https

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

https

Eliot Miranda-2
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot


Reply | Threaded
Open this post in threaded view
|

Re: https

Ron Teitelbaum
SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot






Reply | Threaded
Open this post in threaded view
|

Re: https

marcel.taeumel
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:

WebClient httpGet: 'https://google.com'

Best,
Marcel

Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:

SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot






Reply | Threaded
Open this post in threaded view
|

Re: https

Chris Muller-3
To get around the incomplete SAN support, one of my applications
actually calls out to curl via OSProcess.


On Wed, Aug 23, 2017 at 1:37 AM, Marcel Taeumel <[hidden email]> wrote:

> Note that due to incomplete or missing SAN support on some platforms, using
> alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>
> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>
> SqueakSSL
>
> WebClient httpGet: 'https://www.google.com'
>
> Ron
>
> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]>
> wrote:
>>
>> Hi All,
>>
>>     what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
In reply to this post by marcel.taeumel
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:

WebClient httpGet: 'https://google.com'

Best,
Marcel

Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:

SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot










Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
Hi Tobias,

Sure... I'm currently running on Debian 9 stable (x86 32- and 64-bit, ARM 32-bit) but have been experiencing this at least since Debian 8.  I run a variety of VMs from the release Squeak VM (through 5.1), the Spur builds on bintray (I think the latest I've tried were dated 6/16/2017) as well as my own VM builds but confess that I haven't been paying much attention to whether or not I'm seeing issues more/less in one VM/plugin version or another as this issue has been creeping up/expanding for about 2 years now.  I will try to start keeping better track.  I haven't yet had the time to dig into it deeply but think it's a combination of issues mostly (entirely?) related to server-side SSL configuration as I've been noticing sites that used to work no longer do and the number of failures seem to have tracked site migrations to https.

Thanks,
Phil


On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>





Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
In reply to this post by Tobias Pape
Tobias,

I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)

Here are a few sample urls I was having problems with:

Thanks,
Phil

On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>




Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
hi Phil

> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Thanks for the List, I'll have a look.

In the meantime, could you please:

 - run squeak from the terminal
 - change SqueakSSL>>initialize to the following:

initialize
        "Initialize the receiver"

        handle := self primitiveSSLCreate.
        self logLevel: 1.

 - use webclient to GET one of the URLs.

The stderr will show some information which may be helpful here.

Best regards
        -Tobias


> Thanks,
> Phil
>
> On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
>
> > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> >
> > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
>
> can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
>
> Best regard
>         -tobias
>
>
> >
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> >
> > WebClient httpGet: 'https://google.com'
> >
> > Best,
> > Marcel
> >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> >>
> >> SqueakSSL
> >>
> >> WebClient httpGet: 'https://www.google.com'
> >>
> >> Ron
> >>
> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> >> Hi All,
> >>
> >>    what are people using for https support?
> >>
> >> _,,,^..^,,,_
> >> best, Eliot
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
Tobias,

I did as you suggested and here's the console output for the danluu link:

qConnectSSL: 0x9c6cb50
sqConnectSSL: Setting up SSL
sqSetupSSL: setting method
sqSetupSSL: Creating context
sqSetupSSL: Disabling SSLv2 and SSLv3
sqSetupSSL: setting cipher list
sqSetupSSL: No root CA given; using default verify paths
sqSetupSSL: Creating SSL
sqSetupSSL: setting bios
sqConnectSSL: Setting connect state
sqConnectSSL: BIO_write 0 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: sqCopyBioSSL
sqCopyBioSSL: 297 bytes pending; buffer size 4096
sqConnectSSL: 0x9c6cb50
sqConnectSSL: BIO_write 7 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: SSL_connect failed
3075761856:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757:

Thanks,
Phil


On Jan 3, 2018 8:37 AM, "Tobias Pape" <[hidden email]> wrote:
hi Phil

> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Thanks for the List, I'll have a look.

In the meantime, could you please:

 - run squeak from the terminal
 - change SqueakSSL>>initialize to the following:

initialize
        "Initialize the receiver"

        handle := self primitiveSSLCreate.
        self logLevel: 1.

 - use webclient to GET one of the URLs.

The stderr will show some information which may be helpful here.

Best regards
        -Tobias