SqueakSSL
Locked
 
|
Hi folks,
I did a quick smoke test by installing the image-side code and testing with the plugin that ships with Cog. That didn't work, so I'm trying to get an idea of how broken it is...
Is anybody using SqueakSSL right now? Are there known problems and solutions? Did it mature enough for production use before Andreas died? Colin |
|
|
Plugin will not load on Linux32 and a month or so ago it did not load on Windows 7. Its on my list of things to fix. cordially tty
|
|
|
In reply to this post by Colin Putney-3
Status is here:
http://bugs.squeak.org/view.php?id=7751 http://bugs.squeak.org/view.php?id=7793 It should work on a freshly compiled interpreter VM if and only if compiled in 32-bit mode (and yes we are overdue for a new official build). I'm not sure of status on Cog but I know of no reason that it would not work on Cog also. > Hi folks, > > I did a quick smoke test by installing the image-side code and testing > with > the plugin that ships with Cog. That didn't work, so I'm trying to get an > idea of how broken it is... > > Is anybody using SqueakSSL right now? Are there known problems and > solutions? Did it mature enough for production use before Andreas died? > > Colin > > |
|
|
I will be attempting my first build for the StackInterpreterSimulator on linux64(w/ 32 bit libs) when I get done with the MorphicEvents work I am doing for the simulator. Expect something in two or three days as I am a bit busy with some other stuff right now. cordially tty Status is here: |
|
|
In reply to this post by David T. Lewis
On 02/12/2014 09:37 PM, David T. Lewis wrote:
> Status is here: > > http://bugs.squeak.org/view.php?id=7751 > > http://bugs.squeak.org/view.php?id=7793 > > It should work on a freshly compiled interpreter VM if and only if > compiled in 32-bit mode (and yes we are overdue for a new official build). > > I'm not sure of status on Cog but I know of no reason that it would not > work on Cog also. We (3DICC) use SqueakSSL on both Win32, Mac and Linux - on Cog. In fact, I fixed Mac just a week ago to verify certificates properly - its in my "outbox" bound for Eliot or someone to stuff upstream. And yeah, we use Levente's fix also. And it ships in Pharo 2.0 also. regards, Göran |
|
|
On Wed, Feb 12, 2014 at 4:42 PM, Göran Krampe <[hidden email]> wrote:
I ran into a cert verification problem on Mac, so I guess your fix is just what I need. And yeah, we use Levente's fix also. This seems to be in the current Cog sources, but it hasn't been shipped in Eliot's build yet. Great, this was just the information I needed. Thanks!
Colin |
|
|
On 02/12/2014 11:11 PM, Colin Putney wrote:
> Great, this was just the information I needed. Thanks! I will pack it up and post/send it tomorrow to ... well, Sven and Eliot etc for committing it. Note - SqueakSSL works just fine for client side stuff. But you don't want to use it for server side with lots of connections... We kinda did and realized that hey... there is no threading in this plugin so... only one connection can decrypt/encrypt at one point in time - and of course VM stops while it does so. Ouchy. We moved to using stud on our servers. Works great and simple to setup. regards, Göran |
|
|
On Wed, Feb 12, 2014 at 6:39 PM, Göran Krampe <[hidden email]> wrote:
Great, thanks. Note - SqueakSSL works just fine for client side stuff. But you don't want to use it for server side with lots of connections... We kinda did and realized that hey... there is no threading in this plugin so... only one connection can decrypt/encrypt at one point in time - and of course VM stops while it does so. Ouchy. Right, the client-side is what I'm trying to use it for. My servers are behind a load balancer, which does SSL termination as well. Stud looks pretty awesome, but I haven't had a chance to use it yet. :-)
Colin |
|
|
You're probably already aware of this but you can also use the webservers to encrypt connections from your client to 3rd party servers. I learned about it from here (site is down right now): http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https-client-for-glass.html instead of connecting direct from Squeak to https://api.stripe.com (or any 3rd party) 1. set an alias in your /etc/hosts file for the 3rd party 127.0.0.1 stripe from Squeak connect to http://stripe and have your webserver proxy those connections to the 3rd party e.g. in nginx something like this server { server_name stripe; allow 127.0.0.1; deny all; location / { proxy_pass https://api.stripe.com; } } hope this helps Paul |
|
|
> -----Original Message----- > > Colin Putney-3 wrote > > On Wed, Feb 12, 2014 at 6:39 PM, Göran Krampe < > > > goran@ > > > > wrote: > > > >> On 02/12/2014 11:11 PM, Colin Putney wrote: > >> > >>> Great, this was just the information I needed. Thanks! > >>> > >> > >> I will pack it up and post/send it tomorrow to ... well, Sven and > >> Eliot etc for committing it. > >> > > > > Great, thanks. > > > > > >> Note - SqueakSSL works just fine for client side stuff. But you don't > >> want to use it for server side with lots of connections... We kinda > >> did and realized that hey... there is no threading in this plugin > >> so... only one connection can decrypt/encrypt at one point in time - > >> and of course VM stops while it does so. Ouchy. > >> > > > > Right, the client-side is what I'm trying to use it for. My servers > > are behind a load balancer, which does SSL termination as well. Stud > > looks pretty awesome, but I haven't had a chance to use it yet. :-) > > > > Colin > > You're probably already aware of this but you can also use the webservers to > encrypt connections from your client to 3rd party servers. I learned about it > from here (site is down right now): > http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https- > client-for-glass.html > > instead of connecting direct from Squeak to > > https://api.stripe.com (or any 3rd party) > > 1. set an alias in your /etc/hosts file for the 3rd party > > 127.0.0.1 stripe > > from Squeak connect to > > http://stripe > > and have your webserver proxy those connections to the 3rd party e.g. in nginx > something like this > > server > { > server_name stripe; > allow 127.0.0.1; > deny all; > location / > { > proxy_pass https://api.stripe.com; > } > } > > > > hope this helps > > Paul > Hey Paul, Thanks for that but the problem we were solving was connecting https from a user's client computer to our server via SSL/TLS. The idea was to protect the traffic from client to server. Having our squeak client speaking SSL for on both Win and Mac was essential and we use SqueakSSL for that. We could have used Apache or Nginx to proxy the connection and just now looking at Nginx that might have been a very good solution. We chose stud because it's clean, works with multiple cores and performs well. In our experience it just works. What I like about SqueakSSL is that it uses native SSL implementations so we get the best of the OS SSL implementations, although single threaded, on the client side with no fuss. Our bottle neck was the server and that is handled well by STUD. We also use STUD for server to server communication and that too just works really well. All the best, Ron Teitelbaum Head Of Engineering 3d Immersive Collaboration Consulting [hidden email] Follow Me On Twitter: @RonTeitelbaum www.3dicc.com https://www.google.com/+3dicc https://www.google.com/+RonTeitelbaum |
«
Return to Squeak - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |