just to explain the change on a meta level: I don't like it either, and
it's definitely not the solution to the problem. But, for the time being,
it's probably better to be able to access web resources than getting a
debugger. On the other hand, it's already as bad for macOS users ;)
Anyhow, I agree that we need to work on a better solution and it's
unfortunate, you didn't integrate your implementation. I'm afraid I don't
have enough time at the moment, but will look into this again at some point
if no one else is quicker...
--
On Thu, Apr 27, 2017 at 7:15 PM Levente Uzonyi
leves@caesar.elte.hu wrote:
> 2 years ago I implented a solution for this problem on Linux (actually
> platforms using OpenSSL), which integrated well with the way SqueakSSL
> worked (and still works)[1].
> There was a plan for a better fix, but as it turned out, that was a
> mistake not to push the changes, because the new plan would require way
> too large effort to be done.
> IMHO, disabling verification is clearly not the solution.
>
> Levente
>
> [1]
http://forum.world.st/SqueakSSL-SAN-certificates-td4828767.html
>
> On Thu, 27 Apr 2017, commits@source.squeak.org wrote:
>
> > A new version of WebClient-Core was added to project The Inbox:
> >
http://source.squeak.org/inbox/WebClient-Core-fn.105.mcz
> >
> > ==================== Summary ====================
> >
> > Name: WebClient-Core-fn.105
> > Author: fn
> > Time: 27 April 2017, 6:32:47.94973 pm
> > UUID: 9d163339-62e5-4248-b3c4-773616160ea0
> > Ancestors: WebClient-Core-jr.104
> >
> > Disable certificate validation on all platforms for the time being. It
> turns out, this does not only probably work on macOS, but also on Windows
> and Linux. The WebClient seems to have problems with some certificates used
> for popular domains, e.g. google.com and github.com. The Zinc library
> does not perform the validation as well at the moment.
> >
> > =============== Diff against WebClient-Core-jr.104 ===============
> >
> > Item was changed:
> > ----- Method: WebClient>>sslConnect (in category 'initialize') -----
> > sslConnect
> > "Do the SSL handshake"
> > "Connect the client to a web server"
> >
> > | sqSSL |
> > proxyServer ifNotNil:[ | resp |
> > "If we have a proxy server, do the proxy connect"
> > resp := self proxyConnect.
> > resp isSuccess ifFalse:[^resp].
> > ].
> >
> > sqSSL := Smalltalk at: #SqueakSSL ifAbsent:[self error: 'SqueakSSL
> is missing'].
> > "Convert the stream to a secure stream"
> > stream := sqSSL secureSocketStream on: stream socket.
> > stream timeout: timeout.
> > self sslConnect: stream to: lastServer.
> > +
> > + "Normally, we would verify the cert now, but this does not work
> properly"
> > + "stream verifyCert: self serverName."
> > +
> > - "And cert verification
> > - (unless on OSX, where this does not work yet)"
> > - WebUtils platformName = 'Mac OS'
> > - ifFalse: [stream verifyCert: self serverName].
> > ^ nil"indicating success"
> > !
>
>