https
Locked
12
12
 
|
Hi All,
what are people using for https support? _,,,^..^,,,_ best, Eliot |
|
|
SqueakSSL
WebClient httpGet: 'https://www.google.com' Ron On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
|
|
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
Best, Marcel
|
|
|
To get around the incomplete SAN support, one of my applications
actually calls out to curl via OSProcess. On Wed, Aug 23, 2017 at 1:37 AM, Marcel Taeumel <[hidden email]> wrote: > Note that due to incomplete or missing SAN support on some platforms, using > alternative names can still raise a SqueakSSLCertificateError: > > WebClient httpGet: 'https://google.com' > > Best, > Marcel > > Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > > SqueakSSL > > WebClient httpGet: 'https://www.google.com' > > Ron > > On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> > wrote: >> >> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> > > > > |
|
|
In reply to this post by marcel.taeumel
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
|
|
|
Hi Phil
> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) Best regard -tobias > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > WebClient httpGet: 'https://google.com' > > Best, > Marcel >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: >> >> SqueakSSL >> >> WebClient httpGet: 'https://www.google.com' >> >> Ron >> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: >> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> >> > > > > > |
|
|
Hi Tobias, Sure... I'm currently running on Debian 9 stable (x86 32- and 64-bit, ARM 32-bit) but have been experiencing this at least since Debian 8. I run a variety of VMs from the release Squeak VM (through 5.1), the Spur builds on bintray (I think the latest I've tried were dated 6/16/2017) as well as my own VM builds but confess that I haven't been paying much attention to whether or not I'm seeing issues more/less in one VM/plugin version or another as this issue has been creeping up/expanding for about 2 years now. I will try to start keeping better track. I haven't yet had the time to dig into it deeply but think it's a combination of issues mostly (entirely?) related to server-side SSL configuration as I've been noticing sites that used to work no longer do and the number of failures seem to have tracked site migrations to https. Thanks, Phil On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: Hi Phil |
|
|
In reply to this post by Tobias Pape
Tobias, I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) Here are a few sample urls I was having problems with: Thanks, Phil On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: Hi Phil |
|
|
hi Phil
> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > Tobias, > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > Here are a few sample urls I was having problems with: > https://blog.jessfraz.com/post/containers-zones-jails-vms > https://blog.keras.io/the-future-of-deep-learning.html > https://danluu.com/cpu-bugs > Thanks for the List, I'll have a look. In the meantime, could you please: - run squeak from the terminal - change SqueakSSL>>initialize to the following: initialize "Initialize the receiver" handle := self primitiveSSLCreate. self logLevel: 1. - use webclient to GET one of the URLs. The stderr will show some information which may be helpful here. Best regards -Tobias > Thanks, > Phil > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > Hi Phil > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > Best regard > -tobias > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > WebClient httpGet: 'https://google.com' > > > > Best, > > Marcel > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > >> > >> SqueakSSL > >> > >> WebClient httpGet: 'https://www.google.com' > >> > >> Ron > >> > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > >> Hi All, > >> > >> what are people using for https support? > >> > >> _,,,^..^,,,_ > >> best, Eliot > >> > >> > >> > >> > > > > > > > > > > > > > |
|
|
Tobias, I did as you suggested and here's the console output for the danluu link: qConnectSSL: 0x9c6cb50 sqConnectSSL: Setting up SSL sqSetupSSL: setting method sqSetupSSL: Creating context sqSetupSSL: Disabling SSLv2 and SSLv3 sqSetupSSL: setting cipher list sqSetupSSL: No root CA given; using default verify paths sqSetupSSL: Creating SSL sqSetupSSL: setting bios sqConnectSSL: Setting connect state sqConnectSSL: BIO_write 0 bytes sqConnectSSL: SSL_connect sqConnectSSL: sqCopyBioSSL sqCopyBioSSL: 297 bytes pending; buffer size 4096 sqConnectSSL: 0x9c6cb50 sqConnectSSL: BIO_write 7 bytes sqConnectSSL: SSL_connect sqConnectSSL: SSL_connect failed 3075761856:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757: Thanks, Phil On Jan 3, 2018 8:37 AM, "Tobias Pape" <[hidden email]> wrote: hi Phil |
|
|
In reply to this post by Phil B
Hi Phil,
> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > Tobias, > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > Here are a few sample urls I was having problems with: > https://blog.jessfraz.com/post/containers-zones-jails-vms > https://blog.keras.io/the-future-of-deep-learning.html > https://danluu.com/cpu-bugs > Can you try with one of the latest vms? https://bintray.com/opensmalltalk/vm/cog/ Best regards -Tobias > Thanks, > Phil > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > Hi Phil > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > Best regard > -tobias > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > WebClient httpGet: 'https://google.com' > > > > Best, > > Marcel > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > >> > >> SqueakSSL > >> > >> WebClient httpGet: 'https://www.google.com' > >> > >> Ron > >> > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > >> Hi All, > >> > >> what are people using for https support? > >> > >> _,,,^..^,,,_ > >> best, Eliot > >> > >> > >> > >> > > > > > > > > > > > > > |
|
|
Tobias, I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it) Thanks, Phil On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote: Hi Phil, |
|
|
Hi Phil
> On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote: > > Tobias, > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it) I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again? Best regards -Tobias > > Thanks, > Phil > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote: > Hi Phil, > > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > > > Tobias, > > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > > > Here are a few sample urls I was having problems with: > > https://blog.jessfraz.com/post/containers-zones-jails-vms > > https://blog.keras.io/the-future-of-deep-learning.html > > https://danluu.com/cpu-bugs > > > > Can you try with one of the latest vms? > > https://bintray.com/opensmalltalk/vm/cog/ > > Best regards > -Tobias > > > Thanks, > > Phil > > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > > Hi Phil > > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > > > Best regard > > -tobias > > > > > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > > > WebClient httpGet: 'https://google.com' > > > > > > Best, > > > Marcel > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > > >> > > >> SqueakSSL > > >> > > >> WebClient httpGet: 'https://www.google.com' > > >> > > >> Ron > > >> > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > > >> Hi All, > > >> > > >> what are people using for https support? > > >> > > >> _,,,^..^,,,_ > > >> best, Eliot > > >> > > >> > > >> > > >> > > > > > > > > > > > > > > > > > > > > > > |
|
|
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5) On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote: Hi Phil |
|
|
Hi Phil, > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote: > > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5) can you give me the output of "locate libssl.so"? Best regards -Tobias > > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote: > Hi Phil > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote: > > > > Tobias, > > > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it) > > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. > Can you give me the console output with logLeve:1 again? > > Best regards > -Tobias > > > > > Thanks, > > Phil > > > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote: > > Hi Phil, > > > > > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > > > > > Tobias, > > > > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > > > > > Here are a few sample urls I was having problems with: > > > https://blog.jessfraz.com/post/containers-zones-jails-vms > > > https://blog.keras.io/the-future-of-deep-learning.html > > > https://danluu.com/cpu-bugs > > > > > > > Can you try with one of the latest vms? > > > > https://bintray.com/opensmalltalk/vm/cog/ > > > > Best regards > > -Tobias > > > > > Thanks, > > > Phil > > > > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > > > Hi Phil > > > > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > > > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > > > > > Best regard > > > -tobias > > > > > > > > > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > > > > > WebClient httpGet: 'https://google.com' > > > > > > > > Best, > > > > Marcel > > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > > > >> > > > >> SqueakSSL > > > >> > > > >> WebClient httpGet: 'https://www.google.com' > > > >> > > > >> Ron > > > >> > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > > > >> Hi All, > > > >> > > > >> what are people using for https support? > > > >> > > > >> _,,,^..^,,,_ > > > >> best, Eliot > > > >> > > > >> > > > >> > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:
|
|
|
Hi Phil,
> On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote: > > /usr/lib/i386-linux-gnu/libssl.so.1.0.0 > /usr/lib/i386-linux-gnu/libssl.so.1.0.2 > /usr/lib/i386-linux-gnu/libssl.so.1.1 > /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 > /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :) Best regards -Tobias > > > On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote: > > Hi Phil, > > > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote: > > > > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5) > > can you give me the output of "locate libssl.so"? > > Best regards > -Tobias > > > > > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote: > > Hi Phil > > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote: > > > > > > Tobias, > > > > > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it) > > > > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. > > Can you give me the console output with logLeve:1 again? > > > > Best regards > > -Tobias > > > > > > > > Thanks, > > > Phil > > > > > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote: > > > Hi Phil, > > > > > > > > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > > > > > > > Tobias, > > > > > > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > > > > > > > Here are a few sample urls I was having problems with: > > > > https://blog.jessfraz.com/post/containers-zones-jails-vms > > > > https://blog.keras.io/the-future-of-deep-learning.html > > > > https://danluu.com/cpu-bugs > > > > > > > > > > Can you try with one of the latest vms? > > > > > > https://bintray.com/opensmalltalk/vm/cog/ > > > > > > Best regards > > > -Tobias > > > > > > > Thanks, > > > > Phil > > > > > > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > > > > Hi Phil > > > > > > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > > > > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > > > > > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > > > > > > > Best regard > > > > -tobias > > > > > > > > > > > > > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > > > > > > > WebClient httpGet: 'https://google.com' > > > > > > > > > > Best, > > > > > Marcel > > > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > > > > >> > > > > >> SqueakSSL > > > > >> > > > > >> WebClient httpGet: 'https://www.google.com' > > > > >> > > > > >> Ron > > > > >> > > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > > > > >> Hi All, > > > > >> > > > > >> what are people using for https support? > > > > >> > > > > >> _,,,^..^,,,_ > > > > >> best, Eliot > > > > >> > > > > >> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
|
|
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux) On Feb 6, 2018 7:00 PM, "Tobias Pape" <[hidden email]> wrote: Hi Phil, |
|
|
Hi Phil, There are a few downsides to statically linked. First crypto errors can't be patched by OS providers. Statically linking crypto modules could be disastrous for users WHEN crypto bugs are found and can't be easily or quickly patched. Also, there are a number of regulations in the USA that prevent software from exporting crypto. By leaving the crypto to the OS provider and only looking up crypto modules or dynamically linking you are not exporting crypto. One can not overstress how much this simplifies deployment. Having a few issues on deployment is a small price to pay for the benefits we gain. All the best, Ron Teitelbaum On Tue, Feb 6, 2018 at 7:14 PM, Phil B <[hidden email]> wrote:
|
|
|
In reply to this post by Phil B
> On 07.02.2018, at 01:14, Phil B <[hidden email]> wrote: > > I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux) That's exactly why I made some changes. SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime... Best regards -Tobias > > On Feb 6, 2018 7:00 PM, "Tobias Pape" <[hidden email]> wrote: > Hi Phil, > > > On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote: > > > > /usr/lib/i386-linux-gnu/libssl.so.1.0.0 > > /usr/lib/i386-linux-gnu/libssl.so.1.0.2 > > /usr/lib/i386-linux-gnu/libssl.so.1.1 > > /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 > > /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0 > > Good! > Or not, I'm puzzled ;) > Could you please compile/run a debug-vm? It has some output, maybe it helps :) > > Best regards > -Tobias > > > > > > > > On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote: > > > > Hi Phil, > > > > > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote: > > > > > > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5) > > > > can you give me the output of "locate libssl.so"? > > > > Best regards > > -Tobias > > > > > > > > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote: > > > Hi Phil > > > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote: > > > > > > > > Tobias, > > > > > > > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it) > > > > > > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. > > > Can you give me the console output with logLeve:1 again? > > > > > > Best regards > > > -Tobias > > > > > > > > > > > Thanks, > > > > Phil > > > > > > > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote: > > > > Hi Phil, > > > > > > > > > > > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote: > > > > > > > > > > Tobias, > > > > > > > > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do) > > > > > > > > > > Here are a few sample urls I was having problems with: > > > > > https://blog.jessfraz.com/post/containers-zones-jails-vms > > > > > https://blog.keras.io/the-future-of-deep-learning.html > > > > > https://danluu.com/cpu-bugs > > > > > > > > > > > > > Can you try with one of the latest vms? > > > > > > > > https://bintray.com/opensmalltalk/vm/cog/ > > > > > > > > Best regards > > > > -Tobias > > > > > > > > > Thanks, > > > > > Phil > > > > > > > > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote: > > > > > Hi Phil > > > > > > > > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote: > > > > > > > > > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added... > > > > > > > > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :) > > > > > > > > > > Best regard > > > > > -tobias > > > > > > > > > > > > > > > > > > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote: > > > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > > > > > > > > > > > WebClient httpGet: 'https://google.com' > > > > > > > > > > > > Best, > > > > > > Marcel > > > > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>: > > > > > >> > > > > > >> SqueakSSL > > > > > >> > > > > > >> WebClient httpGet: 'https://www.google.com' > > > > > >> > > > > > >> Ron > > > > > >> > > > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote: > > > > > >> Hi All, > > > > > >> > > > > > >> what are people using for https support? > > > > > >> > > > > > >> _,,,^..^,,,_ > > > > > >> best, Eliot > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > |
«
Return to Squeak - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |