Does anyone else use SSL through SqueakSSL? I see primitive errors, but don't know how to debug them. You can see the failures in recent builds for the ExternalPackages job on build.squeak.org.
frank |
Hi Frank.
We use SqueakSSL on 4.1 and our tests are all passing. I'm not completely familiar with Jenkins but from the looks of it I don't see any primitive failures. I do see SSL errors that indicate that possibly the setup is failing. Can you point me to where I can see the errors you are concerned with? What image? What OS? What VM? All the best, Ron Teitelbaum > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Friday, May 10, 2013 3:19 AM > To: The general-purpose Squeak developers list > Subject: [squeak-dev] SSL > > Does anyone else use SSL through SqueakSSL? I see primitive errors, but don't > know how to debug them. You can see the failures in recent builds for the > ExternalPackages job on build.squeak.org. > > frank |
Hi, Ron. Here's a link to one
http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ You can click on the Console Ouput link on this page to see the details. |
Hello, The problem is the certificate. What os is this running on? 30183:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: CERTIFICATE 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib:ssl_rsa.c:491: 30183:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: ANY PRIVATE KEY 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:669: The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. I'm thinking that the cert may be expired. On Linux it creates a new cert so it wouldn't be a problem. To fix this you should create a sample cert for windows and then point the test case to that cert, or replace the hardcoded cert. Hmmm, just ran this on my windows 7, 4.1 based image, with the existing SSL test code and it worked fine. So it may not be the sample cert. Need more info. All the best, Ron Teitelbaum Head Of Engineering 3d Immersive Collaboration Consulting Follow Me On Twitter: @RonTeitelbaum > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Patrick Shouse > > Hi, Ron. Here's a link to one > > http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > > You can click on the Console Ouput link on this page to see the details. > > > > -- > View this message in context: http://forum.world.st/SSL- > Sent from the Squeak - Dev mailing list archive at Nabble.com. > |
The build.squeak.org tests run on a CentOS box. They also fail on my
Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on Cog.r2714, and then one day stopped working. That does sound like possible cert expiration. The main trouble I have is that my debugging info is usually just "primitive failed", without any clue as to _why_. I'll try run some things just now and report back. frank On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: > Hello, > > > > The problem is the certificate. What os is this running on? > > > > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:650:Expecting: CERTIFICATE > > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM > lib:ssl_rsa.c:491: > > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > lib:ssl_rsa.c:669: > > > > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. I'm > thinking that the cert may be expired. > > > > On Linux it creates a new cert so it wouldn't be a problem. To fix this you > should create a sample cert for windows and then point the test case to that > cert, or replace the hardcoded cert. > > > > Hmmm, just ran this on my windows 7, 4.1 based image, with the existing SSL > test code and it worked fine. So it may not be the sample cert. > > > > Need more info. > > > > All the best, > > > > Ron Teitelbaum > > Head Of Engineering > > 3d Immersive Collaboration Consulting > > [hidden email] > > Follow Me On Twitter: @RonTeitelbaum > > www.3dicc.com > > 3d ICC on G+ > > > > > > > >> -----Original Message----- > >> From: [hidden email] [mailto:squeak-dev- > >> [hidden email]] On Behalf Of Patrick Shouse > >> > >> Hi, Ron. Here's a link to one > >> > >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > >> > >> You can click on the Console Ouput link on this page to see the details. > >> > >> > >> > >> -- > >> View this message in context: http://forum.world.st/SSL- > >> tp4686693p4686815.html > >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >> > > > > > > |
Hey Frank,
You must also have OpenSSL installed, but if this was working previously then I expect that you have it installed. All the best, Ron > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Saturday, May 11, 2013 2:58 PM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu > Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on > Cog.r2714, and then one day stopped working. That does sound like possible > cert expiration. The main trouble I have is that my debugging info is usually just > "primitive failed", without any clue as to _why_. > > I'll try run some things just now and report back. > > frank > > On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: > > Hello, > > > > > > > > The problem is the certificate. What os is this running on? > > > > > > > > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:650:Expecting: CERTIFICATE > > > > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM > > lib:ssl_rsa.c:491: > > > > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > > > > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > > lib:ssl_rsa.c:669: > > > > > > > > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. > > I'm thinking that the cert may be expired. > > > > > > > > On Linux it creates a new cert so it wouldn't be a problem. To fix > > this you should create a sample cert for windows and then point the > > test case to that cert, or replace the hardcoded cert. > > > > > > > > Hmmm, just ran this on my windows 7, 4.1 based image, with the > > existing SSL test code and it worked fine. So it may not be the sample cert. > > > > > > > > Need more info. > > > > > > > > All the best, > > > > > > > > Ron Teitelbaum > > > > Head Of Engineering > > > > 3d Immersive Collaboration Consulting > > > > [hidden email] > > > > Follow Me On Twitter: @RonTeitelbaum > > > > www.3dicc.com > > > > 3d ICC on G+ > > > > > > > > > > > > > > > >> -----Original Message----- > > > >> From: [hidden email] > >> [mailto:squeak-dev- > > > >> [hidden email]] On Behalf Of Patrick Shouse > > > >> > > > >> Hi, Ron. Here's a link to one > > > >> > > > >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > > > >> > > > >> You can click on the Console Ouput link on this page to see the details. > > > >> > > > >> > > > >> > > > >> -- > > > >> View this message in context: http://forum.world.st/SSL- > > > >> tp4686693p4686815.html > > > >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > > > >> > > > > > > > > > > > > > |
Yes, I'd thought of that :) One thing that's weird, and probably
pretty important info, is that the SqueakSSL unit tests _pass_. It's when I, say, try connect to https://github.com/, that things break in SqueakSSL >> #primitiveSSLCreate. I've been digging with strace. The SSL_connect thing happens on Cog because of something funny with the plugin's file, SqueakSSL. On an Interpreter VM, I get an error in SecureSocketStream >> #receiveDataInto:startingAt: - "SSL error, code: -5". So continuing my explorations with the Interpreter, I do actually get a WebResponse back from github, looking like this: WebResponse(HTTP/1.1 200 OK connection: close transfer-encoding: chunked content-type: application/zip content-disposition: attachment; filename=frankshearar-Control-e705021.zip date: Sat, 11 May 2013 22:19:00 GMT ) but the download breaks in the above-mentioned method. frank On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: > Hey Frank, > > You must also have OpenSSL installed, but if this was working previously then I expect that you have it installed. > > All the best, > > Ron > >> -----Original Message----- >> From: [hidden email] [mailto:squeak-dev- >> [hidden email]] On Behalf Of Frank Shearar >> Sent: Saturday, May 11, 2013 2:58 PM >> To: The general-purpose Squeak developers list >> Subject: Re: [squeak-dev] RE: SSL >> >> The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu >> Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on >> Cog.r2714, and then one day stopped working. That does sound like possible >> cert expiration. The main trouble I have is that my debugging info is usually just >> "primitive failed", without any clue as to _why_. >> >> I'll try run some things just now and report back. >> >> frank >> >> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: >> > Hello, >> > >> > >> > >> > The problem is the certificate. What os is this running on? >> > >> > >> > >> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> > line:pem_lib.c:650:Expecting: CERTIFICATE >> > >> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM >> > lib:ssl_rsa.c:491: >> > >> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >> > >> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM >> > lib:ssl_rsa.c:669: >> > >> > >> > >> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. >> > I'm thinking that the cert may be expired. >> > >> > >> > >> > On Linux it creates a new cert so it wouldn't be a problem. To fix >> > this you should create a sample cert for windows and then point the >> > test case to that cert, or replace the hardcoded cert. >> > >> > >> > >> > Hmmm, just ran this on my windows 7, 4.1 based image, with the >> > existing SSL test code and it worked fine. So it may not be the sample cert. >> > >> > >> > >> > Need more info. >> > >> > >> > >> > All the best, >> > >> > >> > >> > Ron Teitelbaum >> > >> > Head Of Engineering >> > >> > 3d Immersive Collaboration Consulting >> > >> > [hidden email] >> > >> > Follow Me On Twitter: @RonTeitelbaum >> > >> > www.3dicc.com >> > >> > 3d ICC on G+ >> > >> > >> > >> > >> > >> > >> > >> >> -----Original Message----- >> > >> >> From: [hidden email] >> >> [mailto:squeak-dev- >> > >> >> [hidden email]] On Behalf Of Patrick Shouse >> > >> >> >> > >> >> Hi, Ron. Here's a link to one >> > >> >> >> > >> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ >> > >> >> >> > >> >> You can click on the Console Ouput link on this page to see the details. >> > >> >> >> > >> >> >> > >> >> >> > >> >> -- >> > >> >> View this message in context: http://forum.world.st/SSL- >> > >> >> tp4686693p4686815.html >> > >> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >> > >> >> >> > >> > >> > >> > >> > >> > >> > > > |
On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote:
> Yes, I'd thought of that :) One thing that's weird, and probably > pretty important info, is that the SqueakSSL unit tests _pass_. It's > when I, say, try connect to https://github.com/, that things break in > SqueakSSL >> #primitiveSSLCreate. > > I've been digging with strace. The SSL_connect thing happens on Cog > because of something funny with the plugin's file, SqueakSSL. On an > Interpreter VM, I get an error in SecureSocketStream >> > #receiveDataInto:startingAt: - "SSL error, code: -5". -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a clean shutdown). frank > So continuing my explorations with the Interpreter, I do actually get > a WebResponse back from github, looking like this: > > WebResponse(HTTP/1.1 200 OK > connection: close > transfer-encoding: chunked > content-type: application/zip > content-disposition: attachment; filename=frankshearar-Control-e705021.zip > date: Sat, 11 May 2013 22:19:00 GMT > ) > > but the download breaks in the above-mentioned method. > > frank > > > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: >> Hey Frank, >> >> You must also have OpenSSL installed, but if this was working previously then I expect that you have it installed. >> >> All the best, >> >> Ron >> >>> -----Original Message----- >>> From: [hidden email] [mailto:squeak-dev- >>> [hidden email]] On Behalf Of Frank Shearar >>> Sent: Saturday, May 11, 2013 2:58 PM >>> To: The general-purpose Squeak developers list >>> Subject: Re: [squeak-dev] RE: SSL >>> >>> The build.squeak.org tests run on a CentOS box. They also fail on my Ubuntu >>> Lucid box. I've mentioned this before: SqueakSSL used to work just fine, on >>> Cog.r2714, and then one day stopped working. That does sound like possible >>> cert expiration. The main trouble I have is that my debugging info is usually just >>> "primitive failed", without any clue as to _why_. >>> >>> I'll try run some things just now and report back. >>> >>> frank >>> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: >>> > Hello, >>> > >>> > >>> > >>> > The problem is the certificate. What os is this running on? >>> > >>> > >>> > >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >>> > line:pem_lib.c:650:Expecting: CERTIFICATE >>> > >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM >>> > lib:ssl_rsa.c:491: >>> > >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >>> > >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM >>> > lib:ssl_rsa.c:669: >>> > >>> > >>> > >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. >>> > I'm thinking that the cert may be expired. >>> > >>> > >>> > >>> > On Linux it creates a new cert so it wouldn't be a problem. To fix >>> > this you should create a sample cert for windows and then point the >>> > test case to that cert, or replace the hardcoded cert. >>> > >>> > >>> > >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the >>> > existing SSL test code and it worked fine. So it may not be the sample cert. >>> > >>> > >>> > >>> > Need more info. >>> > >>> > >>> > >>> > All the best, >>> > >>> > >>> > >>> > Ron Teitelbaum >>> > >>> > Head Of Engineering >>> > >>> > 3d Immersive Collaboration Consulting >>> > >>> > [hidden email] >>> > >>> > Follow Me On Twitter: @RonTeitelbaum >>> > >>> > www.3dicc.com >>> > >>> > 3d ICC on G+ >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> >> -----Original Message----- >>> > >>> >> From: [hidden email] >>> >> [mailto:squeak-dev- >>> > >>> >> [hidden email]] On Behalf Of Patrick Shouse >>> > >>> >> >>> > >>> >> Hi, Ron. Here's a link to one >>> > >>> >> >>> > >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ >>> > >>> >> >>> > >>> >> You can click on the Console Ouput link on this page to see the details. >>> > >>> >> >>> > >>> >> >>> > >>> >> >>> > >>> >> -- >>> > >>> >> View this message in context: http://forum.world.st/SSL- >>> > >>> >> tp4686693p4686815.html >>> > >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >>> > >>> >> >>> > >>> > >>> > >>> > >>> > >>> > >>> >> >> >> |
Hey Frank,
I tried this on my 4.1 image and it works fine. Connecting to a server doesn't require a cert so this should just work. | address socket | address := NetNameResolver addressForName: 'github.com'. socket := SecureSocket newTCP. socket connectTo: address port: 443. socket waitForConnectionFor: 10. socket sslConnect. socket certState = 0 ifFalse:[ self error: 'The certificate is invalid (code: ', socket certState,')'. ]. socket sendData: 'GET / HTTP/1.0', String crlf, 'Host: github.com', String crlf, 'Connection: close', String crlf, String crlf. ^socket receiveData At what point do you get an error? All the best, Ron Teitelbaum Head Of Engineering 3d Immersive Collaboration Consulting [hidden email] Follow Me On Twitter: @RonTeitelbaum www.3dicc.com > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Saturday, May 11, 2013 6:39 PM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: > > Yes, I'd thought of that :) One thing that's weird, and probably > > pretty important info, is that the SqueakSSL unit tests _pass_. It's > > when I, say, try connect to https://github.com/, that things break in > > SqueakSSL >> #primitiveSSLCreate. > > > > I've been digging with strace. The SSL_connect thing happens on Cog > > because of something funny with the plugin's file, SqueakSSL. On an > > Interpreter VM, I get an error in SecureSocketStream >> > > #receiveDataInto:startingAt: - "SSL error, code: -5". > > -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read > isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a > clean shutdown). > > frank > > > So continuing my explorations with the Interpreter, I do actually get > > a WebResponse back from github, looking like this: > > > > WebResponse(HTTP/1.1 200 OK > > connection: close > > transfer-encoding: chunked > > content-type: application/zip > > content-disposition: attachment; > > filename=frankshearar-Control-e705021.zip > > date: Sat, 11 May 2013 22:19:00 GMT > > ) > > > > but the download breaks in the above-mentioned method. > > > > frank > > > > > > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: > >> Hey Frank, > >> > >> You must also have OpenSSL installed, but if this was working previously then > I expect that you have it installed. > >> > >> All the best, > >> > >> Ron > >> > >>> -----Original Message----- > >>> From: [hidden email] > >>> [mailto:squeak-dev- [hidden email]] On Behalf Of > >>> Frank Shearar > >>> Sent: Saturday, May 11, 2013 2:58 PM > >>> To: The general-purpose Squeak developers list > >>> Subject: Re: [squeak-dev] RE: SSL > >>> > >>> The build.squeak.org tests run on a CentOS box. They also fail on my > >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work > >>> just fine, on Cog.r2714, and then one day stopped working. That does > >>> sound like possible cert expiration. The main trouble I have is that > >>> my debugging info is usually just "primitive failed", without any clue as to > _why_. > >>> > >>> I'll try run some things just now and report back. > >>> > >>> frank > >>> > >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: > >>> > Hello, > >>> > > >>> > > >>> > > >>> > The problem is the certificate. What os is this running on? > >>> > > >>> > > >>> > > >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >>> > > >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM > >>> > lib:ssl_rsa.c:491: > >>> > > >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >>> > > >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM > >>> > lib:ssl_rsa.c:669: > >>> > > >>> > > >>> > > >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. > >>> > I'm thinking that the cert may be expired. > >>> > > >>> > > >>> > > >>> > On Linux it creates a new cert so it wouldn't be a problem. To > >>> > fix this you should create a sample cert for windows and then > >>> > point the test case to that cert, or replace the hardcoded cert. > >>> > > >>> > > >>> > > >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the > >>> > existing SSL test code and it worked fine. So it may not be the sample > cert. > >>> > > >>> > > >>> > > >>> > Need more info. > >>> > > >>> > > >>> > > >>> > All the best, > >>> > > >>> > > >>> > > >>> > Ron Teitelbaum > >>> > > >>> > Head Of Engineering > >>> > > >>> > 3d Immersive Collaboration Consulting > >>> > > >>> > [hidden email] > >>> > > >>> > Follow Me On Twitter: @RonTeitelbaum > >>> > > >>> > www.3dicc.com > >>> > > >>> > 3d ICC on G+ > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> >> -----Original Message----- > >>> > > >>> >> From: [hidden email] > >>> >> [mailto:squeak-dev- > >>> > > >>> >> [hidden email]] On Behalf Of Patrick Shouse > >>> > > >>> >> > >>> > > >>> >> Hi, Ron. Here's a link to one > >>> > > >>> >> > >>> > > >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > >>> > > >>> >> > >>> > > >>> >> You can click on the Console Ouput link on this page to see the details. > >>> > > >>> >> > >>> > > >>> >> > >>> > > >>> >> > >>> > > >>> >> -- > >>> > > >>> >> View this message in context: http://forum.world.st/SSL- > >>> > > >>> >> tp4686693p4686815.html > >>> > > >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >>> > > >>> >> > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > >> > >> > >> > |
Hi Ron,
I'm constructing the following expression - WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.) The SSL connection's established. Then it looks like I receive a chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd. #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls #receiveDataInto:startingAt:. And that results in calling SqueakSSL >> #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR. frank On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: > Hey Frank, > > I tried this on my 4.1 image and it works fine. Connecting to a server doesn't require a cert so this should just work. > > | address socket | > address := NetNameResolver addressForName: 'github.com'. > socket := SecureSocket newTCP. > socket connectTo: address port: 443. > socket waitForConnectionFor: 10. > socket sslConnect. > socket certState = 0 ifFalse:[ > self error: 'The certificate is invalid (code: ', socket certState,')'. > ]. > socket sendData: > 'GET / HTTP/1.0', String crlf, > 'Host: github.com', String crlf, > 'Connection: close', String crlf, > String crlf. > > ^socket receiveData > > At what point do you get an error? > > > All the best, > > Ron Teitelbaum > Head Of Engineering > 3d Immersive Collaboration Consulting > [hidden email] > Follow Me On Twitter: @RonTeitelbaum > www.3dicc.com > > >> -----Original Message----- >> From: [hidden email] [mailto:squeak-dev- >> [hidden email]] On Behalf Of Frank Shearar >> Sent: Saturday, May 11, 2013 6:39 PM >> To: The general-purpose Squeak developers list >> Subject: Re: [squeak-dev] RE: SSL >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: >> > Yes, I'd thought of that :) One thing that's weird, and probably >> > pretty important info, is that the SqueakSSL unit tests _pass_. It's >> > when I, say, try connect to https://github.com/, that things break in >> > SqueakSSL >> #primitiveSSLCreate. >> > >> > I've been digging with strace. The SSL_connect thing happens on Cog >> > because of something funny with the plugin's file, SqueakSSL. On an >> > Interpreter VM, I get an error in SecureSocketStream >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by SSL_read >> isn't SSL_ERROR_WANT_READ (renegotiation) or SSL_ERROR_ZERO_RETURN (a >> clean shutdown). >> >> frank >> >> > So continuing my explorations with the Interpreter, I do actually get >> > a WebResponse back from github, looking like this: >> > >> > WebResponse(HTTP/1.1 200 OK >> > connection: close >> > transfer-encoding: chunked >> > content-type: application/zip >> > content-disposition: attachment; >> > filename=frankshearar-Control-e705021.zip >> > date: Sat, 11 May 2013 22:19:00 GMT >> > ) >> > >> > but the download breaks in the above-mentioned method. >> > >> > frank >> > >> > >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: >> >> Hey Frank, >> >> >> >> You must also have OpenSSL installed, but if this was working previously then >> I expect that you have it installed. >> >> >> >> All the best, >> >> >> >> Ron >> >> >> >>> -----Original Message----- >> >>> From: [hidden email] >> >>> [mailto:squeak-dev- [hidden email]] On Behalf Of >> >>> Frank Shearar >> >>> Sent: Saturday, May 11, 2013 2:58 PM >> >>> To: The general-purpose Squeak developers list >> >>> Subject: Re: [squeak-dev] RE: SSL >> >>> >> >>> The build.squeak.org tests run on a CentOS box. They also fail on my >> >>> Ubuntu Lucid box. I've mentioned this before: SqueakSSL used to work >> >>> just fine, on Cog.r2714, and then one day stopped working. That does >> >>> sound like possible cert expiration. The main trouble I have is that >> >>> my debugging info is usually just "primitive failed", without any clue as to >> _why_. >> >>> >> >>> I'll try run some things just now and report back. >> >>> >> >>> frank >> >>> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: >> >>> > Hello, >> >>> > >> >>> > >> >>> > >> >>> > The problem is the certificate. What os is this running on? >> >>> > >> >>> > >> >>> > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE >> >>> > >> >>> > 30183:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM >> >>> > lib:ssl_rsa.c:491: >> >>> > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >> >>> > >> >>> > 30183:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM >> >>> > lib:ssl_rsa.c:669: >> >>> > >> >>> > >> >>> > >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for windows. >> >>> > I'm thinking that the cert may be expired. >> >>> > >> >>> > >> >>> > >> >>> > On Linux it creates a new cert so it wouldn't be a problem. To >> >>> > fix this you should create a sample cert for windows and then >> >>> > point the test case to that cert, or replace the hardcoded cert. >> >>> > >> >>> > >> >>> > >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the >> >>> > existing SSL test code and it worked fine. So it may not be the sample >> cert. >> >>> > >> >>> > >> >>> > >> >>> > Need more info. >> >>> > >> >>> > >> >>> > >> >>> > All the best, >> >>> > >> >>> > >> >>> > >> >>> > Ron Teitelbaum >> >>> > >> >>> > Head Of Engineering >> >>> > >> >>> > 3d Immersive Collaboration Consulting >> >>> > >> >>> > [hidden email] >> >>> > >> >>> > Follow Me On Twitter: @RonTeitelbaum >> >>> > >> >>> > www.3dicc.com >> >>> > >> >>> > 3d ICC on G+ >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> >> -----Original Message----- >> >>> > >> >>> >> From: [hidden email] >> >>> >> [mailto:squeak-dev- >> >>> > >> >>> >> [hidden email]] On Behalf Of Patrick Shouse >> >>> > >> >>> >> >> >>> > >> >>> >> Hi, Ron. Here's a link to one >> >>> > >> >>> >> >> >>> > >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ >> >>> > >> >>> >> >> >>> > >> >>> >> You can click on the Console Ouput link on this page to see the details. >> >>> > >> >>> >> >> >>> > >> >>> >> >> >>> > >> >>> >> >> >>> > >> >>> >> -- >> >>> > >> >>> >> View this message in context: http://forum.world.st/SSL- >> >>> > >> >>> >> tp4686693p4686815.html >> >>> > >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >> >>> > >> >>> >> >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> >> >> >> >> >> >> >> > > > |
Hi Frank,
This is just a guess but maybe the redirect is to a server with a different certificate. Maybe after the redirect a new ssl connection needs to be made? Have you looked at the data you receive? Maybe it's a request to renegotiate a session? Trying this without https I get this: Resource interpreted as Document but transferred with MIME type application/zip: "https://codeload.github.com/frankshearar/Control/legacy.zip/master". I see the permanent redirect response. What happens if you go directly to the redirected link? All the best, Ron Teitelbaum > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Sunday, May 12, 2013 5:19 AM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > Hi Ron, > > I'm constructing the following expression - WebClient httpGet: > 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to > 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.) > > The SSL connection's established. Then it looks like I receive a chunk or 16372 > bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which > we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd. > #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls > #receiveDataInto:startingAt:. And that results in calling SqueakSSL >> > #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR. > > frank > > On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: > > Hey Frank, > > > > I tried this on my 4.1 image and it works fine. Connecting to a server doesn't > require a cert so this should just work. > > > > | address socket | > > address := NetNameResolver addressForName: 'github.com'. > > socket := SecureSocket newTCP. > > socket connectTo: address port: 443. > > socket waitForConnectionFor: 10. > > socket sslConnect. > > socket certState = 0 ifFalse:[ > > self error: 'The certificate is invalid (code: ', socket certState,')'. > > ]. > > socket sendData: > > 'GET / HTTP/1.0', String crlf, > > 'Host: github.com', String crlf, > > 'Connection: close', String crlf, > > String crlf. > > > > ^socket receiveData > > > > At what point do you get an error? > > > > > > All the best, > > > > Ron Teitelbaum > > Head Of Engineering > > 3d Immersive Collaboration Consulting > > [hidden email] > > Follow Me On Twitter: @RonTeitelbaum > > www.3dicc.com > > > > > >> -----Original Message----- > >> From: [hidden email] > >> [mailto:squeak-dev- [hidden email]] On Behalf Of > >> Frank Shearar > >> Sent: Saturday, May 11, 2013 6:39 PM > >> To: The general-purpose Squeak developers list > >> Subject: Re: [squeak-dev] RE: SSL > >> > >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: > >> > Yes, I'd thought of that :) One thing that's weird, and probably > >> > pretty important info, is that the SqueakSSL unit tests _pass_. > >> > It's when I, say, try connect to https://github.com/, that things > >> > break in SqueakSSL >> #primitiveSSLCreate. > >> > > >> > I've been digging with strace. The SSL_connect thing happens on Cog > >> > because of something funny with the plugin's file, SqueakSSL. On an > >> > Interpreter VM, I get an error in SecureSocketStream >> > >> > #receiveDataInto:startingAt: - "SSL error, code: -5". > >> > >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by > >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or > >> SSL_ERROR_ZERO_RETURN (a clean shutdown). > >> > >> frank > >> > >> > So continuing my explorations with the Interpreter, I do actually > >> > get a WebResponse back from github, looking like this: > >> > > >> > WebResponse(HTTP/1.1 200 OK > >> > connection: close > >> > transfer-encoding: chunked > >> > content-type: application/zip > >> > content-disposition: attachment; > >> > filename=frankshearar-Control-e705021.zip > >> > date: Sat, 11 May 2013 22:19:00 GMT > >> > ) > >> > > >> > but the download breaks in the above-mentioned method. > >> > > >> > frank > >> > > >> > > >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: > >> >> Hey Frank, > >> >> > >> >> You must also have OpenSSL installed, but if this was working > >> >> previously then > >> I expect that you have it installed. > >> >> > >> >> All the best, > >> >> > >> >> Ron > >> >> > >> >>> -----Original Message----- > >> >>> From: [hidden email] > >> >>> [mailto:squeak-dev- [hidden email]] On Behalf > >> >>> Of Frank Shearar > >> >>> Sent: Saturday, May 11, 2013 2:58 PM > >> >>> To: The general-purpose Squeak developers list > >> >>> Subject: Re: [squeak-dev] RE: SSL > >> >>> > >> >>> The build.squeak.org tests run on a CentOS box. They also fail on > >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used > >> >>> to work just fine, on Cog.r2714, and then one day stopped > >> >>> working. That does sound like possible cert expiration. The main > >> >>> trouble I have is that my debugging info is usually just > >> >>> "primitive failed", without any clue as to > >> _why_. > >> >>> > >> >>> I'll try run some things just now and report back. > >> >>> > >> >>> frank > >> >>> > >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: > >> >>> > Hello, > >> >>> > > >> >>> > > >> >>> > > >> >>> > The problem is the certificate. What os is this running on? > >> >>> > > >> >>> > > >> >>> > > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >> >>> > > >> >>> > 30183:error:140AD009:SSL > >> >>> > routines:SSL_CTX_use_certificate_file:PEM > >> >>> > lib:ssl_rsa.c:491: > >> >>> > > >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >> >>> > > >> >>> > 30183:error:140B0009:SSL > >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM > >> >>> > lib:ssl_rsa.c:669: > >> >>> > > >> >>> > > >> >>> > > >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for > windows. > >> >>> > I'm thinking that the cert may be expired. > >> >>> > > >> >>> > > >> >>> > > >> >>> > On Linux it creates a new cert so it wouldn't be a problem. To > >> >>> > fix this you should create a sample cert for windows and then > >> >>> > point the test case to that cert, or replace the hardcoded cert. > >> >>> > > >> >>> > > >> >>> > > >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the > >> >>> > existing SSL test code and it worked fine. So it may not be > >> >>> > the sample > >> cert. > >> >>> > > >> >>> > > >> >>> > > >> >>> > Need more info. > >> >>> > > >> >>> > > >> >>> > > >> >>> > All the best, > >> >>> > > >> >>> > > >> >>> > > >> >>> > Ron Teitelbaum > >> >>> > > >> >>> > Head Of Engineering > >> >>> > > >> >>> > 3d Immersive Collaboration Consulting > >> >>> > > >> >>> > [hidden email] > >> >>> > > >> >>> > Follow Me On Twitter: @RonTeitelbaum > >> >>> > > >> >>> > www.3dicc.com > >> >>> > > >> >>> > 3d ICC on G+ > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> >> -----Original Message----- > >> >>> > > >> >>> >> From: [hidden email] > >> >>> >> [mailto:squeak-dev- > >> >>> > > >> >>> >> [hidden email]] On Behalf Of Patrick > >> >>> >> Shouse > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> Hi, Ron. Here's a link to one > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> You can click on the Console Ouput link on this page to see the details. > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> > >> >>> > > >> >>> >> -- > >> >>> > > >> >>> >> View this message in context: http://forum.world.st/SSL- > >> >>> > > >> >>> >> tp4686693p4686815.html > >> >>> > > >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >> >>> > > >> >>> >> > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > > >> >>> > >> >> > >> >> > >> >> > >> > > > > > > > |
Hi Ron,
It's definitely not the redirect. WebClient merrilly follows the redirect, and I get partway through a download. In the decoded instvar I can see the filenames I expect to see. And then at some point during the download, I get the reported failure. PERHAPS it's because of the chunk encoding, but I'd put a low probability on that. Did you manage to successfully download that URL using WebClient? frank On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: > Hi Frank, > > This is just a guess but maybe the redirect is to a server with a different certificate. Maybe after the redirect a new ssl connection needs to be made? Have you looked at the data you receive? Maybe it's a request to renegotiate a session? > > Trying this without https I get this: > > Resource interpreted as Document but transferred with MIME type application/zip: "https://codeload.github.com/frankshearar/Control/legacy.zip/master". > > I see the permanent redirect response. > > What happens if you go directly to the redirected link? > > All the best, > > Ron Teitelbaum > >> -----Original Message----- >> From: [hidden email] [mailto:squeak-dev- >> [hidden email]] On Behalf Of Frank Shearar >> Sent: Sunday, May 12, 2013 5:19 AM >> To: The general-purpose Squeak developers list >> Subject: Re: [squeak-dev] RE: SSL >> >> Hi Ron, >> >> I'm constructing the following expression - WebClient httpGet: >> 'https://github.com/frankshearar/Control/zipball/master'. (This redirects to >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'.) >> >> The SSL connection's established. Then it looks like I receive a chunk or 16372 >> bytes (in #chunkFrom:to:progress:). That calls #skip: 2 to skip a CRLF, after which >> we try get more data. By this time the Socket is #otherEndClosedButNotThisEnd. >> #skip: calls #receiveData:, which calls #receiveAvailableData, which finally calls >> #receiveDataInto:startingAt:. And that results in calling SqueakSSL >> >> #decrypt:from:to:into:, which returns the SQSSL_GENERIC_ERROR. >> >> frank >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: >> > Hey Frank, >> > >> > I tried this on my 4.1 image and it works fine. Connecting to a server doesn't >> require a cert so this should just work. >> > >> > | address socket | >> > address := NetNameResolver addressForName: 'github.com'. >> > socket := SecureSocket newTCP. >> > socket connectTo: address port: 443. >> > socket waitForConnectionFor: 10. >> > socket sslConnect. >> > socket certState = 0 ifFalse:[ >> > self error: 'The certificate is invalid (code: ', socket certState,')'. >> > ]. >> > socket sendData: >> > 'GET / HTTP/1.0', String crlf, >> > 'Host: github.com', String crlf, >> > 'Connection: close', String crlf, >> > String crlf. >> > >> > ^socket receiveData >> > >> > At what point do you get an error? >> > >> > >> > All the best, >> > >> > Ron Teitelbaum >> > Head Of Engineering >> > 3d Immersive Collaboration Consulting >> > [hidden email] >> > Follow Me On Twitter: @RonTeitelbaum >> > www.3dicc.com >> > >> > >> >> -----Original Message----- >> >> From: [hidden email] >> >> [mailto:squeak-dev- [hidden email]] On Behalf Of >> >> Frank Shearar >> >> Sent: Saturday, May 11, 2013 6:39 PM >> >> To: The general-purpose Squeak developers list >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: >> >> > Yes, I'd thought of that :) One thing that's weird, and probably >> >> > pretty important info, is that the SqueakSSL unit tests _pass_. >> >> > It's when I, say, try connect to https://github.com/, that things >> >> > break in SqueakSSL >> #primitiveSSLCreate. >> >> > >> >> > I've been digging with strace. The SSL_connect thing happens on Cog >> >> > because of something funny with the plugin's file, SqueakSSL. On an >> >> > Interpreter VM, I get an error in SecureSocketStream >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by >> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown). >> >> >> >> frank >> >> >> >> > So continuing my explorations with the Interpreter, I do actually >> >> > get a WebResponse back from github, looking like this: >> >> > >> >> > WebResponse(HTTP/1.1 200 OK >> >> > connection: close >> >> > transfer-encoding: chunked >> >> > content-type: application/zip >> >> > content-disposition: attachment; >> >> > filename=frankshearar-Control-e705021.zip >> >> > date: Sat, 11 May 2013 22:19:00 GMT >> >> > ) >> >> > >> >> > but the download breaks in the above-mentioned method. >> >> > >> >> > frank >> >> > >> >> > >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: >> >> >> Hey Frank, >> >> >> >> >> >> You must also have OpenSSL installed, but if this was working >> >> >> previously then >> >> I expect that you have it installed. >> >> >> >> >> >> All the best, >> >> >> >> >> >> Ron >> >> >> >> >> >>> -----Original Message----- >> >> >>> From: [hidden email] >> >> >>> [mailto:squeak-dev- [hidden email]] On Behalf >> >> >>> Of Frank Shearar >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM >> >> >>> To: The general-purpose Squeak developers list >> >> >>> Subject: Re: [squeak-dev] RE: SSL >> >> >>> >> >> >>> The build.squeak.org tests run on a CentOS box. They also fail on >> >> >>> my Ubuntu Lucid box. I've mentioned this before: SqueakSSL used >> >> >>> to work just fine, on Cog.r2714, and then one day stopped >> >> >>> working. That does sound like possible cert expiration. The main >> >> >>> trouble I have is that my debugging info is usually just >> >> >>> "primitive failed", without any clue as to >> >> _why_. >> >> >>> >> >> >>> I'll try run some things just now and report back. >> >> >>> >> >> >>> frank >> >> >>> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: >> >> >>> > Hello, >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > The problem is the certificate. What os is this running on? >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE >> >> >>> > >> >> >>> > 30183:error:140AD009:SSL >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM >> >> >>> > lib:ssl_rsa.c:491: >> >> >>> > >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >> >> >>> > >> >> >>> > 30183:error:140B0009:SSL >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM >> >> >>> > lib:ssl_rsa.c:669: >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for >> windows. >> >> >>> > I'm thinking that the cert may be expired. >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. To >> >> >>> > fix this you should create a sample cert for windows and then >> >> >>> > point the test case to that cert, or replace the hardcoded cert. >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with the >> >> >>> > existing SSL test code and it worked fine. So it may not be >> >> >>> > the sample >> >> cert. >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > Need more info. >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > All the best, >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > Ron Teitelbaum >> >> >>> > >> >> >>> > Head Of Engineering >> >> >>> > >> >> >>> > 3d Immersive Collaboration Consulting >> >> >>> > >> >> >>> > [hidden email] >> >> >>> > >> >> >>> > Follow Me On Twitter: @RonTeitelbaum >> >> >>> > >> >> >>> > www.3dicc.com >> >> >>> > >> >> >>> > 3d ICC on G+ >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> >> -----Original Message----- >> >> >>> > >> >> >>> >> From: [hidden email] >> >> >>> >> [mailto:squeak-dev- >> >> >>> > >> >> >>> >> [hidden email]] On Behalf Of Patrick >> >> >>> >> Shouse >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> Hi, Ron. Here's a link to one >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> You can click on the Console Ouput link on this page to see the details. >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> >> -- >> >> >>> > >> >> >>> >> View this message in context: http://forum.world.st/SSL- >> >> >>> > >> >> >>> >> tp4686693p4686815.html >> >> >>> > >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >> >> >>> > >> >> >>> >> >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> > >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> > >> > >> > >> > > > |
Hi Frank,
On my 4.1 based image this just works: WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master' I got: WebResponse(HTTP/1.1 200 OK connection: close transfer-encoding: chunked content-type: application/zip content-disposition: attachment; filename=frankshearar-Control-e705021.zip date: Mon, 13 May 2013 13:17:34 GMT ) Content length was 98488 I checked and it is using SSL, the stream is: SecureSocketStream[inbuf:64kb/outbuf:4kb] What version of WebClient-Core do you have? I'm running WebClient-Core-ar.83. All the best, Ron Teitelbaum > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Monday, May 13, 2013 2:12 AM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > Hi Ron, > > It's definitely not the redirect. WebClient merrilly follows the redirect, and I get > partway through a download. In the decoded instvar I can see the filenames I > expect to see. And then at some point during the download, I get the reported > failure. PERHAPS it's because of the chunk encoding, but I'd put a low probability > on that. > > Did you manage to successfully download that URL using WebClient? > > frank > > On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: > > Hi Frank, > > > > This is just a guess but maybe the redirect is to a server with a different > certificate. Maybe after the redirect a new ssl connection needs to be made? > Have you looked at the data you receive? Maybe it's a request to renegotiate a > session? > > > > Trying this without https I get this: > > > > Resource interpreted as Document but transferred with MIME type > application/zip: > "https://codeload.github.com/frankshearar/Control/legacy.zip/master". > > > > I see the permanent redirect response. > > > > What happens if you go directly to the redirected link? > > > > All the best, > > > > Ron Teitelbaum > > > >> -----Original Message----- > >> From: [hidden email] > >> [mailto:squeak-dev- [hidden email]] On Behalf Of > >> Frank Shearar > >> Sent: Sunday, May 12, 2013 5:19 AM > >> To: The general-purpose Squeak developers list > >> Subject: Re: [squeak-dev] RE: SSL > >> > >> Hi Ron, > >> > >> I'm constructing the following expression - WebClient httpGet: > >> 'https://github.com/frankshearar/Control/zipball/master'. (This > >> redirects to > >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'. > >> ) > >> > >> The SSL connection's established. Then it looks like I receive a > >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: > >> 2 to skip a CRLF, after which we try get more data. By this time the Socket is > #otherEndClosedButNotThisEnd. > >> #skip: calls #receiveData:, which calls #receiveAvailableData, which > >> finally calls #receiveDataInto:startingAt:. And that results in > >> calling SqueakSSL >> #decrypt:from:to:into:, which returns the > SQSSL_GENERIC_ERROR. > >> > >> frank > >> > >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: > >> > Hey Frank, > >> > > >> > I tried this on my 4.1 image and it works fine. Connecting to a > >> > server doesn't > >> require a cert so this should just work. > >> > > >> > | address socket | > >> > address := NetNameResolver addressForName: 'github.com'. > >> > socket := SecureSocket newTCP. > >> > socket connectTo: address port: 443. > >> > socket waitForConnectionFor: 10. > >> > socket sslConnect. > >> > socket certState = 0 ifFalse:[ > >> > self error: 'The certificate is invalid (code: ', socket certState,')'. > >> > ]. > >> > socket sendData: > >> > 'GET / HTTP/1.0', String crlf, > >> > 'Host: github.com', String crlf, > >> > 'Connection: close', String crlf, > >> > String crlf. > >> > > >> > ^socket receiveData > >> > > >> > At what point do you get an error? > >> > > >> > > >> > All the best, > >> > > >> > Ron Teitelbaum > >> > Head Of Engineering > >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On > >> > Twitter: @RonTeitelbaum www.3dicc.com > >> > > >> > > >> >> -----Original Message----- > >> >> From: [hidden email] > >> >> [mailto:squeak-dev- [hidden email]] On Behalf > >> >> Of Frank Shearar > >> >> Sent: Saturday, May 11, 2013 6:39 PM > >> >> To: The general-purpose Squeak developers list > >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> > >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: > >> >> > Yes, I'd thought of that :) One thing that's weird, and probably > >> >> > pretty important info, is that the SqueakSSL unit tests _pass_. > >> >> > It's when I, say, try connect to https://github.com/, that > >> >> > things break in SqueakSSL >> #primitiveSSLCreate. > >> >> > > >> >> > I've been digging with strace. The SSL_connect thing happens on > >> >> > Cog because of something funny with the plugin's file, > >> >> > SqueakSSL. On an Interpreter VM, I get an error in > >> >> > SecureSocketStream >> > >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". > >> >> > >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by > >> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or > >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown). > >> >> > >> >> frank > >> >> > >> >> > So continuing my explorations with the Interpreter, I do > >> >> > actually get a WebResponse back from github, looking like this: > >> >> > > >> >> > WebResponse(HTTP/1.1 200 OK > >> >> > connection: close > >> >> > transfer-encoding: chunked > >> >> > content-type: application/zip > >> >> > content-disposition: attachment; > >> >> > filename=frankshearar-Control-e705021.zip > >> >> > date: Sat, 11 May 2013 22:19:00 GMT > >> >> > ) > >> >> > > >> >> > but the download breaks in the above-mentioned method. > >> >> > > >> >> > frank > >> >> > > >> >> > > >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: > >> >> >> Hey Frank, > >> >> >> > >> >> >> You must also have OpenSSL installed, but if this was working > >> >> >> previously then > >> >> I expect that you have it installed. > >> >> >> > >> >> >> All the best, > >> >> >> > >> >> >> Ron > >> >> >> > >> >> >>> -----Original Message----- > >> >> >>> From: [hidden email] > >> >> >>> [mailto:squeak-dev- [hidden email]] On > >> >> >>> Behalf Of Frank Shearar > >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM > >> >> >>> To: The general-purpose Squeak developers list > >> >> >>> Subject: Re: [squeak-dev] RE: SSL > >> >> >>> > >> >> >>> The build.squeak.org tests run on a CentOS box. They also fail > >> >> >>> on my Ubuntu Lucid box. I've mentioned this before: SqueakSSL > >> >> >>> used to work just fine, on Cog.r2714, and then one day stopped > >> >> >>> working. That does sound like possible cert expiration. The > >> >> >>> main trouble I have is that my debugging info is usually just > >> >> >>> "primitive failed", without any clue as to > >> >> _why_. > >> >> >>> > >> >> >>> I'll try run some things just now and report back. > >> >> >>> > >> >> >>> frank > >> >> >>> > >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: > >> >> >>> > Hello, > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > The problem is the certificate. What os is this running on? > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >> >> >>> > > >> >> >>> > 30183:error:140AD009:SSL > >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM > >> >> >>> > lib:ssl_rsa.c:491: > >> >> >>> > > >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >> >> >>> > > >> >> >>> > 30183:error:140B0009:SSL > >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM > >> >> >>> > lib:ssl_rsa.c:669: > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for > >> windows. > >> >> >>> > I'm thinking that the cert may be expired. > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. > >> >> >>> > To fix this you should create a sample cert for windows and > >> >> >>> > then point the test case to that cert, or replace the hardcoded cert. > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with > >> >> >>> > the existing SSL test code and it worked fine. So it may > >> >> >>> > not be the sample > >> >> cert. > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > Need more info. > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > All the best, > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > Ron Teitelbaum > >> >> >>> > > >> >> >>> > Head Of Engineering > >> >> >>> > > >> >> >>> > 3d Immersive Collaboration Consulting > >> >> >>> > > >> >> >>> > [hidden email] > >> >> >>> > > >> >> >>> > Follow Me On Twitter: @RonTeitelbaum > >> >> >>> > > >> >> >>> > www.3dicc.com > >> >> >>> > > >> >> >>> > 3d ICC on G+ > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> >> -----Original Message----- > >> >> >>> > > >> >> >>> >> From: [hidden email] > >> >> >>> >> [mailto:squeak-dev- > >> >> >>> > > >> >> >>> >> [hidden email]] On Behalf Of Patrick > >> >> >>> >> Shouse > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> Hi, Ron. Here's a link to one > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> You can click on the Console Ouput link on this page to see the > details. > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> >> -- > >> >> >>> > > >> >> >>> >> View this message in context: http://forum.world.st/SSL- > >> >> >>> > > >> >> >>> >> tp4686693p4686815.html > >> >> >>> > > >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >> >> >>> > > >> >> >>> >> > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > > >> >> >>> > >> >> >> > >> >> >> > >> >> >> > >> >> > >> > > >> > > >> > > >> > > > > > > > |
Hi Ron,
That's quite an old version - I'm using WebClient-Core-ar.92 (and more importantly, SqueakSSL-Core-ar.26). frank On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote: > Hi Frank, > > On my 4.1 based image this just works: > > WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master' > > I got: > > WebResponse(HTTP/1.1 200 OK > connection: close > transfer-encoding: chunked > content-type: application/zip > content-disposition: attachment; filename=frankshearar-Control-e705021.zip > date: Mon, 13 May 2013 13:17:34 GMT > > ) > > Content length was 98488 > > I checked and it is using SSL, the stream is: SecureSocketStream[inbuf:64kb/outbuf:4kb] > > What version of WebClient-Core do you have? I'm running WebClient-Core-ar.83. > > All the best, > > Ron Teitelbaum > > >> -----Original Message----- >> From: [hidden email] [mailto:squeak-dev- >> [hidden email]] On Behalf Of Frank Shearar >> Sent: Monday, May 13, 2013 2:12 AM >> To: The general-purpose Squeak developers list >> Subject: Re: [squeak-dev] RE: SSL >> >> Hi Ron, >> >> It's definitely not the redirect. WebClient merrilly follows the redirect, and I get >> partway through a download. In the decoded instvar I can see the filenames I >> expect to see. And then at some point during the download, I get the reported >> failure. PERHAPS it's because of the chunk encoding, but I'd put a low probability >> on that. >> >> Did you manage to successfully download that URL using WebClient? >> >> frank >> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: >> > Hi Frank, >> > >> > This is just a guess but maybe the redirect is to a server with a different >> certificate. Maybe after the redirect a new ssl connection needs to be made? >> Have you looked at the data you receive? Maybe it's a request to renegotiate a >> session? >> > >> > Trying this without https I get this: >> > >> > Resource interpreted as Document but transferred with MIME type >> application/zip: >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master". >> > >> > I see the permanent redirect response. >> > >> > What happens if you go directly to the redirected link? >> > >> > All the best, >> > >> > Ron Teitelbaum >> > >> >> -----Original Message----- >> >> From: [hidden email] >> >> [mailto:squeak-dev- [hidden email]] On Behalf Of >> >> Frank Shearar >> >> Sent: Sunday, May 12, 2013 5:19 AM >> >> To: The general-purpose Squeak developers list >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> Hi Ron, >> >> >> >> I'm constructing the following expression - WebClient httpGet: >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This >> >> redirects to >> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'. >> >> ) >> >> >> >> The SSL connection's established. Then it looks like I receive a >> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: >> >> 2 to skip a CRLF, after which we try get more data. By this time the Socket is >> #otherEndClosedButNotThisEnd. >> >> #skip: calls #receiveData:, which calls #receiveAvailableData, which >> >> finally calls #receiveDataInto:startingAt:. And that results in >> >> calling SqueakSSL >> #decrypt:from:to:into:, which returns the >> SQSSL_GENERIC_ERROR. >> >> >> >> frank >> >> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: >> >> > Hey Frank, >> >> > >> >> > I tried this on my 4.1 image and it works fine. Connecting to a >> >> > server doesn't >> >> require a cert so this should just work. >> >> > >> >> > | address socket | >> >> > address := NetNameResolver addressForName: 'github.com'. >> >> > socket := SecureSocket newTCP. >> >> > socket connectTo: address port: 443. >> >> > socket waitForConnectionFor: 10. >> >> > socket sslConnect. >> >> > socket certState = 0 ifFalse:[ >> >> > self error: 'The certificate is invalid (code: ', socket certState,')'. >> >> > ]. >> >> > socket sendData: >> >> > 'GET / HTTP/1.0', String crlf, >> >> > 'Host: github.com', String crlf, >> >> > 'Connection: close', String crlf, >> >> > String crlf. >> >> > >> >> > ^socket receiveData >> >> > >> >> > At what point do you get an error? >> >> > >> >> > >> >> > All the best, >> >> > >> >> > Ron Teitelbaum >> >> > Head Of Engineering >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On >> >> > Twitter: @RonTeitelbaum www.3dicc.com >> >> > >> >> > >> >> >> -----Original Message----- >> >> >> From: [hidden email] >> >> >> [mailto:squeak-dev- [hidden email]] On Behalf >> >> >> Of Frank Shearar >> >> >> Sent: Saturday, May 11, 2013 6:39 PM >> >> >> To: The general-purpose Squeak developers list >> >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> wrote: >> >> >> > Yes, I'd thought of that :) One thing that's weird, and probably >> >> >> > pretty important info, is that the SqueakSSL unit tests _pass_. >> >> >> > It's when I, say, try connect to https://github.com/, that >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate. >> >> >> > >> >> >> > I've been digging with strace. The SSL_connect thing happens on >> >> >> > Cog because of something funny with the plugin's file, >> >> >> > SqueakSSL. On an Interpreter VM, I get an error in >> >> >> > SecureSocketStream >> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". >> >> >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned by >> >> >> SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or >> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown). >> >> >> >> >> >> frank >> >> >> >> >> >> > So continuing my explorations with the Interpreter, I do >> >> >> > actually get a WebResponse back from github, looking like this: >> >> >> > >> >> >> > WebResponse(HTTP/1.1 200 OK >> >> >> > connection: close >> >> >> > transfer-encoding: chunked >> >> >> > content-type: application/zip >> >> >> > content-disposition: attachment; >> >> >> > filename=frankshearar-Control-e705021.zip >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT >> >> >> > ) >> >> >> > >> >> >> > but the download breaks in the above-mentioned method. >> >> >> > >> >> >> > frank >> >> >> > >> >> >> > >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> wrote: >> >> >> >> Hey Frank, >> >> >> >> >> >> >> >> You must also have OpenSSL installed, but if this was working >> >> >> >> previously then >> >> >> I expect that you have it installed. >> >> >> >> >> >> >> >> All the best, >> >> >> >> >> >> >> >> Ron >> >> >> >> >> >> >> >>> -----Original Message----- >> >> >> >>> From: [hidden email] >> >> >> >>> [mailto:squeak-dev- [hidden email]] On >> >> >> >>> Behalf Of Frank Shearar >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM >> >> >> >>> To: The general-purpose Squeak developers list >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL >> >> >> >>> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They also fail >> >> >> >>> on my Ubuntu Lucid box. I've mentioned this before: SqueakSSL >> >> >> >>> used to work just fine, on Cog.r2714, and then one day stopped >> >> >> >>> working. That does sound like possible cert expiration. The >> >> >> >>> main trouble I have is that my debugging info is usually just >> >> >> >>> "primitive failed", without any clue as to >> >> >> _why_. >> >> >> >>> >> >> >> >>> I'll try run some things just now and report back. >> >> >> >>> >> >> >> >>> frank >> >> >> >>> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> wrote: >> >> >> >>> > Hello, >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > The problem is the certificate. What os is this running on? >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE >> >> >> >>> > >> >> >> >>> > 30183:error:140AD009:SSL >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM >> >> >> >>> > lib:ssl_rsa.c:491: >> >> >> >>> > >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >> >> >> >>> > >> >> >> >>> > 30183:error:140B0009:SSL >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM >> >> >> >>> > lib:ssl_rsa.c:669: >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded for >> >> windows. >> >> >> >>> > I'm thinking that the cert may be expired. >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. >> >> >> >>> > To fix this you should create a sample cert for windows and >> >> >> >>> > then point the test case to that cert, or replace the hardcoded cert. >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, with >> >> >> >>> > the existing SSL test code and it worked fine. So it may >> >> >> >>> > not be the sample >> >> >> cert. >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > Need more info. >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > All the best, >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > Ron Teitelbaum >> >> >> >>> > >> >> >> >>> > Head Of Engineering >> >> >> >>> > >> >> >> >>> > 3d Immersive Collaboration Consulting >> >> >> >>> > >> >> >> >>> > [hidden email] >> >> >> >>> > >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum >> >> >> >>> > >> >> >> >>> > www.3dicc.com >> >> >> >>> > >> >> >> >>> > 3d ICC on G+ >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> >> -----Original Message----- >> >> >> >>> > >> >> >> >>> >> From: [hidden email] >> >> >> >>> >> [mailto:squeak-dev- >> >> >> >>> > >> >> >> >>> >> [hidden email]] On Behalf Of Patrick >> >> >> >>> >> Shouse >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> Hi, Ron. Here's a link to one >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/82/ >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> You can click on the Console Ouput link on this page to see the >> details. >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> >> -- >> >> >> >>> > >> >> >> >>> >> View this message in context: http://forum.world.st/SSL- >> >> >> >>> > >> >> >> >>> >> tp4686693p4686815.html >> >> >> >>> > >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >> >> >> >>> > >> >> >> >>> >> >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> > >> >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> > >> >> > >> >> >> > >> > >> > >> > > > |
Hi Frank,
I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they would affect you. I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine. WebResponse(HTTP/1.1 200 OK connection: close transfer-encoding: chunked content-type: application/zip content-disposition: attachment; filename=frankshearar-Control-e705021.zip date: Mon, 13 May 2013 17:32:08 GMT ) I checked this on CentOS and Win 7 and they both work fine on a 4.1 based image. So far I can't get it to break. What image and vm should I use to reproduce the problem? All the best, Ron Teitelbaum > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Monday, May 13, 2013 9:41 AM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > Hi Ron, > > That's quite an old version - I'm using WebClient-Core-ar.92 (and more > importantly, SqueakSSL-Core-ar.26). > > frank > > On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote: > > Hi Frank, > > > > On my 4.1 based image this just works: > > > > WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master' > > > > I got: > > > > WebResponse(HTTP/1.1 200 OK > > connection: close > > transfer-encoding: chunked > > content-type: application/zip > > content-disposition: attachment; > > filename=frankshearar-Control-e705021.zip > > date: Mon, 13 May 2013 13:17:34 GMT > > > > ) > > > > Content length was 98488 > > > > I checked and it is using SSL, the stream is: > > SecureSocketStream[inbuf:64kb/outbuf:4kb] > > > > What version of WebClient-Core do you have? I'm running WebClient-Core- > ar.83. > > > > All the best, > > > > Ron Teitelbaum > > > > > >> -----Original Message----- > >> From: [hidden email] > >> [mailto:squeak-dev- [hidden email]] On Behalf Of > >> Frank Shearar > >> Sent: Monday, May 13, 2013 2:12 AM > >> To: The general-purpose Squeak developers list > >> Subject: Re: [squeak-dev] RE: SSL > >> > >> Hi Ron, > >> > >> It's definitely not the redirect. WebClient merrilly follows the > >> redirect, and I get partway through a download. In the decoded > >> instvar I can see the filenames I expect to see. And then at some > >> point during the download, I get the reported failure. PERHAPS it's > >> because of the chunk encoding, but I'd put a low probability on that. > >> > >> Did you manage to successfully download that URL using WebClient? > >> > >> frank > >> > >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: > >> > Hi Frank, > >> > > >> > This is just a guess but maybe the redirect is to a server with a > >> > different > >> certificate. Maybe after the redirect a new ssl connection needs to be made? > >> Have you looked at the data you receive? Maybe it's a request to > >> renegotiate a session? > >> > > >> > Trying this without https I get this: > >> > > >> > Resource interpreted as Document but transferred with MIME type > >> application/zip: > >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master". > >> > > >> > I see the permanent redirect response. > >> > > >> > What happens if you go directly to the redirected link? > >> > > >> > All the best, > >> > > >> > Ron Teitelbaum > >> > > >> >> -----Original Message----- > >> >> From: [hidden email] > >> >> [mailto:squeak-dev- [hidden email]] On Behalf > >> >> Of Frank Shearar > >> >> Sent: Sunday, May 12, 2013 5:19 AM > >> >> To: The general-purpose Squeak developers list > >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> > >> >> Hi Ron, > >> >> > >> >> I'm constructing the following expression - WebClient httpGet: > >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This > >> >> redirects to > >> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'. > >> >> ) > >> >> > >> >> The SSL connection's established. Then it looks like I receive a > >> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: > >> >> 2 to skip a CRLF, after which we try get more data. By this time > >> >> the Socket is > >> #otherEndClosedButNotThisEnd. > >> >> #skip: calls #receiveData:, which calls #receiveAvailableData, > >> >> which finally calls #receiveDataInto:startingAt:. And that results > >> >> in calling SqueakSSL >> #decrypt:from:to:into:, which returns the > >> SQSSL_GENERIC_ERROR. > >> >> > >> >> frank > >> >> > >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: > >> >> > Hey Frank, > >> >> > > >> >> > I tried this on my 4.1 image and it works fine. Connecting to a > >> >> > server doesn't > >> >> require a cert so this should just work. > >> >> > > >> >> > | address socket | > >> >> > address := NetNameResolver addressForName: 'github.com'. > >> >> > socket := SecureSocket newTCP. > >> >> > socket connectTo: address port: 443. > >> >> > socket waitForConnectionFor: 10. > >> >> > socket sslConnect. > >> >> > socket certState = 0 ifFalse:[ > >> >> > self error: 'The certificate is invalid (code: ', socket certState,')'. > >> >> > ]. > >> >> > socket sendData: > >> >> > 'GET / HTTP/1.0', String crlf, > >> >> > 'Host: github.com', String crlf, > >> >> > 'Connection: close', String crlf, > >> >> > String crlf. > >> >> > > >> >> > ^socket receiveData > >> >> > > >> >> > At what point do you get an error? > >> >> > > >> >> > > >> >> > All the best, > >> >> > > >> >> > Ron Teitelbaum > >> >> > Head Of Engineering > >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On > >> >> > Twitter: @RonTeitelbaum www.3dicc.com > >> >> > > >> >> > > >> >> >> -----Original Message----- > >> >> >> From: [hidden email] > >> >> >> [mailto:squeak-dev- [hidden email]] On > >> >> >> Behalf Of Frank Shearar > >> >> >> Sent: Saturday, May 11, 2013 6:39 PM > >> >> >> To: The general-purpose Squeak developers list > >> >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> >> > >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> > wrote: > >> >> >> > Yes, I'd thought of that :) One thing that's weird, and > >> >> >> > probably pretty important info, is that the SqueakSSL unit tests > _pass_. > >> >> >> > It's when I, say, try connect to https://github.com/, that > >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate. > >> >> >> > > >> >> >> > I've been digging with strace. The SSL_connect thing happens > >> >> >> > on Cog because of something funny with the plugin's file, > >> >> >> > SqueakSSL. On an Interpreter VM, I get an error in > >> >> >> > SecureSocketStream >> > >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". > >> >> >> > >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned > >> >> >> by SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or > >> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown). > >> >> >> > >> >> >> frank > >> >> >> > >> >> >> > So continuing my explorations with the Interpreter, I do > >> >> >> > actually get a WebResponse back from github, looking like this: > >> >> >> > > >> >> >> > WebResponse(HTTP/1.1 200 OK > >> >> >> > connection: close > >> >> >> > transfer-encoding: chunked > >> >> >> > content-type: application/zip > >> >> >> > content-disposition: attachment; > >> >> >> > filename=frankshearar-Control-e705021.zip > >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT > >> >> >> > ) > >> >> >> > > >> >> >> > but the download breaks in the above-mentioned method. > >> >> >> > > >> >> >> > frank > >> >> >> > > >> >> >> > > >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> > wrote: > >> >> >> >> Hey Frank, > >> >> >> >> > >> >> >> >> You must also have OpenSSL installed, but if this was > >> >> >> >> working previously then > >> >> >> I expect that you have it installed. > >> >> >> >> > >> >> >> >> All the best, > >> >> >> >> > >> >> >> >> Ron > >> >> >> >> > >> >> >> >>> -----Original Message----- > >> >> >> >>> From: [hidden email] > >> >> >> >>> [mailto:squeak-dev- [hidden email]] On > >> >> >> >>> Behalf Of Frank Shearar > >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM > >> >> >> >>> To: The general-purpose Squeak developers list > >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL > >> >> >> >>> > >> >> >> >>> The build.squeak.org tests run on a CentOS box. They also > >> >> >> >>> fail on my Ubuntu Lucid box. I've mentioned this before: > >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then > >> >> >> >>> one day stopped working. That does sound like possible cert > >> >> >> >>> expiration. The main trouble I have is that my debugging > >> >> >> >>> info is usually just "primitive failed", without any clue > >> >> >> >>> as to > >> >> >> _why_. > >> >> >> >>> > >> >> >> >>> I'll try run some things just now and report back. > >> >> >> >>> > >> >> >> >>> frank > >> >> >> >>> > >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> > wrote: > >> >> >> >>> > Hello, > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > The problem is the certificate. What os is this running on? > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >> >> >> >>> > > >> >> >> >>> > 30183:error:140AD009:SSL > >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM > >> >> >> >>> > lib:ssl_rsa.c:491: > >> >> >> >>> > > >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >> >> >> >>> > > >> >> >> >>> > 30183:error:140B0009:SSL > >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM > >> >> >> >>> > lib:ssl_rsa.c:669: > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded > >> >> >> >>> > for > >> >> windows. > >> >> >> >>> > I'm thinking that the cert may be expired. > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. > >> >> >> >>> > To fix this you should create a sample cert for windows > >> >> >> >>> > and then point the test case to that cert, or replace the > hardcoded cert. > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, > >> >> >> >>> > with the existing SSL test code and it worked fine. So > >> >> >> >>> > it may not be the sample > >> >> >> cert. > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > Need more info. > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > All the best, > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > Ron Teitelbaum > >> >> >> >>> > > >> >> >> >>> > Head Of Engineering > >> >> >> >>> > > >> >> >> >>> > 3d Immersive Collaboration Consulting > >> >> >> >>> > > >> >> >> >>> > [hidden email] > >> >> >> >>> > > >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum > >> >> >> >>> > > >> >> >> >>> > www.3dicc.com > >> >> >> >>> > > >> >> >> >>> > 3d ICC on G+ > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> >> -----Original Message----- > >> >> >> >>> > > >> >> >> >>> >> From: [hidden email] > >> >> >> >>> >> [mailto:squeak-dev- > >> >> >> >>> > > >> >> >> >>> >> [hidden email]] On Behalf Of Patrick > >> >> >> >>> >> Shouse > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> Hi, Ron. Here's a link to one > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/8 > >> >> >> >>> >> 2/ > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> You can click on the Console Ouput link on this page to > >> >> >> >>> >> see the > >> details. > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> >> -- > >> >> >> >>> > > >> >> >> >>> >> View this message in context: http://forum.world.st/SSL- > >> >> >> >>> > > >> >> >> >>> >> tp4686693p4686815.html > >> >> >> >>> > > >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. > >> >> >> >>> > > >> >> >> >>> >> > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > > >> >> >> >>> > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > >> > > > > > > > |
Hi Ron,
If I use a Cog r.2714 I get a primitiveCreateSSL error because the SqueakSSL plugin there has some weird linking problem. So I've been using the latest Unix Interpreter VM, 4.10.2.2614. I build them fresh using some Ruby. I usually use a 4.5 era image. I see the errors on Lucid Lynx, but (and I must stress this), this used to work! frank [1] If you download a copy of the squeak-ci environment (https://github.com/frankshearar/squeak-ci/archive/master.zip) you can recreate this VM with `rake build`. This will build an Interpreter VM, download SqueakSSL.so and put it in the right place. On 13 May 2013 18:42, Ron Teitelbaum <[hidden email]> wrote: > Hi Frank, > > I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they would affect you. > > I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine. > > WebResponse(HTTP/1.1 200 OK > connection: close > transfer-encoding: chunked > content-type: application/zip > content-disposition: attachment; filename=frankshearar-Control-e705021.zip > date: Mon, 13 May 2013 17:32:08 GMT > > ) > > I checked this on CentOS and Win 7 and they both work fine on a 4.1 based image. > > So far I can't get it to break. What image and vm should I use to reproduce the problem? > > All the best, > > Ron Teitelbaum > > >> -----Original Message----- >> From: [hidden email] [mailto:squeak-dev- >> [hidden email]] On Behalf Of Frank Shearar >> Sent: Monday, May 13, 2013 9:41 AM >> To: The general-purpose Squeak developers list >> Subject: Re: [squeak-dev] RE: SSL >> >> Hi Ron, >> >> That's quite an old version - I'm using WebClient-Core-ar.92 (and more >> importantly, SqueakSSL-Core-ar.26). >> >> frank >> >> On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote: >> > Hi Frank, >> > >> > On my 4.1 based image this just works: >> > >> > WebClient httpGet: 'https://github.com/frankshearar/Control/zipball/master' >> > >> > I got: >> > >> > WebResponse(HTTP/1.1 200 OK >> > connection: close >> > transfer-encoding: chunked >> > content-type: application/zip >> > content-disposition: attachment; >> > filename=frankshearar-Control-e705021.zip >> > date: Mon, 13 May 2013 13:17:34 GMT >> > >> > ) >> > >> > Content length was 98488 >> > >> > I checked and it is using SSL, the stream is: >> > SecureSocketStream[inbuf:64kb/outbuf:4kb] >> > >> > What version of WebClient-Core do you have? I'm running WebClient-Core- >> ar.83. >> > >> > All the best, >> > >> > Ron Teitelbaum >> > >> > >> >> -----Original Message----- >> >> From: [hidden email] >> >> [mailto:squeak-dev- [hidden email]] On Behalf Of >> >> Frank Shearar >> >> Sent: Monday, May 13, 2013 2:12 AM >> >> To: The general-purpose Squeak developers list >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> Hi Ron, >> >> >> >> It's definitely not the redirect. WebClient merrilly follows the >> >> redirect, and I get partway through a download. In the decoded >> >> instvar I can see the filenames I expect to see. And then at some >> >> point during the download, I get the reported failure. PERHAPS it's >> >> because of the chunk encoding, but I'd put a low probability on that. >> >> >> >> Did you manage to successfully download that URL using WebClient? >> >> >> >> frank >> >> >> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: >> >> > Hi Frank, >> >> > >> >> > This is just a guess but maybe the redirect is to a server with a >> >> > different >> >> certificate. Maybe after the redirect a new ssl connection needs to be made? >> >> Have you looked at the data you receive? Maybe it's a request to >> >> renegotiate a session? >> >> > >> >> > Trying this without https I get this: >> >> > >> >> > Resource interpreted as Document but transferred with MIME type >> >> application/zip: >> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master". >> >> > >> >> > I see the permanent redirect response. >> >> > >> >> > What happens if you go directly to the redirected link? >> >> > >> >> > All the best, >> >> > >> >> > Ron Teitelbaum >> >> > >> >> >> -----Original Message----- >> >> >> From: [hidden email] >> >> >> [mailto:squeak-dev- [hidden email]] On Behalf >> >> >> Of Frank Shearar >> >> >> Sent: Sunday, May 12, 2013 5:19 AM >> >> >> To: The general-purpose Squeak developers list >> >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> >> >> Hi Ron, >> >> >> >> >> >> I'm constructing the following expression - WebClient httpGet: >> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This >> >> >> redirects to >> >> >> 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'. >> >> >> ) >> >> >> >> >> >> The SSL connection's established. Then it looks like I receive a >> >> >> chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: >> >> >> 2 to skip a CRLF, after which we try get more data. By this time >> >> >> the Socket is >> >> #otherEndClosedButNotThisEnd. >> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData, >> >> >> which finally calls #receiveDataInto:startingAt:. And that results >> >> >> in calling SqueakSSL >> #decrypt:from:to:into:, which returns the >> >> SQSSL_GENERIC_ERROR. >> >> >> >> >> >> frank >> >> >> >> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: >> >> >> > Hey Frank, >> >> >> > >> >> >> > I tried this on my 4.1 image and it works fine. Connecting to a >> >> >> > server doesn't >> >> >> require a cert so this should just work. >> >> >> > >> >> >> > | address socket | >> >> >> > address := NetNameResolver addressForName: 'github.com'. >> >> >> > socket := SecureSocket newTCP. >> >> >> > socket connectTo: address port: 443. >> >> >> > socket waitForConnectionFor: 10. >> >> >> > socket sslConnect. >> >> >> > socket certState = 0 ifFalse:[ >> >> >> > self error: 'The certificate is invalid (code: ', socket certState,')'. >> >> >> > ]. >> >> >> > socket sendData: >> >> >> > 'GET / HTTP/1.0', String crlf, >> >> >> > 'Host: github.com', String crlf, >> >> >> > 'Connection: close', String crlf, >> >> >> > String crlf. >> >> >> > >> >> >> > ^socket receiveData >> >> >> > >> >> >> > At what point do you get an error? >> >> >> > >> >> >> > >> >> >> > All the best, >> >> >> > >> >> >> > Ron Teitelbaum >> >> >> > Head Of Engineering >> >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me On >> >> >> > Twitter: @RonTeitelbaum www.3dicc.com >> >> >> > >> >> >> > >> >> >> >> -----Original Message----- >> >> >> >> From: [hidden email] >> >> >> >> [mailto:squeak-dev- [hidden email]] On >> >> >> >> Behalf Of Frank Shearar >> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM >> >> >> >> To: The general-purpose Squeak developers list >> >> >> >> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> >> >> >> >> On 11 May 2013 23:24, Frank Shearar <[hidden email]> >> wrote: >> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and >> >> >> >> > probably pretty important info, is that the SqueakSSL unit tests >> _pass_. >> >> >> >> > It's when I, say, try connect to https://github.com/, that >> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate. >> >> >> >> > >> >> >> >> > I've been digging with strace. The SSL_connect thing happens >> >> >> >> > on Cog because of something funny with the plugin's file, >> >> >> >> > SqueakSSL. On an Interpreter VM, I get an error in >> >> >> >> > SecureSocketStream >> >> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". >> >> >> >> >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error returned >> >> >> >> by SSL_read isn't SSL_ERROR_WANT_READ (renegotiation) or >> >> >> >> SSL_ERROR_ZERO_RETURN (a clean shutdown). >> >> >> >> >> >> >> >> frank >> >> >> >> >> >> >> >> > So continuing my explorations with the Interpreter, I do >> >> >> >> > actually get a WebResponse back from github, looking like this: >> >> >> >> > >> >> >> >> > WebResponse(HTTP/1.1 200 OK >> >> >> >> > connection: close >> >> >> >> > transfer-encoding: chunked >> >> >> >> > content-type: application/zip >> >> >> >> > content-disposition: attachment; >> >> >> >> > filename=frankshearar-Control-e705021.zip >> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT >> >> >> >> > ) >> >> >> >> > >> >> >> >> > but the download breaks in the above-mentioned method. >> >> >> >> > >> >> >> >> > frank >> >> >> >> > >> >> >> >> > >> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> >> wrote: >> >> >> >> >> Hey Frank, >> >> >> >> >> >> >> >> >> >> You must also have OpenSSL installed, but if this was >> >> >> >> >> working previously then >> >> >> >> I expect that you have it installed. >> >> >> >> >> >> >> >> >> >> All the best, >> >> >> >> >> >> >> >> >> >> Ron >> >> >> >> >> >> >> >> >> >>> -----Original Message----- >> >> >> >> >>> From: [hidden email] >> >> >> >> >>> [mailto:squeak-dev- [hidden email]] On >> >> >> >> >>> Behalf Of Frank Shearar >> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM >> >> >> >> >>> To: The general-purpose Squeak developers list >> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL >> >> >> >> >>> >> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They also >> >> >> >> >>> fail on my Ubuntu Lucid box. I've mentioned this before: >> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then >> >> >> >> >>> one day stopped working. That does sound like possible cert >> >> >> >> >>> expiration. The main trouble I have is that my debugging >> >> >> >> >>> info is usually just "primitive failed", without any clue >> >> >> >> >>> as to >> >> >> >> _why_. >> >> >> >> >>> >> >> >> >> >>> I'll try run some things just now and report back. >> >> >> >> >>> >> >> >> >> >>> frank >> >> >> >> >>> >> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> >> wrote: >> >> >> >> >>> > Hello, >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > The problem is the certificate. What os is this running on? >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE >> >> >> >> >>> > >> >> >> >> >>> > 30183:error:140AD009:SSL >> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM >> >> >> >> >>> > lib:ssl_rsa.c:491: >> >> >> >> >>> > >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY >> >> >> >> >>> > >> >> >> >> >>> > 30183:error:140B0009:SSL >> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM >> >> >> >> >>> > lib:ssl_rsa.c:669: >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is hardcoded >> >> >> >> >>> > for >> >> >> windows. >> >> >> >> >>> > I'm thinking that the cert may be expired. >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. >> >> >> >> >>> > To fix this you should create a sample cert for windows >> >> >> >> >>> > and then point the test case to that cert, or replace the >> hardcoded cert. >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, >> >> >> >> >>> > with the existing SSL test code and it worked fine. So >> >> >> >> >>> > it may not be the sample >> >> >> >> cert. >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > Need more info. >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > All the best, >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > Ron Teitelbaum >> >> >> >> >>> > >> >> >> >> >>> > Head Of Engineering >> >> >> >> >>> > >> >> >> >> >>> > 3d Immersive Collaboration Consulting >> >> >> >> >>> > >> >> >> >> >>> > [hidden email] >> >> >> >> >>> > >> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum >> >> >> >> >>> > >> >> >> >> >>> > www.3dicc.com >> >> >> >> >>> > >> >> >> >> >>> > 3d ICC on G+ >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> >> -----Original Message----- >> >> >> >> >>> > >> >> >> >> >>> >> From: [hidden email] >> >> >> >> >>> >> [mailto:squeak-dev- >> >> >> >> >>> > >> >> >> >> >>> >> [hidden email]] On Behalf Of Patrick >> >> >> >> >>> >> Shouse >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> Hi, Ron. Here's a link to one >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4.3/8 >> >> >> >> >>> >> 2/ >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> You can click on the Console Ouput link on this page to >> >> >> >> >>> >> see the >> >> details. >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> >> -- >> >> >> >> >>> > >> >> >> >> >>> >> View this message in context: http://forum.world.st/SSL- >> >> >> >> >>> > >> >> >> >> >>> >> tp4686693p4686815.html >> >> >> >> >>> > >> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at Nabble.com. >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> > >> >> >> >> >>> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> >> >> > >> >> > >> >> > >> >> >> > >> > >> > >> > > > |
Hi Frank,
It failed to build: no such file to load -- ci/reporter/rake/rspec All the best, Ron > -----Original Message----- > From: [hidden email] [mailto:squeak-dev- > [hidden email]] On Behalf Of Frank Shearar > Sent: Monday, May 13, 2013 1:54 PM > To: The general-purpose Squeak developers list > Subject: Re: [squeak-dev] RE: SSL > > Hi Ron, > > If I use a Cog r.2714 I get a primitiveCreateSSL error because the SqueakSSL > plugin there has some weird linking problem. > > So I've been using the latest Unix Interpreter VM, 4.10.2.2614. I build them fresh > using some Ruby. I usually use a 4.5 era image. I see the errors on Lucid Lynx, > but (and I must stress this), this used to work! > > frank > > [1] If you download a copy of the squeak-ci environment > (https://github.com/frankshearar/squeak-ci/archive/master.zip) you can > recreate this VM with `rake build`. This will build an Interpreter VM, download > SqueakSSL.so and put it in the right place. > > On 13 May 2013 18:42, Ron Teitelbaum <[hidden email]> wrote: > > Hi Frank, > > > > I'm using SqueakSSL-Core-RJT.29.mcz but the changes don't look like they > would affect you. > > > > I tried loading SqueakSSL-Core-ar.26.mcz and it still worked fine. > > > > WebResponse(HTTP/1.1 200 OK > > connection: close > > transfer-encoding: chunked > > content-type: application/zip > > content-disposition: attachment; > > filename=frankshearar-Control-e705021.zip > > date: Mon, 13 May 2013 17:32:08 GMT > > > > ) > > > > I checked this on CentOS and Win 7 and they both work fine on a 4.1 based > image. > > > > So far I can't get it to break. What image and vm should I use to reproduce the > problem? > > > > All the best, > > > > Ron Teitelbaum > > > > > >> -----Original Message----- > >> From: [hidden email] > >> [mailto:squeak-dev- [hidden email]] On Behalf Of > >> Frank Shearar > >> Sent: Monday, May 13, 2013 9:41 AM > >> To: The general-purpose Squeak developers list > >> Subject: Re: [squeak-dev] RE: SSL > >> > >> Hi Ron, > >> > >> That's quite an old version - I'm using WebClient-Core-ar.92 (and > >> more importantly, SqueakSSL-Core-ar.26). > >> > >> frank > >> > >> On 13 May 2013 14:31, Ron Teitelbaum <[hidden email]> wrote: > >> > Hi Frank, > >> > > >> > On my 4.1 based image this just works: > >> > > >> > WebClient httpGet: > 'https://github.com/frankshearar/Control/zipball/master' > >> > > >> > I got: > >> > > >> > WebResponse(HTTP/1.1 200 OK > >> > connection: close > >> > transfer-encoding: chunked > >> > content-type: application/zip > >> > content-disposition: attachment; > >> > filename=frankshearar-Control-e705021.zip > >> > date: Mon, 13 May 2013 13:17:34 GMT > >> > > >> > ) > >> > > >> > Content length was 98488 > >> > > >> > I checked and it is using SSL, the stream is: > >> > SecureSocketStream[inbuf:64kb/outbuf:4kb] > >> > > >> > What version of WebClient-Core do you have? I'm running > >> > WebClient-Core- > >> ar.83. > >> > > >> > All the best, > >> > > >> > Ron Teitelbaum > >> > > >> > > >> >> -----Original Message----- > >> >> From: [hidden email] > >> >> [mailto:squeak-dev- [hidden email]] On Behalf > >> >> Of Frank Shearar > >> >> Sent: Monday, May 13, 2013 2:12 AM > >> >> To: The general-purpose Squeak developers list > >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> > >> >> Hi Ron, > >> >> > >> >> It's definitely not the redirect. WebClient merrilly follows the > >> >> redirect, and I get partway through a download. In the decoded > >> >> instvar I can see the filenames I expect to see. And then at some > >> >> point during the download, I get the reported failure. PERHAPS > >> >> it's because of the chunk encoding, but I'd put a low probability on that. > >> >> > >> >> Did you manage to successfully download that URL using WebClient? > >> >> > >> >> frank > >> >> > >> >> On 13 May 2013 01:59, Ron Teitelbaum <[hidden email]> wrote: > >> >> > Hi Frank, > >> >> > > >> >> > This is just a guess but maybe the redirect is to a server with > >> >> > a different > >> >> certificate. Maybe after the redirect a new ssl connection needs to be > made? > >> >> Have you looked at the data you receive? Maybe it's a request to > >> >> renegotiate a session? > >> >> > > >> >> > Trying this without https I get this: > >> >> > > >> >> > Resource interpreted as Document but transferred with MIME type > >> >> application/zip: > >> >> "https://codeload.github.com/frankshearar/Control/legacy.zip/master". > >> >> > > >> >> > I see the permanent redirect response. > >> >> > > >> >> > What happens if you go directly to the redirected link? > >> >> > > >> >> > All the best, > >> >> > > >> >> > Ron Teitelbaum > >> >> > > >> >> >> -----Original Message----- > >> >> >> From: [hidden email] > >> >> >> [mailto:squeak-dev- [hidden email]] On > >> >> >> Behalf Of Frank Shearar > >> >> >> Sent: Sunday, May 12, 2013 5:19 AM > >> >> >> To: The general-purpose Squeak developers list > >> >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> >> > >> >> >> Hi Ron, > >> >> >> > >> >> >> I'm constructing the following expression - WebClient httpGet: > >> >> >> 'https://github.com/frankshearar/Control/zipball/master'. (This > >> >> >> redirects to > >> >> >> > 'https://codeload.github.com/frankshearar/Control/legacy.zip/master'. > >> >> >> ) > >> >> >> > >> >> >> The SSL connection's established. Then it looks like I receive > >> >> >> a chunk or 16372 bytes (in #chunkFrom:to:progress:). That calls #skip: > >> >> >> 2 to skip a CRLF, after which we try get more data. By this > >> >> >> time the Socket is > >> >> #otherEndClosedButNotThisEnd. > >> >> >> #skip: calls #receiveData:, which calls #receiveAvailableData, > >> >> >> which finally calls #receiveDataInto:startingAt:. And that > >> >> >> results in calling SqueakSSL >> #decrypt:from:to:into:, which > >> >> >> returns the > >> >> SQSSL_GENERIC_ERROR. > >> >> >> > >> >> >> frank > >> >> >> > >> >> >> On 12 May 2013 02:34, Ron Teitelbaum <[hidden email]> wrote: > >> >> >> > Hey Frank, > >> >> >> > > >> >> >> > I tried this on my 4.1 image and it works fine. Connecting > >> >> >> > to a server doesn't > >> >> >> require a cert so this should just work. > >> >> >> > > >> >> >> > | address socket | > >> >> >> > address := NetNameResolver addressForName: 'github.com'. > >> >> >> > socket := SecureSocket newTCP. > >> >> >> > socket connectTo: address port: 443. > >> >> >> > socket waitForConnectionFor: 10. > >> >> >> > socket sslConnect. > >> >> >> > socket certState = 0 ifFalse:[ > >> >> >> > self error: 'The certificate is invalid (code: ', socket > certState,')'. > >> >> >> > ]. > >> >> >> > socket sendData: > >> >> >> > 'GET / HTTP/1.0', String crlf, > >> >> >> > 'Host: github.com', String crlf, > >> >> >> > 'Connection: close', String crlf, > >> >> >> > String crlf. > >> >> >> > > >> >> >> > ^socket receiveData > >> >> >> > > >> >> >> > At what point do you get an error? > >> >> >> > > >> >> >> > > >> >> >> > All the best, > >> >> >> > > >> >> >> > Ron Teitelbaum > >> >> >> > Head Of Engineering > >> >> >> > 3d Immersive Collaboration Consulting [hidden email] Follow Me > >> >> >> > On > >> >> >> > Twitter: @RonTeitelbaum www.3dicc.com > >> >> >> > > >> >> >> > > >> >> >> >> -----Original Message----- > >> >> >> >> From: [hidden email] > >> >> >> >> [mailto:squeak-dev- [hidden email]] On > >> >> >> >> Behalf Of Frank Shearar > >> >> >> >> Sent: Saturday, May 11, 2013 6:39 PM > >> >> >> >> To: The general-purpose Squeak developers list > >> >> >> >> Subject: Re: [squeak-dev] RE: SSL > >> >> >> >> > >> >> >> >> On 11 May 2013 23:24, Frank Shearar > >> >> >> >> <[hidden email]> > >> wrote: > >> >> >> >> > Yes, I'd thought of that :) One thing that's weird, and > >> >> >> >> > probably pretty important info, is that the SqueakSSL unit > >> >> >> >> > tests > >> _pass_. > >> >> >> >> > It's when I, say, try connect to https://github.com/, that > >> >> >> >> > things break in SqueakSSL >> #primitiveSSLCreate. > >> >> >> >> > > >> >> >> >> > I've been digging with strace. The SSL_connect thing > >> >> >> >> > happens on Cog because of something funny with the > >> >> >> >> > plugin's file, SqueakSSL. On an Interpreter VM, I get an > >> >> >> >> > error in SecureSocketStream >> > >> >> >> >> > #receiveDataInto:startingAt: - "SSL error, code: -5". > >> >> >> >> > >> >> >> >> -5 is SQSSL_GENERIC_ERROR. That means that the error > >> >> >> >> returned by SSL_read isn't SSL_ERROR_WANT_READ > >> >> >> >> (renegotiation) or SSL_ERROR_ZERO_RETURN (a clean shutdown). > >> >> >> >> > >> >> >> >> frank > >> >> >> >> > >> >> >> >> > So continuing my explorations with the Interpreter, I do > >> >> >> >> > actually get a WebResponse back from github, looking like this: > >> >> >> >> > > >> >> >> >> > WebResponse(HTTP/1.1 200 OK > >> >> >> >> > connection: close > >> >> >> >> > transfer-encoding: chunked > >> >> >> >> > content-type: application/zip > >> >> >> >> > content-disposition: attachment; > >> >> >> >> > filename=frankshearar-Control-e705021.zip > >> >> >> >> > date: Sat, 11 May 2013 22:19:00 GMT > >> >> >> >> > ) > >> >> >> >> > > >> >> >> >> > but the download breaks in the above-mentioned method. > >> >> >> >> > > >> >> >> >> > frank > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > On 11 May 2013 20:43, Ron Teitelbaum <[hidden email]> > >> wrote: > >> >> >> >> >> Hey Frank, > >> >> >> >> >> > >> >> >> >> >> You must also have OpenSSL installed, but if this was > >> >> >> >> >> working previously then > >> >> >> >> I expect that you have it installed. > >> >> >> >> >> > >> >> >> >> >> All the best, > >> >> >> >> >> > >> >> >> >> >> Ron > >> >> >> >> >> > >> >> >> >> >>> -----Original Message----- > >> >> >> >> >>> From: [hidden email] > >> >> >> >> >>> [mailto:squeak-dev- [hidden email]] > >> >> >> >> >>> On Behalf Of Frank Shearar > >> >> >> >> >>> Sent: Saturday, May 11, 2013 2:58 PM > >> >> >> >> >>> To: The general-purpose Squeak developers list > >> >> >> >> >>> Subject: Re: [squeak-dev] RE: SSL > >> >> >> >> >>> > >> >> >> >> >>> The build.squeak.org tests run on a CentOS box. They > >> >> >> >> >>> also fail on my Ubuntu Lucid box. I've mentioned this before: > >> >> >> >> >>> SqueakSSL used to work just fine, on Cog.r2714, and then > >> >> >> >> >>> one day stopped working. That does sound like possible > >> >> >> >> >>> cert expiration. The main trouble I have is that my > >> >> >> >> >>> debugging info is usually just "primitive failed", > >> >> >> >> >>> without any clue as to > >> >> >> >> _why_. > >> >> >> >> >>> > >> >> >> >> >>> I'll try run some things just now and report back. > >> >> >> >> >>> > >> >> >> >> >>> frank > >> >> >> >> >>> > >> >> >> >> >>> On 11 May 2013 18:24, Ron Teitelbaum <[hidden email]> > >> wrote: > >> >> >> >> >>> > Hello, > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > The problem is the certificate. What os is this running on? > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no > >> >> >> >> >>> > start > >> >> >> >> >>> > line:pem_lib.c:650:Expecting: CERTIFICATE > >> >> >> >> >>> > > >> >> >> >> >>> > 30183:error:140AD009:SSL > >> >> >> >> >>> > routines:SSL_CTX_use_certificate_file:PEM > >> >> >> >> >>> > lib:ssl_rsa.c:491: > >> >> >> >> >>> > > >> >> >> >> >>> > 30183:error:0906D06C:PEM routines:PEM_read_bio:no > >> >> >> >> >>> > start > >> >> >> >> >>> > line:pem_lib.c:650:Expecting: ANY PRIVATE KEY > >> >> >> >> >>> > > >> >> >> >> >>> > 30183:error:140B0009:SSL > >> >> >> >> >>> > routines:SSL_CTX_use_PrivateKey_file:PEM > >> >> >> >> >>> > lib:ssl_rsa.c:669: > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > The code for SqueakSSL >> ensureSampleCert is > >> >> >> >> >>> > hardcoded for > >> >> >> windows. > >> >> >> >> >>> > I'm thinking that the cert may be expired. > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > On Linux it creates a new cert so it wouldn't be a problem. > >> >> >> >> >>> > To fix this you should create a sample cert for > >> >> >> >> >>> > windows and then point the test case to that cert, or > >> >> >> >> >>> > replace the > >> hardcoded cert. > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > Hmmm, just ran this on my windows 7, 4.1 based image, > >> >> >> >> >>> > with the existing SSL test code and it worked fine. > >> >> >> >> >>> > So it may not be the sample > >> >> >> >> cert. > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > Need more info. > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > All the best, > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > Ron Teitelbaum > >> >> >> >> >>> > > >> >> >> >> >>> > Head Of Engineering > >> >> >> >> >>> > > >> >> >> >> >>> > 3d Immersive Collaboration Consulting > >> >> >> >> >>> > > >> >> >> >> >>> > [hidden email] > >> >> >> >> >>> > > >> >> >> >> >>> > Follow Me On Twitter: @RonTeitelbaum > >> >> >> >> >>> > > >> >> >> >> >>> > www.3dicc.com > >> >> >> >> >>> > > >> >> >> >> >>> > 3d ICC on G+ > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> >> -----Original Message----- > >> >> >> >> >>> > > >> >> >> >> >>> >> From: [hidden email] > >> >> >> >> >>> >> [mailto:squeak-dev- > >> >> >> >> >>> > > >> >> >> >> >>> >> [hidden email]] On Behalf Of > >> >> >> >> >>> >> Patrick Shouse > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> Hi, Ron. Here's a link to one > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> http://build.squeak.org/job/ExternalPackages-Squeak4. > >> >> >> >> >>> >> 3/8 > >> >> >> >> >>> >> 2/ > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> You can click on the Console Ouput link on this page > >> >> >> >> >>> >> to see the > >> >> details. > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> >> -- > >> >> >> >> >>> > > >> >> >> >> >>> >> View this message in context: > >> >> >> >> >>> >> http://forum.world.st/SSL- > >> >> >> >> >>> > > >> >> >> >> >>> >> tp4686693p4686815.html > >> >> >> >> >>> > > >> >> >> >> >>> >> Sent from the Squeak - Dev mailing list archive at > Nabble.com. > >> >> >> >> >>> > > >> >> >> >> >>> >> > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > > >> >> >> >> >>> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> > >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > >> > > >> > > >> > > >> > > > > > > > |
In reply to this post by Frank Shearar-3
On 05/13/2013 07:54 PM, Frank Shearar wrote:
> Hi Ron, > > If I use a Cog r.2714 I get a primitiveCreateSSL error because the > SqueakSSL plugin there has some weird linking problem. What says ldd SqueakSSL? A classic issue is version of OpenSSL libraries. A quick hack is often to just create a properly named softlink - or to install the proper package (some distros have 0.9.8 backwards compat packages etc). regards, Göran |
On 14 May 2013 07:29, Göran Krampe <[hidden email]> wrote:
> On 05/13/2013 07:54 PM, Frank Shearar wrote: >> >> Hi Ron, >> >> If I use a Cog r.2714 I get a primitiveCreateSSL error because the >> SqueakSSL plugin there has some weird linking problem. > > > What says ldd SqueakSSL? > > A classic issue is version of OpenSSL libraries. A quick hack is often to > just create a properly named softlink - or to install the proper package > (some distros have 0.9.8 backwards compat packages etc). That's a very good first question but (a) Lucid ships with OpenSSL 0.9.8 and (b) this used to work on the machine I'm currently testing on. Lucid's old enough that it's not getting OpenSSL 1.0.0. frank > regards, Göran > |
On 14 May 2013 07:34, Frank Shearar <[hidden email]> wrote:
> On 14 May 2013 07:29, Göran Krampe <[hidden email]> wrote: >> On 05/13/2013 07:54 PM, Frank Shearar wrote: >>> >>> Hi Ron, >>> >>> If I use a Cog r.2714 I get a primitiveCreateSSL error because the >>> SqueakSSL plugin there has some weird linking problem. >> >> >> What says ldd SqueakSSL? >> >> A classic issue is version of OpenSSL libraries. A quick hack is often to >> just create a properly named softlink - or to install the proper package >> (some distros have 0.9.8 backwards compat packages etc). > > That's a very good first question but (a) Lucid ships with OpenSSL > 0.9.8 and (b) this used to work on the machine I'm currently testing > on. Lucid's old enough that it's not getting OpenSSL 1.0.0. And while a link error would explain my issues with Cog (and build.squeak.org's issue with Cog), why would SSL_read fail halfway through a download, as I reported with running on the Interpreter VM? > frank > >> regards, Göran >> |
Free forum by Nabble | Edit this page |