Smalltalk › Squeak › Squeak - Dev

[squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...)

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

peportier

[squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...)

Hi!
I try to connect to SSL + Basic HTTP Auth sites, for example : https://mail.google.com or https://api.del.icio.us
When I try :

| conn |
conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'mail.google.com') port: 443

I obtain a socket with state: SSLConnectionClosed.
With sites that do not require HTTP Basic authentication :

| conn |
conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'www.usaa.com') port: 443

I obtain a SSLSocket with state: SSLConnectionConnected.
But don't we need an open socket in order to send the request with the authentication data in the header ?

In fact, inside the HttpsSocket>>httpsGetDocumentFromUrl: url args: args accept: mimeType request: requestString we find:

sock := HttpsSocket new.
        sock connectTo: serverAddr port: connectToPort.
        (sock waitForConnectionUntil: (Time millisecondClockValue + (10000) truncated)) ifTrue: [
            sock sendCommand: 'GET ', page, ' HTTP/1.0', String crlf,
                (mimeType ifNotNil: ['ACCEPT: ', mimeType, String crlf] ifNil: ['']),
                'ACCEPT: text/html', String crlf,    "Always accept plain text"
                requestString,    "extra user request. Authorization"
                'Host: ', serverName, ':', port printString, String crlf.
etc.etc.
with the possibility to put the authentication header inside the requestString.

Has someone any idea how to solve this problem?

Thank you.

pep

Simon Kirk-4

Re: [squeak-dev] SSLSocket and basic http auth (api.del.icio.us or mail.google.com or ...)

I hate to say it but I'm getting even worse behaviour. For HTTPS sites that don't require HTTP auth at all, they also fail.

For instance:

'https://www.amazon.com' asUrl retrieveContents content

Printit yields: 'error occured retrieving https://www.amazon.com/: Server www.amazon.com is not responding'

Ditto for lots of other sites, such as Google.

Interestingly, it still works for *some* of the examples from the SSL Workspace provided with the SSL package (https://investing.schwab.com/ and 'https://www.usaa.com') but not others.

This implies some sort of cipher or protocol the SSL suite doesn't support.

This is pretty bad for us, as we need to do some stuff for a client that involves XML-RPC calls to an SSL server, which I've just discovered doesn't work with the SSL package :(

Cheers,

Simon

On 20 Feb 2009, at 12:57, Pierre-Edouard PORTIER wrote:

Hi!
I try to connect to SSL + Basic HTTP Auth sites, for example : https://mail.google.com or https://api.del.icio.us
When I try :

| conn |
conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'mail.google.com') port: 443

I obtain a socket with state: SSLConnectionClosed.
With sites that do not require HTTP Basic authentication :

| conn |
conn := SSLSocket newConnectionAddress: (NetNameResolver addressForName: 'www.usaa.com') port: 443

I obtain a SSLSocket with state: SSLConnectionConnected.
But don't we need an open socket in order to send the request with the authentication data in the header ?

In fact, inside the HttpsSocket>>httpsGetDocumentFromUrl: url args: args accept: mimeType request: requestString we find:

sock := HttpsSocket new.
        sock connectTo: serverAddr port: connectToPort.
        (sock waitForConnectionUntil: (Time millisecondClockValue + (10000) truncated)) ifTrue: [
            sock sendCommand: 'GET ', page, ' HTTP/1.0', String crlf,
                (mimeType ifNotNil: ['ACCEPT: ', mimeType, String crlf] ifNil: ['']),
                'ACCEPT: text/html', String crlf,    "Always accept plain text"
                requestString,    "extra user request. Authorization"
                'Host: ', serverName, ':', port printString, String crlf.
etc.etc.
with the possibility to put the authentication header inside the requestString.

Has someone any idea how to solve this problem?

Thank you.

pep

Click here to report this email as spam.

ü Consider your responsibility to the environment - think before you print!

*******************************************************************************************************************************************

This email is from Pinesoft Limited. Its contents are confidential to the intended recipient(s) at the email address(es) to which it has been addressed. It may not be disclosed to or used by anyone other than the addressee(s), nor may it be copied in anyway. If received in error, please contact the sender, then delete it from your system. Although this email and attachments are believed to be free of virus, or any other defect which might affect any computer or IT system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by Pinesoft for any loss or damage arising in any way from receipt or use thereof.

*******************************************************************************************************************************************

Pinesoft Limited are registered in England, Registered number: 2914825. Registered office: 266-268 High Street, Waltham Cross, Herts, EN8 7EA