https

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

https

Eliot Miranda-2
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot


Reply | Threaded
Open this post in threaded view
|

Re: https

Ron Teitelbaum
SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot






Reply | Threaded
Open this post in threaded view
|

Re: https

marcel.taeumel
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:

WebClient httpGet: 'https://google.com'

Best,
Marcel

Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:

SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot






Reply | Threaded
Open this post in threaded view
|

Re: https

Chris Muller-3
To get around the incomplete SAN support, one of my applications
actually calls out to curl via OSProcess.


On Wed, Aug 23, 2017 at 1:37 AM, Marcel Taeumel <[hidden email]> wrote:

> Note that due to incomplete or missing SAN support on some platforms, using
> alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>
> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>
> SqueakSSL
>
> WebClient httpGet: 'https://www.google.com'
>
> Ron
>
> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]>
> wrote:
>>
>> Hi All,
>>
>>     what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
In reply to this post by marcel.taeumel
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:

WebClient httpGet: 'https://google.com'

Best,
Marcel

Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:

SqueakSSL 

WebClient httpGet: 'https://www.google.com'

Ron

On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
Hi All,

    what are people using for https support?

_,,,^..^,,,_
best, Eliot










Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
Hi Tobias,

Sure... I'm currently running on Debian 9 stable (x86 32- and 64-bit, ARM 32-bit) but have been experiencing this at least since Debian 8.  I run a variety of VMs from the release Squeak VM (through 5.1), the Spur builds on bintray (I think the latest I've tried were dated 6/16/2017) as well as my own VM builds but confess that I haven't been paying much attention to whether or not I'm seeing issues more/less in one VM/plugin version or another as this issue has been creeping up/expanding for about 2 years now.  I will try to start keeping better track.  I haven't yet had the time to dig into it deeply but think it's a combination of issues mostly (entirely?) related to server-side SSL configuration as I've been noticing sites that used to work no longer do and the number of failures seem to have tracked site migrations to https.

Thanks,
Phil


On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>





Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
In reply to this post by Tobias Pape
Tobias,

I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)

Here are a few sample urls I was having problems with:

Thanks,
Phil

On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil

> On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
>
> Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...

can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)

Best regard
        -tobias


>
> On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
>
> WebClient httpGet: 'https://google.com'
>
> Best,
> Marcel
>> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
>>
>> SqueakSSL
>>
>> WebClient httpGet: 'https://www.google.com'
>>
>> Ron
>>
>> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
>> Hi All,
>>
>>    what are people using for https support?
>>
>> _,,,^..^,,,_
>> best, Eliot
>>
>>
>>
>>
>
>
>
>
>




Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
hi Phil

> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Thanks for the List, I'll have a look.

In the meantime, could you please:

 - run squeak from the terminal
 - change SqueakSSL>>initialize to the following:

initialize
        "Initialize the receiver"

        handle := self primitiveSSLCreate.
        self logLevel: 1.

 - use webclient to GET one of the URLs.

The stderr will show some information which may be helpful here.

Best regards
        -Tobias


> Thanks,
> Phil
>
> On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
>
> > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> >
> > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
>
> can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
>
> Best regard
>         -tobias
>
>
> >
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> >
> > WebClient httpGet: 'https://google.com'
> >
> > Best,
> > Marcel
> >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> >>
> >> SqueakSSL
> >>
> >> WebClient httpGet: 'https://www.google.com'
> >>
> >> Ron
> >>
> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> >> Hi All,
> >>
> >>    what are people using for https support?
> >>
> >> _,,,^..^,,,_
> >> best, Eliot
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
Tobias,

I did as you suggested and here's the console output for the danluu link:

qConnectSSL: 0x9c6cb50
sqConnectSSL: Setting up SSL
sqSetupSSL: setting method
sqSetupSSL: Creating context
sqSetupSSL: Disabling SSLv2 and SSLv3
sqSetupSSL: setting cipher list
sqSetupSSL: No root CA given; using default verify paths
sqSetupSSL: Creating SSL
sqSetupSSL: setting bios
sqConnectSSL: Setting connect state
sqConnectSSL: BIO_write 0 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: sqCopyBioSSL
sqCopyBioSSL: 297 bytes pending; buffer size 4096
sqConnectSSL: 0x9c6cb50
sqConnectSSL: BIO_write 7 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: SSL_connect failed
3075761856:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757:

Thanks,
Phil


On Jan 3, 2018 8:37 AM, "Tobias Pape" <[hidden email]> wrote:
hi Phil

> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Thanks for the List, I'll have a look.

In the meantime, could you please:

 - run squeak from the terminal
 - change SqueakSSL>>initialize to the following:

initialize
        "Initialize the receiver"

        handle := self primitiveSSLCreate.
        self logLevel: 1.

 - use webclient to GET one of the URLs.

The stderr will show some information which may be helpful here.

Best regards
        -Tobias





Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
In reply to this post by Phil B
Hi Phil,


> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Can you try with one of the latest vms?

https://bintray.com/opensmalltalk/vm/cog/

Best regards
        -Tobias

> Thanks,
> Phil
>
> On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
>
> > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> >
> > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
>
> can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
>
> Best regard
>         -tobias
>
>
> >
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> >
> > WebClient httpGet: 'https://google.com'
> >
> > Best,
> > Marcel
> >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> >>
> >> SqueakSSL
> >>
> >> WebClient httpGet: 'https://www.google.com'
> >>
> >> Ron
> >>
> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> >> Hi All,
> >>
> >>    what are people using for https support?
> >>
> >> _,,,^..^,,,_
> >> best, Eliot
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
>
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
Tobias,

I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)

Thanks,
Phil

On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil,


> On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
>
> Here are a few sample urls I was having problems with:
> https://blog.jessfraz.com/post/containers-zones-jails-vms
> https://blog.keras.io/the-future-of-deep-learning.html
> https://danluu.com/cpu-bugs
>

Can you try with one of the latest vms?

https://bintray.com/opensmalltalk/vm/cog/

Best regards
        -Tobias

> Thanks,
> Phil
>
> On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
>
> > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> >
> > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
>
> can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
>
> Best regard
>         -tobias
>
>
> >
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> >
> > WebClient httpGet: 'https://google.com'
> >
> > Best,
> > Marcel
> >> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> >>
> >> SqueakSSL
> >>
> >> WebClient httpGet: 'https://www.google.com'
> >>
> >> Ron
> >>
> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> >> Hi All,
> >>
> >>    what are people using for https support?
> >>
> >> _,,,^..^,,,_
> >> best, Eliot
> >>
> >>
> >>
> >>
> >
> >
> >
> >
> >
>
>
>



Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
Hi Phil
> On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)

I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?

Best regards
        -Tobias

>
> Thanks,
> Phil
>
> On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil,
>
>
> > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> >
> > Tobias,
> >
> > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> >
> > Here are a few sample urls I was having problems with:
> > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > https://blog.keras.io/the-future-of-deep-learning.html
> > https://danluu.com/cpu-bugs
> >
>
> Can you try with one of the latest vms?
>
> https://bintray.com/opensmalltalk/vm/cog/
>
> Best regards
>         -Tobias
>
> > Thanks,
> > Phil
> >
> > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil
> >
> > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > >
> > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> >
> > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> >
> > Best regard
> >         -tobias
> >
> >
> > >
> > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > >
> > > WebClient httpGet: 'https://google.com'
> > >
> > > Best,
> > > Marcel
> > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > >>
> > >> SqueakSSL
> > >>
> > >> WebClient httpGet: 'https://www.google.com'
> > >>
> > >> Ron
> > >>
> > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > >> Hi All,
> > >>
> > >>    what are people using for https support?
> > >>
> > >> _,,,^..^,,,_
> > >> best, Eliot
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)

On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil
> On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
>
> Tobias,
>
> I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)

I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?

Best regards
        -Tobias

>
> Thanks,
> Phil
>
> On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil,
>
>
> > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> >
> > Tobias,
> >
> > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> >
> > Here are a few sample urls I was having problems with:
> > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > https://blog.keras.io/the-future-of-deep-learning.html
> > https://danluu.com/cpu-bugs
> >
>
> Can you try with one of the latest vms?
>
> https://bintray.com/opensmalltalk/vm/cog/
>
> Best regards
>         -Tobias
>
> > Thanks,
> > Phil
> >
> > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil
> >
> > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > >
> > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> >
> > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> >
> > Best regard
> >         -tobias
> >
> >
> > >
> > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > >
> > > WebClient httpGet: 'https://google.com'
> > >
> > > Best,
> > > Marcel
> > >> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > >>
> > >> SqueakSSL
> > >>
> > >> WebClient httpGet: 'https://www.google.com'
> > >>
> > >> Ron
> > >>
> > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > >> Hi All,
> > >>
> > >>    what are people using for https support?
> > >>
> > >> _,,,^..^,,,_
> > >> best, Eliot
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
>



Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape

Hi Phil,

> On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
>
> It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)

can you give me the output of "locate libssl.so"?

Best regards
        -Tobias

>
> On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
> > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> >
> > Tobias,
> >
> > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
>
> I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> Can you give me the console output with logLeve:1 again?
>
> Best regards
>         -Tobias
>
> >
> > Thanks,
> > Phil
> >
> > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil,
> >
> >
> > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > >
> > > Tobias,
> > >
> > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > >
> > > Here are a few sample urls I was having problems with:
> > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > https://blog.keras.io/the-future-of-deep-learning.html
> > > https://danluu.com/cpu-bugs
> > >
> >
> > Can you try with one of the latest vms?
> >
> > https://bintray.com/opensmalltalk/vm/cog/
> >
> > Best regards
> >         -Tobias
> >
> > > Thanks,
> > > Phil
> > >
> > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil
> > >
> > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > >
> > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > >
> > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > >
> > > Best regard
> > >         -tobias
> > >
> > >
> > > >
> > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > >
> > > > WebClient httpGet: 'https://google.com'
> > > >
> > > > Best,
> > > > Marcel
> > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > >>
> > > >> SqueakSSL
> > > >>
> > > >> WebClient httpGet: 'https://www.google.com'
> > > >>
> > > >> Ron
> > > >>
> > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > >> Hi All,
> > > >>
> > > >>    what are people using for https support?
> > > >>
> > > >> _,,,^..^,,,_
> > > >> best, Eliot
> > > >>
> > > >>
> > > >>
> > > >>
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
/usr/lib/i386-linux-gnu/libssl.so.1.0.0
/usr/lib/i386-linux-gnu/libssl.so.1.0.2
/usr/lib/i386-linux-gnu/libssl.so.1.1
/usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0
/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0


On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:

Hi Phil,

> On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
>
> It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)

can you give me the output of "locate libssl.so"?

Best regards
        -Tobias

>
> On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil
> > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> >
> > Tobias,
> >
> > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
>
> I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> Can you give me the console output with logLeve:1 again?
>
> Best regards
>         -Tobias
>
> >
> > Thanks,
> > Phil
> >
> > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil,
> >
> >
> > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > >
> > > Tobias,
> > >
> > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > >
> > > Here are a few sample urls I was having problems with:
> > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > https://blog.keras.io/the-future-of-deep-learning.html
> > > https://danluu.com/cpu-bugs
> > >
> >
> > Can you try with one of the latest vms?
> >
> > https://bintray.com/opensmalltalk/vm/cog/
> >
> > Best regards
> >         -Tobias
> >
> > > Thanks,
> > > Phil
> > >
> > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil
> > >
> > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > >
> > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > >
> > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > >
> > > Best regard
> > >         -tobias
> > >
> > >
> > > >
> > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > >
> > > > WebClient httpGet: 'https://google.com'
> > > >
> > > > Best,
> > > > Marcel
> > > >> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > >>
> > > >> SqueakSSL
> > > >>
> > > >> WebClient httpGet: 'https://www.google.com'
> > > >>
> > > >> Ron
> > > >>
> > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > >> Hi All,
> > > >>
> > > >>    what are people using for https support?
> > > >>
> > > >> _,,,^..^,,,_
> > > >> best, Eliot
> > > >>
> > > >>
> > > >>
> > > >>
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
>




Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
Hi Phil,

> On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote:
>
> /usr/lib/i386-linux-gnu/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/libssl.so.1.0.2
> /usr/lib/i386-linux-gnu/libssl.so.1.1
> /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0

Good!
Or not, I'm puzzled ;)
Could you please compile/run a debug-vm? It has some output, maybe it helps :)

Best regards
        -Tobias


>
>
> On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:
>
> Hi Phil,
>
> > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
> >
> > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
>
> can you give me the output of "locate libssl.so"?
>
> Best regards
>         -Tobias
>
> >
> > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil
> > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> > >
> > > Tobias,
> > >
> > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
> >
> > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> > Can you give me the console output with logLeve:1 again?
> >
> > Best regards
> >         -Tobias
> >
> > >
> > > Thanks,
> > > Phil
> > >
> > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil,
> > >
> > >
> > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > > >
> > > > Tobias,
> > > >
> > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > > >
> > > > Here are a few sample urls I was having problems with:
> > > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > > https://blog.keras.io/the-future-of-deep-learning.html
> > > > https://danluu.com/cpu-bugs
> > > >
> > >
> > > Can you try with one of the latest vms?
> > >
> > > https://bintray.com/opensmalltalk/vm/cog/
> > >
> > > Best regards
> > >         -Tobias
> > >
> > > > Thanks,
> > > > Phil
> > > >
> > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > > Hi Phil
> > > >
> > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > > >
> > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > > >
> > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > > >
> > > > Best regard
> > > >         -tobias
> > > >
> > > >
> > > > >
> > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > > >
> > > > > WebClient httpGet: 'https://google.com'
> > > > >
> > > > > Best,
> > > > > Marcel
> > > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > > >>
> > > > >> SqueakSSL
> > > > >>
> > > > >> WebClient httpGet: 'https://www.google.com'
> > > > >>
> > > > >> Ron
> > > > >>
> > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > > >> Hi All,
> > > > >>
> > > > >>    what are people using for https support?
> > > > >>
> > > > >> _,,,^..^,,,_
> > > > >> best, Eliot
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> >
>
>


Reply | Threaded
Open this post in threaded view
|

Re: https

Phil B
I'll give it a shot.  Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break.  Been dealing with this sort of thing since the early 90s on Linux)

On Feb 6, 2018 7:00 PM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil,

> On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote:
>
> /usr/lib/i386-linux-gnu/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/libssl.so.1.0.2
> /usr/lib/i386-linux-gnu/libssl.so.1.1
> /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0

Good!
Or not, I'm puzzled ;)
Could you please compile/run a debug-vm? It has some output, maybe it helps :)

Best regards
        -Tobias


>
>
> On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:
>
> Hi Phil,
>
> > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
> >
> > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
>
> can you give me the output of "locate libssl.so"?
>
> Best regards
>         -Tobias
>
> >
> > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil
> > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> > >
> > > Tobias,
> > >
> > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
> >
> > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> > Can you give me the console output with logLeve:1 again?
> >
> > Best regards
> >         -Tobias
> >
> > >
> > > Thanks,
> > > Phil
> > >
> > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil,
> > >
> > >
> > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > > >
> > > > Tobias,
> > > >
> > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > > >
> > > > Here are a few sample urls I was having problems with:
> > > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > > https://blog.keras.io/the-future-of-deep-learning.html
> > > > https://danluu.com/cpu-bugs
> > > >
> > >
> > > Can you try with one of the latest vms?
> > >
> > > https://bintray.com/opensmalltalk/vm/cog/
> > >
> > > Best regards
> > >         -Tobias
> > >
> > > > Thanks,
> > > > Phil
> > > >
> > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > > Hi Phil
> > > >
> > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > > >
> > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > > >
> > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > > >
> > > > Best regard
> > > >         -tobias
> > > >
> > > >
> > > > >
> > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > > >
> > > > > WebClient httpGet: 'https://google.com'
> > > > >
> > > > > Best,
> > > > > Marcel
> > > > >> Am <a href="tel:22.08.2017%2022" value="+12208201722">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > > >>
> > > > >> SqueakSSL
> > > > >>
> > > > >> WebClient httpGet: 'https://www.google.com'
> > > > >>
> > > > >> Ron
> > > > >>
> > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > > >> Hi All,
> > > > >>
> > > > >>    what are people using for https support?
> > > > >>
> > > > >> _,,,^..^,,,_
> > > > >> best, Eliot
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> >
>
>



Reply | Threaded
Open this post in threaded view
|

Re: https

Ron Teitelbaum
Hi Phil,

There are a few downsides to statically linked.  First crypto errors can't be patched by OS providers.  Statically linking crypto modules could be disastrous for users WHEN crypto bugs are found and can't be easily or quickly patched. Also, there are a number of regulations in the USA that prevent software from exporting crypto.  By leaving the crypto to the OS provider and only looking up crypto modules or dynamically linking you are not exporting crypto.  One can not overstress how much this simplifies deployment.  Having a few issues on deployment is a small price to pay for the benefits we gain.  

All the best,

Ron Teitelbaum

On Tue, Feb 6, 2018 at 7:14 PM, Phil B <[hidden email]> wrote:
I'll give it a shot.  Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break.  Been dealing with this sort of thing since the early 90s on Linux)

On Feb 6, 2018 7:00 PM, "Tobias Pape" <[hidden email]> wrote:
Hi Phil,

> On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote:
>
> /usr/lib/i386-linux-gnu/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/libssl.so.1.0.2
> /usr/lib/i386-linux-gnu/libssl.so.1.1
> /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0
> /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0

Good!
Or not, I'm puzzled ;)
Could you please compile/run a debug-vm? It has some output, maybe it helps :)

Best regards
        -Tobias


>
>
> On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:
>
> Hi Phil,
>
> > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
> >
> > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
>
> can you give me the output of "locate libssl.so"?
>
> Best regards
>         -Tobias
>
> >
> > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> > Hi Phil
> > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> > >
> > > Tobias,
> > >
> > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
> >
> > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> > Can you give me the console output with logLeve:1 again?
> >
> > Best regards
> >         -Tobias
> >
> > >
> > > Thanks,
> > > Phil
> > >
> > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil,
> > >
> > >
> > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > > >
> > > > Tobias,
> > > >
> > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > > >
> > > > Here are a few sample urls I was having problems with:
> > > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > > https://blog.keras.io/the-future-of-deep-learning.html
> > > > https://danluu.com/cpu-bugs
> > > >
> > >
> > > Can you try with one of the latest vms?
> > >
> > > https://bintray.com/opensmalltalk/vm/cog/
> > >
> > > Best regards
> > >         -Tobias
> > >
> > > > Thanks,
> > > > Phil
> > > >
> > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > > Hi Phil
> > > >
> > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > > >
> > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > > >
> > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > > >
> > > > Best regard
> > > >         -tobias
> > > >
> > > >
> > > > >
> > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > > >
> > > > > WebClient httpGet: 'https://google.com'
> > > > >
> > > > > Best,
> > > > > Marcel
> > > > >> Am <a href="tel:22.08.2017%2022" value="+12208201722" target="_blank">22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > > >>
> > > > >> SqueakSSL
> > > > >>
> > > > >> WebClient httpGet: 'https://www.google.com'
> > > > >>
> > > > >> Ron
> > > > >>
> > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > > >> Hi All,
> > > > >>
> > > > >>    what are people using for https support?
> > > > >>
> > > > >> _,,,^..^,,,_
> > > > >> best, Eliot
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> >
>
>







Reply | Threaded
Open this post in threaded view
|

Re: https

Tobias Pape
In reply to this post by Phil B

> On 07.02.2018, at 01:14, Phil B <[hidden email]> wrote:
>
> I'll give it a shot.  Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break.  Been dealing with this sort of thing since the early 90s on Linux)

That's exactly why I made some changes.
SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime...

Best regards
        -Tobias


>
> On Feb 6, 2018 7:00 PM, "Tobias Pape" <[hidden email]> wrote:
> Hi Phil,
>
> > On 07.02.2018, at 00:50, Phil B <[hidden email]> wrote:
> >
> > /usr/lib/i386-linux-gnu/libssl.so.1.0.0
> > /usr/lib/i386-linux-gnu/libssl.so.1.0.2
> > /usr/lib/i386-linux-gnu/libssl.so.1.1
> > /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0
> > /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
>
> Good!
> Or not, I'm puzzled ;)
> Could you please compile/run a debug-vm? It has some output, maybe it helps :)
>
> Best regards
>         -Tobias
>
>
> >
> >
> > On Feb 6, 2018 5:56 PM, "Tobias Pape" <[hidden email]> wrote:
> >
> > Hi Phil,
> >
> > > On 06.02.2018, at 23:49, Phil B <[hidden email]> wrote:
> > >
> > > It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output.  I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working).  When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
> >
> > can you give me the output of "locate libssl.so"?
> >
> > Best regards
> >         -Tobias
> >
> > >
> > > On Feb 6, 2018 4:43 PM, "Tobias Pape" <[hidden email]> wrote:
> > > Hi Phil
> > > > On 06.02.2018, at 22:26, Phil B <[hidden email]> wrote:
> > > >
> > > > Tobias,
> > > >
> > > > I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed.  (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable.  Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable.  I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
> > >
> > > I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work.
> > > Can you give me the console output with logLeve:1 again?
> > >
> > > Best regards
> > >         -Tobias
> > >
> > > >
> > > > Thanks,
> > > > Phil
> > > >
> > > > On Feb 1, 2018 1:51 PM, "Tobias Pape" <[hidden email]> wrote:
> > > > Hi Phil,
> > > >
> > > >
> > > > > On 22.12.2017, at 21:29, Phil B <[hidden email]> wrote:
> > > > >
> > > > > Tobias,
> > > > >
> > > > > I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
> > > > >
> > > > > Here are a few sample urls I was having problems with:
> > > > > https://blog.jessfraz.com/post/containers-zones-jails-vms
> > > > > https://blog.keras.io/the-future-of-deep-learning.html
> > > > > https://danluu.com/cpu-bugs
> > > > >
> > > >
> > > > Can you try with one of the latest vms?
> > > >
> > > > https://bintray.com/opensmalltalk/vm/cog/
> > > >
> > > > Best regards
> > > >         -Tobias
> > > >
> > > > > Thanks,
> > > > > Phil
> > > > >
> > > > > On Aug 29, 2017 5:49 AM, "Tobias Pape" <[hidden email]> wrote:
> > > > > Hi Phil
> > > > >
> > > > > > On 24.08.2017, at 22:30, Phil B <[hidden email]> wrote:
> > > > > >
> > > > > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin.  Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
> > > > >
> > > > > can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
> > > > >
> > > > > Best regard
> > > > >         -tobias
> > > > >
> > > > >
> > > > > >
> > > > > > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <[hidden email]> wrote:
> > > > > > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > > > > >
> > > > > > WebClient httpGet: 'https://google.com'
> > > > > >
> > > > > > Best,
> > > > > > Marcel
> > > > > >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <[hidden email]>:
> > > > > >>
> > > > > >> SqueakSSL
> > > > > >>
> > > > > >> WebClient httpGet: 'https://www.google.com'
> > > > > >>
> > > > > >> Ron
> > > > > >>
> > > > > >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <[hidden email]> wrote:
> > > > > >> Hi All,
> > > > > >>
> > > > > >>    what are people using for https support?
> > > > > >>
> > > > > >> _,,,^..^,,,_
> > > > > >> best, Eliot
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> >
>


12