Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com [https://www.google.com/]'
Best, Marcel Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com: SqueakSSL
WebClient httpGet: 'https://www.google.com [https://www.google.com]'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <eliot.miranda@gmail.com [mailto:eliot.miranda@gmail.com]> wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_
best, Eliot
To get around the incomplete SAN support, one of my applications actually calls out to curl via OSProcess.
On Wed, Aug 23, 2017 at 1:37 AM, Marcel Taeumel marcel.taeumel@hpi.de wrote:
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote:
Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com https://www.google.com/'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com: SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Hi Tobias,
Sure... I'm currently running on Debian 9 stable (x86 32- and 64-bit, ARM 32-bit) but have been experiencing this at least since Debian 8. I run a variety of VMs from the release Squeak VM (through 5.1), the Spur builds on bintray (I think the latest I've tried were dated 6/16/2017) as well as my own VM builds but confess that I haven't been paying much attention to whether or not I'm seeing issues more/less in one VM/plugin version or another as this issue has been creeping up/expanding for about 2 years now. I will try to start keeping better track. I haven't yet had the time to dig into it deeply but think it's a combination of issues mostly (entirely?) related to server-side SSL configuration as I've been noticing sites that used to work no longer do and the number of failures seem to have tracked site migrations to https.
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly
accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms,
using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com
wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly
accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms,
using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com
wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
hi Phil
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Thanks for the List, I'll have a look.
In the meantime, could you please:
- run squeak from the terminal - change SqueakSSL>>initialize to the following:
initialize "Initialize the receiver"
handle := self primitiveSSLCreate. self logLevel: 1.
- use webclient to GET one of the URLs.
The stderr will show some information which may be helpful here.
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Tobias,
I did as you suggested and here's the console output for the danluu link:
qConnectSSL: 0x9c6cb50 sqConnectSSL: Setting up SSL sqSetupSSL: setting method sqSetupSSL: Creating context sqSetupSSL: Disabling SSLv2 and SSLv3 sqSetupSSL: setting cipher list sqSetupSSL: No root CA given; using default verify paths sqSetupSSL: Creating SSL sqSetupSSL: setting bios sqConnectSSL: Setting connect state sqConnectSSL: BIO_write 0 bytes sqConnectSSL: SSL_connect sqConnectSSL: sqCopyBioSSL sqCopyBioSSL: 297 bytes pending; buffer size 4096 sqConnectSSL: 0x9c6cb50 sqConnectSSL: BIO_write 7 bytes sqConnectSSL: SSL_connect sqConnectSSL: SSL_connect failed 3075761856:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:757:
Thanks, Phil
On Jan 3, 2018 8:37 AM, "Tobias Pape" Das.Linux@gmx.de wrote:
hi Phil
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I
downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Thanks for the List, I'll have a look.
In the meantime, could you please:
- run squeak from the terminal - change SqueakSSL>>initialize to the following:
initialize "Initialize the receiver"
handle := self primitiveSSLCreate. self logLevel: 1.
- use webclient to GET one of the URLs.
The stderr will show some information which may be helpful here.
Best regards -Tobias
Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I
downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly
accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd
really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de
wrote:
Note that due to incomplete or missing SAN support on some platforms,
using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I
downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly
accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using?
I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de
wrote:
Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I
downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using?
I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de
wrote:
Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel
Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com:
SqueakSSL
WebClient httpGet: 'https://www.google.com'
Ron
On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: Hi All,
what are people using for https support?
_,,,^..^,,,_ best, Eliot
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so
I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are
using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de
wrote:
Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel > Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <ron@usmedrec.com
:
> > SqueakSSL > > WebClient httpGet: 'https://www.google.com' > > Ron > > On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
> Hi All, > > what are people using for https support? > > _,,,^..^,,,_ > best, Eliot > > > >
Hi Phil,
There are a few downsides to statically linked. First crypto errors can't be patched by OS providers. Statically linking crypto modules could be disastrous for users WHEN crypto bugs are found and can't be easily or quickly patched. Also, there are a number of regulations in the USA that prevent software from exporting crypto. By leaving the crypto to the OS provider and only looking up crypto modules or dynamically linking you are not exporting crypto. One can not overstress how much this simplifies deployment. Having a few issues on deployment is a small price to pay for the benefits we gain.
All the best,
Ron Teitelbaum
On Tue, Feb 6, 2018 at 7:14 PM, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue
so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
> On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote: > > Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are
using? I'd really like to get rid of those -5's :)
Best regard -tobias
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <
marcel.taeumel@hpi.de> wrote:
> Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > WebClient httpGet: 'https://google.com' > > Best, > Marcel >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <
ron@usmedrec.com>:
>> >> SqueakSSL >> >> WebClient httpGet: 'https://www.google.com' >> >> Ron >> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
>> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> >> > > > > >
Ron,
I appreciate the arguments pro and con of static vs dynamic linking. Unfortunately, the reality on Linux (due to that bazaar nature of distros and their library versions) is that it doesn't tend to work out all that well for out-of-distro/non-local builds. Re: the legal situation, is there any recent (i.e. last 10 years) legal advice indicating that this is still an issue?
Anyway, seeing how I am yet again having library problems with bintray builds, I would disagree with the whole simplifies deployment argument...
(Sorry to be so grumpy on this issue but my experience on Linux with out of distro / non-local builds tells me over the course of decades that the 'shared libraries for everything' mantra for separately distributed builds is wrong)
Phil
On Feb 6, 2018 7:24 PM, "Ron Teitelbaum" ron@usmedrec.com wrote:
Hi Phil,
There are a few downsides to statically linked. First crypto errors can't be patched by OS providers. Statically linking crypto modules could be disastrous for users WHEN crypto bugs are found and can't be easily or quickly patched. Also, there are a number of regulations in the USA that prevent software from exporting crypto. By leaving the crypto to the OS provider and only looking up crypto modules or dynamically linking you are not exporting crypto. One can not overstress how much this simplifies deployment. Having a few issues on deployment is a small price to pay for the benefits we gain.
All the best,
Ron Teitelbaum
On Tue, Feb 6, 2018 at 7:14 PM, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue
so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
> On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote: > > Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are
using? I'd really like to get rid of those -5's :)
Best regard -tobias
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <
marcel.taeumel@hpi.de> wrote:
> Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > WebClient httpGet: 'https://google.com' > > Best, > Marcel >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <
ron@usmedrec.com>:
>> >> SqueakSSL >> >> WebClient httpGet: 'https://www.google.com' >> >> Ron >> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
>> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> >> > > > > >
On 07.02.2018, at 01:14, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
That's exactly why I made some changes. SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime...
Best regards -Tobias
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel > Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com: > > SqueakSSL > > WebClient httpGet: 'https://www.google.com' > > Ron > > On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: > Hi All, > > what are people using for https support? > > _,,,^..^,,,_ > best, Eliot > > > >
Ah, so there's probably something just different enough re: Debian vs Ubuntu (I presume) these days to throw a wrench into the works with the new approach. I'll do some poking around.
On Feb 6, 2018 7:28 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
On 07.02.2018, at 01:14, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an
SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
That's exactly why I made some changes. SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime...
Best regards -Tobias
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it
helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate
failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue
so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote:
Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are
using? I'd really like to get rid of those -5's :)
Best regard -tobias
On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de
wrote:
Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
WebClient httpGet: 'https://google.com'
Best, Marcel > Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <ron@usmedrec.com
:
> > SqueakSSL > > WebClient httpGet: 'https://www.google.com' > > Ron > > On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
> Hi All, > > what are people using for https support? > > _,,,^..^,,,_ > best, Eliot > > > >
Tobias,
Building no longer works for me either...
When running build.linux64x64/squeak.cog.spur/build/mvm (with libssl-dev 1.1.0f-3 installed) I get the following:
In file included from /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:4:0: /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c: In function 'sqVerifyNameInner': /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:120:45: warning: implicit declaration of function 'CHECKED_STACK_OF' [-Wimplicit-function-declaration] #define sqo_SKM_sk_num(type, st) sqo_sk_num(CHECKED_STACK_OF(type, st)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:124:37: note: in expansion of macro 'sqo_SKM_sk_num' #define sqo_sk_GENERAL_NAME_num(st) sqo_SKM_sk_num(GENERAL_NAME, (st)) ^~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:107:18: note: in expansion of macro 'sqo_sk_GENERAL_NAME_num' int sANCount = sqo_sk_GENERAL_NAME_num(sANs); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:124:52: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_num(st) sqo_SKM_sk_num(GENERAL_NAME, (st)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:120:62: note: in definition of macro 'sqo_SKM_sk_num' #define sqo_SKM_sk_num(type, st) sqo_sk_num(CHECKED_STACK_OF(type, st)) ^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:107:18: note: in expansion of macro 'sqo_sk_GENERAL_NAME_num' int sANCount = sqo_sk_GENERAL_NAME_num(sANs); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:125:59: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_value(st, i) sqo_SKM_sk_value(GENERAL_NAME, (st), (i)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:121:77: note: in definition of macro 'sqo_SKM_sk_value' #define sqo_SKM_sk_value(type, st,i) ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i))
^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:109:30: note: in expansion of macro 'sqo_sk_GENERAL_NAME_value' const GENERAL_NAME* sAN = sqo_sk_GENERAL_NAME_value(sANs, i); ^~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:73: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:83: note: in definition of macro 'sqo_SKM_sk_pop_free' #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:94: warning: implicit declaration of function 'CHECKED_SK_FREE_FUNC' [-Wimplicit-function-declaration] #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:53: note: in expansion of macro 'sqo_SKM_sk_pop_free' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:73: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:115: note: in definition of macro 'sqo_SKM_sk_pop_free' #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c: In function 'sqSetupSSL': /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:119:64: error: 'SSL_CTRL_OPTIONS' undeclared (first use in this function) #define sqo_SSL_CTX_set_options(ctx,op) sqo_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:235:2: note: in expansion of macro 'sqo_SSL_CTX_set_options' sqo_SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:119:64: note: each undeclared identifier is reported only once for each function it appears in #define sqo_SSL_CTX_set_options(ctx,op) sqo_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:235:2: note: in expansion of macro 'sqo_SSL_CTX_set_options' sqo_SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ^~~~~~~~~~~~~~~~~~~~~~~ Makefile:193: recipe for target 'sqUnixOpenSSL.lo' failed make[1]: *** [sqUnixOpenSSL.lo] Error 1 Makefile:546: recipe for target 'SqueakSSL.la' failed make: *** [SqueakSSL.la] Error 2
On Feb 6, 2018 7:28 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
On 07.02.2018, at 01:14, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an
SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
That's exactly why I made some changes. SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime...
Best regards -Tobias
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it
helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in
#primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error:
primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have
libssl:i386 installed, everything should work.
Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue
so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
> On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote: > > Also, if you ignore the name checking of the cert (i.e. just
blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are
using? I'd really like to get rid of those -5's :)
Best regard -tobias
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" <
marcel.taeumel@hpi.de> wrote:
> Note that due to incomplete or missing SAN support on some
platforms, using alternative names can still raise a SqueakSSLCertificateError:
> > WebClient httpGet: 'https://google.com' > > Best, > Marcel >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum <
ron@usmedrec.com>:
>> >> SqueakSSL >> >> WebClient httpGet: 'https://www.google.com' >> >> Ron >> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda <
eliot.miranda@gmail.com> wrote:
>> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> >> > > > > >
Hey Phil
On 12.02.2018, at 18:31, Phil B pbpublist@gmail.com wrote:
Tobias,
Building no longer works for me either...
You are right there, I have _not_ tested the build with openssl 1.1, as I had it nowhere to test.
What happened here is that OpenSSL did a refactoring to a lot of names which I have not yet picked up, sorry.
Travis-CI is used to generate the pre-built binaries, and they use Ubuntu (ie, debian-based) and Debian stable has nothing newer than 1.0.2; actually, on Travis-CI, there is OpenSSL 0.9.8.
I gotta fix that…
BTW: what is your distro?
Best regards -Tobias
When running build.linux64x64/squeak.cog.spur/build/mvm (with libssl-dev 1.1.0f-3 installed) I get the following:
In file included from /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:4:0: /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c: In function 'sqVerifyNameInner': /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:120:45: warning: implicit declaration of function 'CHECKED_STACK_OF' [-Wimplicit-function-declaration] #define sqo_SKM_sk_num(type, st) sqo_sk_num(CHECKED_STACK_OF(type, st)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:124:37: note: in expansion of macro 'sqo_SKM_sk_num' #define sqo_sk_GENERAL_NAME_num(st) sqo_SKM_sk_num(GENERAL_NAME, (st)) ^~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:107:18: note: in expansion of macro 'sqo_sk_GENERAL_NAME_num' int sANCount = sqo_sk_GENERAL_NAME_num(sANs); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:124:52: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_num(st) sqo_SKM_sk_num(GENERAL_NAME, (st)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:120:62: note: in definition of macro 'sqo_SKM_sk_num' #define sqo_SKM_sk_num(type, st) sqo_sk_num(CHECKED_STACK_OF(type, st)) ^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:107:18: note: in expansion of macro 'sqo_sk_GENERAL_NAME_num' int sANCount = sqo_sk_GENERAL_NAME_num(sANs); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:125:59: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_value(st, i) sqo_SKM_sk_value(GENERAL_NAME, (st), (i)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:121:77: note: in definition of macro 'sqo_SKM_sk_value' #define sqo_SKM_sk_value(type, st,i) ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i)) ^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:109:30: note: in expansion of macro 'sqo_sk_GENERAL_NAME_value' const GENERAL_NAME* sAN = sqo_sk_GENERAL_NAME_value(sANs, i); ^~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:73: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:83: note: in definition of macro 'sqo_SKM_sk_pop_free' #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) ^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:94: warning: implicit declaration of function 'CHECKED_SK_FREE_FUNC' [-Wimplicit-function-declaration] #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:53: note: in expansion of macro 'sqo_SKM_sk_pop_free' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:127:73: error: expected expression before 'GENERAL_NAME' #define sqo_sk_GENERAL_NAME_pop_free(st, free_func) sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:123:115: note: in definition of macro 'sqo_SKM_sk_pop_free' #define sqo_SKM_sk_pop_free(type, st, free_func) sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) ^~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:116:3: note: in expansion of macro 'sqo_sk_GENERAL_NAME_pop_free' sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c: In function 'sqSetupSSL': /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:119:64: error: 'SSL_CTRL_OPTIONS' undeclared (first use in this function) #define sqo_SSL_CTX_set_options(ctx,op) sqo_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:235:2: note: in expansion of macro 'sqo_SSL_CTX_set_options' sqo_SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ^~~~~~~~~~~~~~~~~~~~~~~ /sqvm20180210/platforms/unix/plugins/SqueakSSL/openssl_overlay.h:119:64: note: each undeclared identifier is reported only once for each function it appears in #define sqo_SSL_CTX_set_options(ctx,op) sqo_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ^ /sqvm20180210/platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:235:2: note: in expansion of macro 'sqo_SSL_CTX_set_options' sqo_SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); ^~~~~~~~~~~~~~~~~~~~~~~ Makefile:193: recipe for target 'sqUnixOpenSSL.lo' failed make[1]: *** [sqUnixOpenSSL.lo] Error 1 Makefile:546: recipe for target 'SqueakSSL.la' failed make: *** [SqueakSSL.la] Error 2
On Feb 6, 2018 7:28 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
On 07.02.2018, at 01:14, Phil B pbpublist@gmail.com wrote:
I'll give it a shot. Really, I'm not at all surprised to be having an SSL issue on Debian as I previously went over a year not being able to use the builds specifically due to a Ubuntu/Debian SSL lib version incompatibility (I *really* wish the Linux VM builds were statically linked as out of distro shared lib builds are just begging to break. Been dealing with this sort of thing since the early 90s on Linux)
That's exactly why I made some changes. SqueakSSL is now neither statically (I hd that, but there were issues and legal is unclear) nor dynamically linked agains libssl, but rather loads libssl at runtime...
Best regards -Tobias
On Feb 6, 2018 7:00 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 07.02.2018, at 00:50, Phil B pbpublist@gmail.com wrote:
/usr/lib/i386-linux-gnu/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/libssl.so.1.0.2 /usr/lib/i386-linux-gnu/libssl.so.1.1 /usr/lib/i386-linux-gnu/i586/libssl.so.1.0.0 /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
Good! Or not, I'm puzzled ;) Could you please compile/run a debug-vm? It has some output, maybe it helps :)
Best regards -Tobias
On Feb 6, 2018 5:56 PM, "Tobias Pape" Das.Linux@gmx.de wrote:
Hi Phil,
On 06.02.2018, at 23:49, Phil B pbpublist@gmail.com wrote:
It never gets that far (i.e. to log anything): the error occurs in #primitiveSSLCreate and there is no log output. I've confirmed that the plugin exists in the 20180206 VM (and the image appears to be otherwise working). When I switch back to the 20171214 build with the same image, no error loading the plugin (other than the issue we're discussing re: some urls failing with -5)
can you give me the output of "locate libssl.so"?
Best regards -Tobias
On Feb 6, 2018 4:43 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
On 06.02.2018, at 22:26, Phil B pbpublist@gmail.com wrote:
Tobias,
I tried the 32-bit 20180206 build and got Error: primitiveSSLCreate failed. (I'd expect the same result on 64-bit but will give it a shot) This is using Cuis on Debian 9 stable. Assuming there are no image-side changes needed, this is probably be a shared library issue as I've seen this in the past when the VM is built on/for Ubuntu which was using a different SSL lib version than Debian stable. I'll try building a VM and report back the results (it will probably be late this week before I'll have time to get into it)
I have recently changed the SqueakSSL plugin. As long as you have libssl:i386 installed, everything should work. Can you give me the console output with logLeve:1 again?
Best regards -Tobias
Thanks, Phil
On Feb 1, 2018 1:51 PM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil,
On 22.12.2017, at 21:29, Phil B pbpublist@gmail.com wrote:
Tobias,
I saw there was a recent change to the VM related to this issue so I downloaded a recent build from bintray (specifically the cogspurlinuxht 32- and 64-bit builds dated 201712142058) and tried them out on Debian 9. Unfortunately, this didn't seem to change very much for me (the majority of pages I was getting -5 on, I still do)
Here are a few sample urls I was having problems with: https://blog.jessfraz.com/post/containers-zones-jails-vms https://blog.keras.io/the-future-of-deep-learning.html https://danluu.com/cpu-bugs
Can you try with one of the latest vms?
https://bintray.com/opensmalltalk/vm/cog/
Best regards -Tobias
Thanks, Phil
On Aug 29, 2017 5:49 AM, "Tobias Pape" Das.Linux@gmx.de wrote: Hi Phil
> On 24.08.2017, at 22:30, Phil B pbpublist@gmail.com wrote: > > Also, if you ignore the name checking of the cert (i.e. just blindly accept it... dangerous to do with anything important) I've found that you'll often either get a connection timeout or -5 error from the plugin. Not sure if this is specifically related to SAN support (i.e. is there additional negotiation that needs to be done?) or if there are some newer https features that need to be added...
can you tell me your platform and the plugin version you are using? I'd really like to get rid of those -5's :)
Best regard -tobias
> > On Aug 23, 2017 2:37 AM, "Marcel Taeumel" marcel.taeumel@hpi.de wrote: > Note that due to incomplete or missing SAN support on some platforms, using alternative names can still raise a SqueakSSLCertificateError: > > WebClient httpGet: 'https://google.com' > > Best, > Marcel >> Am 22.08.2017 22:14:38 schrieb Ron Teitelbaum ron@usmedrec.com: >> >> SqueakSSL >> >> WebClient httpGet: 'https://www.google.com' >> >> Ron >> >> On Tue, Aug 22, 2017 at 3:09 PM, Eliot Miranda eliot.miranda@gmail.com wrote: >> Hi All, >> >> what are people using for https support? >> >> _,,,^..^,,,_ >> best, Eliot >> >> >> >> > > > > >
squeak-dev@lists.squeakfoundation.org