Smalltalk Squeak Squeak - Dev

WebClient + SqueakSSL = https

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Andreas.Raab
Reply | Threaded
Open this post in threaded view
|

WebClient + SqueakSSL = https

Andreas.Raab
Folks -

I've added the first round of https support for WebClient and I'm
looking for beta testers / feedback. In particular if you're set up
using (authenticating) proxies I'm curious whether WebClient behaves
correctly. Assuming you've set up your Squeak environment, all you need
is to:

* Install the SqueakSSL plugin:
   http://squeakvm.org/win32/release/SqueakSSL.zip

* Install SqueakSSL:
   (Installer ss)
       project: 'SqueakSSL';
       install: 'SqueakSSL-Core';
       install: 'SqueakSSL-Tests'.

* Install WebClient:
   (Installer ss)
       project: 'WebClient';
       install: 'WebClient-Core';
       install: 'WebClient-Tests';
       install: 'WebClient-Help'.

Once installed, you can use the following to test SqueakSSL:

   WebClient httpGet: 'https://www.google.com/search?q=squeak'.

If this works everything is set up properly. If you encounter any
problems accessing your favorite SSL sites, let me know.

Cheers,
   - Andreas

Levente Uzonyi-2
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Levente Uzonyi-2
On Sun, 25 Jul 2010, Andreas Raab wrote:

> Folks -
>
> I've added the first round of https support for WebClient and I'm looking for
> beta testers / feedback. In particular if you're set up using
> (authenticating) proxies I'm curious whether WebClient behaves correctly.
> Assuming you've set up your Squeak environment, all you need is to:
>
> * Install the SqueakSSL plugin:
>  http://squeakvm.org/win32/release/SqueakSSL.zip
>
> * Install SqueakSSL:
>  (Installer ss)
>      project: 'SqueakSSL';
>      install: 'SqueakSSL-Core';
>      install: 'SqueakSSL-Tests'.
>
> * Install WebClient:
>  (Installer ss)
>      project: 'WebClient';
>      install: 'WebClient-Core';
>      install: 'WebClient-Tests';
>      install: 'WebClient-Help'.
>
> Once installed, you can use the following to test SqueakSSL:
>
>  WebClient httpGet: 'https://www.google.com/search?q=squeak'.
>
> If this works everything is set up properly. If you encounter any problems
> accessing your favorite SSL sites, let me know.

It works for me, but I always get 'Invalid certificate' error, even for
google.com. #certState is always 1 (generic error). If I just ignore the
error, everything is fine. Is there a way to debug it?
(Ubuntu 8.04 x86_64 CogVM)


Levente

>
> Cheers,
>  - Andreas
>
>

Andreas.Raab
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Andreas.Raab
On 7/25/2010 7:55 PM, Levente Uzonyi wrote:
> It works for me, but I always get 'Invalid certificate' error, even for
> google.com. #certState is always 1 (generic error). If I just ignore the
> error, everything is fine. Is there a way to debug it?
> (Ubuntu 8.04 x86_64 CogVM)

Interesting. I suspect it's something in OpenSSL plugin code. The thing
to try is to to change SecureSocketStream>>sslConnect from:

        squeakSSL := SqueakSSL new.

to the following:

        squeakSSL := SqueakSSL new.

        "Logs extra info stdout"
        squeakSSL logLevel: 1.

You should be getting a bunch of console output as a result which should
prove helpful.

Also, you might try to see whether going directly to
encrypted.google.com makes a difference (the https request to
www.google.com is first redirected to encrypted.google.com and perhaps
the problem is somewhere in the redirect handling):

        WebClient httpGet: 'https://encrypted.google.com/search?q=squeak'.

Cheers,
   - Andreas

Levente Uzonyi-2
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Levente Uzonyi-2
On Sun, 25 Jul 2010, Andreas Raab wrote:

> On 7/25/2010 7:55 PM, Levente Uzonyi wrote:
>> It works for me, but I always get 'Invalid certificate' error, even for
>> google.com. #certState is always 1 (generic error). If I just ignore the
>> error, everything is fine. Is there a way to debug it?
>> (Ubuntu 8.04 x86_64 CogVM)
>
> Interesting. I suspect it's something in OpenSSL plugin code. The thing to
> try is to to change SecureSocketStream>>sslConnect from:
>
> squeakSSL := SqueakSSL new.
>
> to the following:
>
> squeakSSL := SqueakSSL new.
>
> "Logs extra info stdout"
> squeakSSL logLevel: 1.
>
> You should be getting a bunch of console output as a result which should
> prove helpful.
I found a few issues with logging on unix:
- SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
   #primitiveSetStringProperty instead of #primitiveSetIntProperty.
- #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
   returns 0, it should return 1 at the end of the function.
After fixing these #logLevel: with argument 1 didn't give any output. It
works with 2 and 3. It's a bit annoying that the log messages are not
flushed (printf is buffered), so one has to generate a few requests to
see the result of the first one (I can't flush stdout without FFI or
OSProcess).

>
> Also, you might try to see whether going directly to encrypted.google.com
> makes a difference (the https request to www.google.com is first redirected
> to encrypted.google.com and perhaps the problem is somewhere in the redirect
> handling):
>
> WebClient httpGet: 'https://encrypted.google.com/search?q=squeak'.

It's the same.

I attached the output of [WebClient httpGet:
'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.


Levente

>
> Cheers,
>  - Andreas
>
>


ssl.log (2K) Download Attachment
Levente Uzonyi-2
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Levente Uzonyi-2
On Mon, 26 Jul 2010, Levente Uzonyi wrote:

> On Sun, 25 Jul 2010, Andreas Raab wrote:
>
>> On 7/25/2010 7:55 PM, Levente Uzonyi wrote:
>>> It works for me, but I always get 'Invalid certificate' error, even for
>>> google.com. #certState is always 1 (generic error). If I just ignore the
>>> error, everything is fine. Is there a way to debug it?
>>> (Ubuntu 8.04 x86_64 CogVM)
>>
>> Interesting. I suspect it's something in OpenSSL plugin code. The thing to
>> try is to to change SecureSocketStream>>sslConnect from:
>>
>> squeakSSL := SqueakSSL new.
>>
>> to the following:
>>
>> squeakSSL := SqueakSSL new.
>>
>> "Logs extra info stdout"
>> squeakSSL logLevel: 1.
>>
>> You should be getting a bunch of console output as a result which should
>> prove helpful.
>
> I found a few issues with logging on unix:
> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
>  #primitiveSetStringProperty instead of #primitiveSetIntProperty.
> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
>  returns 0, it should return 1 at the end of the function.
> After fixing these #logLevel: with argument 1 didn't give any output. It
> works with 2 and 3. It's a bit annoying that the log messages are not flushed
> (printf is buffered), so one has to generate a few requests to see the result
> of the first one (I can't flush stdout without FFI or OSProcess).
>
>>
>> Also, you might try to see whether going directly to encrypted.google.com
>> makes a difference (the https request to www.google.com is first redirected
>> to encrypted.google.com and perhaps the problem is somewhere in the
>> redirect handling):
>>
>> WebClient httpGet: 'https://encrypted.google.com/search?q=squeak'.
>
> It's the same.
>
> I attached the output of [WebClient httpGet:
> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.

I took a look at the log again, and found this
"sqConnectSSL: SSL_get_verify_result = 20"
So it turned out that some CA certificates were missing. After installing
the ca-certificates package SqueakSSL is working fine. :)


Levente

>
>
> Levente
>
>>
>> Cheers,
>>  - Andreas
>>
>

Andreas.Raab
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Andreas.Raab
In reply to this post by Levente Uzonyi-2
On 7/26/2010 6:59 AM, Levente Uzonyi wrote:

> I found a few issues with logging on unix:
> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
> #primitiveSetStringProperty instead of #primitiveSetIntProperty.
> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
> returns 0, it should return 1 at the end of the function.
> After fixing these #logLevel: with argument 1 didn't give any output. It
> works with 2 and 3. It's a bit annoying that the log messages are not
> flushed (printf is buffered), so one has to generate a few requests to
> see the result of the first one (I can't flush stdout without FFI or
> OSProcess).

Thanks, I will fix that. For some reason the output in my Ubuntu is
unbuffered; any ideas why that would be?

> I attached the output of [WebClient httpGet:
> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.

Your analysis in the other email is correct. The error code means the CA
certs are missing and installing them should fix the problem.

Cheers,
   - Andreas

Levente Uzonyi-2
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Levente Uzonyi-2
On Mon, 26 Jul 2010, Andreas Raab wrote:

> On 7/26/2010 6:59 AM, Levente Uzonyi wrote:
>> I found a few issues with logging on unix:
>> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
>> #primitiveSetStringProperty instead of #primitiveSetIntProperty.
>> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
>> returns 0, it should return 1 at the end of the function.
>> After fixing these #logLevel: with argument 1 didn't give any output. It
>> works with 2 and 3. It's a bit annoying that the log messages are not
>> flushed (printf is buffered), so one has to generate a few requests to
>> see the result of the first one (I can't flush stdout without FFI or
>> OSProcess).
>
> Thanks, I will fix that. For some reason the output in my Ubuntu is

Thanks.

> unbuffered; any ideas why that would be?

Not really. IIRC printf should automatically flush on \n, but
it somehow doesn't do it.


Levente

>
>> I attached the output of [WebClient httpGet:
>> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.
>
> Your analysis in the other email is correct. The error code means the CA
> certs are missing and installing them should fix the problem.
>
> Cheers,
>  - Andreas
>
>

Bert Freudenberg
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Bert Freudenberg

On 26.07.2010, at 11:53, Levente Uzonyi wrote:

> On Mon, 26 Jul 2010, Andreas Raab wrote:
>
>> On 7/26/2010 6:59 AM, Levente Uzonyi wrote:
>>> It's a bit annoying that the log messages are not
>>> flushed (printf is buffered), so one has to generate a few requests to
>>> see the result of the first one (I can't flush stdout without FFI or
>>> OSProcess).
>>
>> Thanks, I will fix that. For some reason the output in my Ubuntu is
>> unbuffered; any ideas why that would be?
>
> Not really. IIRC printf should automatically flush on \n, but it somehow doesn't do it.

Usually stdout is buffered, stderr is not.

- Bert -



Levente Uzonyi-2
Reply | Threaded
Open this post in threaded view
|

Re: WebClient + SqueakSSL = https

Levente Uzonyi-2
In reply to this post by Levente Uzonyi-2
On Mon, 26 Jul 2010, Levente Uzonyi wrote:

> On Mon, 26 Jul 2010, Andreas Raab wrote:
>
>> On 7/26/2010 6:59 AM, Levente Uzonyi wrote:
>>> I found a few issues with logging on unix:
>>> - SqueakSSL >> #primitiveSSL:setIntProperty:toValue: calls
>>> #primitiveSetStringProperty instead of #primitiveSetIntProperty.
>>> - #primitiveSetIntPropery always fails, because sqSetIntPropertySSL always
>>> returns 0, it should return 1 at the end of the function.
>>> After fixing these #logLevel: with argument 1 didn't give any output. It
>>> works with 2 and 3. It's a bit annoying that the log messages are not
>>> flushed (printf is buffered), so one has to generate a few requests to
>>> see the result of the first one (I can't flush stdout without FFI or
>>> OSProcess).
>>
>> Thanks, I will fix that. For some reason the output in my Ubuntu is
>
> Thanks.
>
>> unbuffered; any ideas why that would be?
>
> Not really. IIRC printf should automatically flush on \n, but it somehow
> doesn't do it.

Looking after streams and buffering it turns out that it's mostly true,
but not always:

"The three types of buffering available are unbuffered, block buffered,
and line buffered.  When an output stream is unbuffered, information
appears on the destination file or terminal as soon as written; when it is
block buffered many characters are saved up and written as a block; when
it is line  buffered  characters are saved up until a newline is output
or input is read from any stream attached to a terminal device (typically
stdin). The function fflush(3) may be used to force the block out early.
(See fclose(3).)  Normally all files are block  buffered.   When  the
first I/O operation  occurs  on a file, malloc(3) is called, and a buffer is
obtained.  If a stream refers to a terminal (as stdout normally does) it
is line buffered.  The standard error stream stderr is always unbuffered by
default." -- from the man page of setvbuf

Since I started the vm with nohup, stdout didn't refer to a terminal, so
it's not line buffered.


Levente

>
>
> Levente
>
>>
>>> I attached the output of [WebClient httpGet:
>>> 'https://www.google.com/search?q=squeak'] generated with #logLevel: 3.
>>
>> Your analysis in the other email is correct. The error code means the CA
>> certs are missing and installing them should fix the problem.
>>
>> Cheers,
>>  - Andreas
>>
>>
>
>

Free forum by Nabble Edit this page