
> > Hi Frank,
> >
> > I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they
> would affect you.
> >
> > I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine.
> >
> > WebResponse(HTTP/1.1 200 OK
> > connection: close
> > transfer-encoding: chunked
> > content-type: application/zip
> > content-disposition: attachment;
> > filename=frankshearar-Control-e705021.zip
> > date: Mon, 13 May 2013 17:32:08 GMT
> >
> > )
> >
> > I checked this on CentOS and Win 7 and they both work fine on a 4.1 based
> image.
> >
> > So far I can't get it to break.  What image and vm should I use to reproduce the
> problem?
> >
> > All the best,
> >
> > Ron Teitelbaum
> >
> >
> >> -----Original Message-----
> >> From: [hidden email]
> >> [mailto:squeak-dev- [hidden email]] On Behalf Of
> >> Frank Shearar
> >> Sent: Monday, May 13, 2013 9:41 AM
> >> To: The general-purpose Squeak developers list
> >> Subject: Re: [squeak-dev] RE: SSL
> >>
> >> Hi Ron,
> >>
> >> That's quite an old version - I'm using WebClient-Core-ar.92 (and
> >> more importantly, SqueakSSL-Core-ar.26).
> >>
> >> frank
> >>
> >> On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote:
> >> > Hi Frank,
> >> >
> >> > On my 4.1 based image this just works:
> >> >
> >> > WebClient httpGet:
> 'https://github.com/frankshearar/Control/zipball/master'
> >> >
> >> > I got:
> >> >
> >> > WebResponse(HTTP/1.1 200 OK
> >> > connection: close
> >> > transfer-encoding: chunked
> >> > content-type: application/zip
> >> > content-disposition: attachment;
> >> > filename=frankshearar-Control-e705021.zip
> >> > date: Mon, 13 May 2013 13:17:34 GMT
> >> >
> >> > )
> >> >
> >> > Content length was 98488
> >> >
> >> > I checked and it is using SSL, the stream is:
> >> > SecureSocketStream[inbuf:64kb/outbuf:4kb]
> >> >
> >> > What version of WebClient-Core do you have?  I'm running
> >> > WebClient-Core-
> >> ar.83.
> >> >
> >> > All the best,
> >> >
> >> > Ron Teitelbaum
> >> >
> >> >
> >> >> -----Original Message-----
> >> >> From: [hidden email]
> >> >> [mailto:squeak-dev- [hidden email]] On Behalf
> >> >> Of Frank Shearar
> >> >> Sent: Monday, May 13, 2013 2:12 AM
> >> >> To: The general-purpose Squeak developers list
> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >>
> >> >> Hi Ron,
> >> >>
> >> >> It's definitely not the redirect. WebClient merrilly follows the
> >> >> redirect, and I get partway through a download. In the decoded
> >> >> instvar I can see the filenames I expect to see. And then at some
> >> >> point during the download, I get the reported failure. PERHAPS
> >> >> it's because of the chunk encoding, but I'd put a low probability on that.
> >> >>
> >> >> Did you manage to successfully download that URL using WebClient?
> >> >>
> >> >> frank
> >> >>
> >> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote:
> >> >> > Hi Frank,
> >> >> >
> >> >> > This is just a guess but maybe the redirect is to a server with
> >> >> > a different
> >> >> certificate.  Maybe after the redirect a new ssl connection needs to be
> made?
> >> >> Have you looked at the data you receive?  Maybe it's a request to
> >> >> renegotiate a session?
> >> >> >
> >> >> > Trying this without https I get this:
> >> >> >
> >> >> > Resource interpreted as Document but transferred with MIME type
> >> >> application/zip:
> >> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master".
> >> >> >
> >> >> > I see the permanent redirect response.
> >> >> >
> >> >> > What happens if you go directly to the redirected link?
> >> >> >
> >> >> > All the best,
> >> >> >
> >> >> > Ron Teitelbaum
> >> >> >
> >> >> >> -----Original Message-----
> >> >> >> From: [hidden email]
> >> >> >> [mailto:squeak-dev- [hidden email]] On
> >> >> >> Behalf Of Frank Shearar
> >> >> >> Sent: Sunday, May 12, 2013 5:19 AM
> >> >> >> To: The general-purpose Squeak developers list
> >> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >> >>
> >> >> >> Hi Ron,
> >> >> >>
> >> >> >> I'm constructing the following expression - WebClient httpGet:
> >> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This
> >> >> >> redirects to
> >> >> >>
> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.
> >> >> >> )
> >> >> >>
> >> >> >> The SSL connection's established. Then it looks like I receive
> >> >> >> a chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip:
> >> >> >> 2 to skip a CRLF, after which we try get more data. By this
> >> >> >> time the Socket is
> >> >> #otherEndClosedButNotThisEnd.
> >> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData,
> >> >> >> which finally calls #receiveDataInto:startingAt:. And that
> >> >> >> results in calling SqueakSSL >> #decrypt:from:to:into:, which
> >> >> >> returns the
> >> >> SQSSL_GENERIC_ERROR.
> >> >> >>
> >> >> >> frank
> >> >> >>
> >> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote:
> >> >> >> > Hey Frank,
> >> >> >> >
> >> >> >> > I tried this on my 4.1 image and it works fine.  Connecting
> >> >> >> > to a server doesn't
> >> >> >> require a cert so this should just work.
> >> >> >> >
> >> >> >> > | address socket |
> >> >> >> >         address := NetNameResolver addressForName: 'github.com'.
> >> >> >> >         socket := SecureSocket newTCP.
> >> >> >> >         socket connectTo: address port: 443.
> >> >> >> >         socket waitForConnectionFor: 10.
> >> >> >> >         socket sslConnect.
> >> >> >> >         socket certState = 0 ifFalse:[
> >> >> >> >                 self error: 'The certificate is invalid (code: ', socket
> certState,')'.
> >> >> >> >         ].
> >> >> >> >         socket sendData:
> >> >> >> >                 'GET / HTTP/1.0', String crlf,
> >> >> >> >                 'Host: github.com', String crlf,
> >> >> >> >                 'Connection: close', String crlf,
> >> >> >> >                 String crlf.
> >> >> >> >
> >> >> >> >         ^socket receiveData
> >> >> >> >
> >> >> >> > At what point do you get an error?
> >> >> >> >
> >> >> >> >
> >> >> >> > All the best,
> >> >> >> >
> >> >> >> > Ron Teitelbaum
> >> >> >> > Head Of Engineering
> >> >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me
> >> >> >> > On
> >> >> >> > Twitter: @RonTeitelbaum www.3dicc.com
> >> >> >> >
> >> >> >> >
> >> >> >> >> -----Original Message-----
> >> >> >> >> From: [hidden email]
> >> >> >> >> [mailto:squeak-dev- [hidden email]] On
> >> >> >> >> Behalf Of Frank Shearar
> >> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM
> >> >> >> >> To: The general-purpose Squeak developers list
> >> >> >> >> Subject: Re: [squeak-dev] RE: SSL
> >> >> >> >>
> >> >> >> >> On 11 May 2013 23:24, Frank Shearar
> >> >> >> >> <[hidden email]>
> >> wrote:
> >> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and
> >> >> >> >> > probably pretty important info, is that the SqueakSSL unit
> >> >> >> >> > tests
> >> _pass_.
> >> >> >> >> > It's when I, say, try connect to https://github.com/, that
> >> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate.
> >> >> >> >> >
> >> >> >> >> > I've been digging with strace. The SSL_connect thing
> >> >> >> >> > happens on Cog because of something funny with the
> >> >> >> >> > plugin's file, SqueakSSL. On an Interpreter VM, I get an
> >> >> >> >> > error in SecureSocketStream >>
> >> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5".
> >> >> >> >>
> >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error
> >> >> >> >> returned by SSL_read isn't SSL_ERROR_WANT_READ
> >> >> >> >> (renegotiation) or SSL_ERROR_ZERO_RETURN (a clean shutdown).
> >> >> >> >>
> >> >> >> >> frank
> >> >> >> >>
> >> >> >> >> > So continuing my explorations with the Interpreter, I do
> >> >> >> >> > actually get a WebResponse back from github, looking like this:
> >> >> >> >> >
> >> >> >> >> > WebResponse(HTTP/1.1 200 OK
> >> >> >> >> > connection: close
> >> >> >> >> > transfer-encoding: chunked
> >> >> >> >> > content-type: application/zip
> >> >> >> >> > content-disposition: attachment;
> >> >> >> >> > filename=frankshearar-Control-e705021.zip
> >> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT
> >> >> >> >> > )
> >> >> >> >> >
> >> >> >> >> > but the download breaks in the above-mentioned method.
> >> >> >> >> >
> >> >> >> >> > frank
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]>
> >> wrote:
> >> >> >> >> >> Hey Frank,
> >> >> >> >> >>
> >> >> >> >> >> You must also have OpenSSL installed, but if this was
> >> >> >> >> >> working previously then
> >> >> >> >> I expect that you have it installed.
> >> >> >> >> >>
> >> >> >> >> >> All the best,
> >> >> >> >> >>
> >> >> >> >> >> Ron
> >> >> >> >> >>
> >> >> >> >> >>> -----Original Message-----
> >> >> >> >> >>> From: [hidden email]
> >> >> >> >> >>> [mailto:squeak-dev- [hidden email]]
> >> >> >> >> >>> On Behalf Of Frank Shearar
> >> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM
> >> >> >> >> >>> To: The general-purpose Squeak developers list
> >> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL
> >> >> >> >> >>>
> >> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They
> >> >> >> >> >>> also fail on my Ubuntu Lucid box. I've mentioned this before:
> >> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then
> >> >> >> >> >>> one day stopped working. That does sound like possible
> >> >> >> >> >>> cert expiration. The main trouble I have is that my
> >> >> >> >> >>> debugging info is usually just "primitive failed",
> >> >> >> >> >>> without any clue as to
> >> >> >> >> _why_.
> >> >> >> >> >>>
> >> >> >> >> >>> I'll try run some things just now and report back.
> >> >> >> >> >>>
> >> >> >> >> >>> frank
> >> >> >> >> >>>
> >> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]>
> >> wrote:
> >> >> >> >> >>> > Hello,
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > The problem is the certificate.  What os is this running on?
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no
> >> >> >> >> >>> > start
> >> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE
> >> >> >> >> >>> >
> >> >> >> >> >>> > 30183:error:140AD009:SSL
> >> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM
> >> >> >> >> >>> > lib:ssl_rsa.c:491:
> >> >> >> >> >>> >
> >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no
> >> >> >> >> >>> > start
> >> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY
> >> >> >> >> >>> >
> >> >> >> >> >>> > 30183:error:140B0009:SSL
> >> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM
> >> >> >> >> >>> > lib:ssl_rsa.c:669:
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is
> >> >> >> >> >>> > hardcoded for
> >> >> >> windows.
> >> >> >> >> >>> > I'm thinking that the cert may be expired.
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem.
> >> >> >> >> >>> > To fix this you should create a sample cert for
> >> >> >> >> >>> > windows and then point the test case to that cert, or
> >> >> >> >> >>> > replace the
> >> hardcoded cert.
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image,
> >> >> >> >> >>> > with the existing SSL test code and it worked fine.
> >> >> >> >> >>> > So it may not be the sample
> >> >> >> >> cert.
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > Need more info.
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > All the best,
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> > Ron Teitelbaum
> >> >> >> >> >>> >
> >> >> >> >> >>> > Head Of Engineering
> >> >> >> >> >>> >
> >> >> >> >> >>> > 3d Immersive Collaboration Consulting
> >> >> >> >> >>> >
> >> >> >> >> >>> > [hidden email]
> >> >> >> >> >>> >
> >> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum
> >> >> >> >> >>> >
> >> >> >> >> >>> > www.3dicc.com
> >> >> >> >> >>> >
> >> >> >> >> >>> > 3d ICC on G+
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >> -----Original Message-----
> >> >> >> >> >>> >
> >> >> >> >> >>> >> From: [hidden email]
> >> >> >> >> >>> >> [mailto:squeak-dev-
> >> >> >> >> >>> >
> >> >> >> >> >>> >> [hidden email]] On Behalf Of
> >> >> >> >> >>> >> Patrick Shouse
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >> Hi, Ron. Here's a link to one
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.
> >> >> >> >> >>> >> 3/8
> >> >> >> >> >>> >> 2/
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >> You can click on the Console Ouput link on this page
> >> >> >> >> >>> >> to see the
> >> >> details.
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >> --
> >> >> >> >> >>> >
> >> >> >> >> >>> >> View this message in context:
> >> >> >> >> >>> >> http://forum.world.st/SSL-
> >> >> >> >> >>> >
> >> >> >> >> >>> >> tp4686693p4686815.html
> >> >> >> >> >>> >
> >> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at
> Nabble.com.
> >> >> >> >> >>> >
> >> >> >> >> >>> >>
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>> >
> >> >> >> >> >>>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >> >>
> >> >> >> >>
> >> >> >> >
> >> >> >> >
> >> >> >> >
> >> >> >>
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
> >
>

> On 05/13/2013 07:54 PM, Frank Shearar wrote:
>>
>> Hi Ron,
>>
>> If I use a Cog r.2714 I get a primitiveCreateSSL error because the
>> SqueakSSL plugin there has some weird linking problem.
>
>
> What says ldd SqueakSSL?
>
> A classic issue is version of OpenSSL libraries. A quick hack is often to
> just create a properly named softlink - or to install the proper package
> (some distros have 0.9.8 backwards compat packages etc).

> On 14 May 2013 07:29, Göran Krampe <[hidden email]> wrote:
>> On 05/13/2013 07:54 PM, Frank Shearar wrote:
>>>
>>> Hi Ron,
>>>
>>> If I use a Cog r.2714 I get a primitiveCreateSSL error because the
>>> SqueakSSL plugin there has some weird linking problem.
>>
>>
>> What says ldd SqueakSSL?
>>
>> A classic issue is version of OpenSSL libraries. A quick hack is often to
>> just create a properly named softlink - or to install the proper package
>> (some distros have 0.9.8 backwards compat packages etc).
>
> That's a very good first question but (a) Lucid ships with OpenSSL
> 0.9.8 and (b) this used to work on the machine I'm currently testing
> on. Lucid's old enough that it's not getting OpenSSL 1.0.0.