> Am 12.01.2016 um 16:25 schrieb Sven Van Caekenberghe <s...@stfx.eu>:
>
> Given a ZdcSecureSocketStream you can access the #sslSession. In this session
> object you can use #certificateName: to set the path or name of the
> certificate (before you #connect !). That is the general idea.
>
> Now, I don't know if this works or not. Be prepared to look in the plugin C
> code! On Linux this will probably work.
>
> And please let us know how it goes ;-)
I tried on Mac OS and on Linux but no luck so far. I used
| ip stream |
ip := NetNameResolver addressForName: 'gateway.sandbox.push.apple.com' timeout:
5000.
stream := ZdcSecureSocketStream
openConnectionToHost: ip
port: 2195
timeout: 3000.
stream
binary;
shouldSignal: true;
autoFlush: false;
bufferSize: 16384;
timeout: 5000.
stream sslSession
enableLogging;
certificateName: '/root/my.pem'.
stream connect.
But I get
ConnectionClosed: Connection closed while waiting for data.
This is while doing the SSL handshake. On Linux the log is
qSetStringPropertySSL(1): /root/my.pem
sqConnectSSL: 8a69058
sqConnectSSL: Setting up SSL
sqSetupSSL: setting method
sqSetupSSL: Creating context
sqSetupSSL: setting cipher list
sqSetupSSL: Using cert file /root/my.pem
sqSetupSSL: No root CA given; using default verify paths
sqSetupSSL: Creating SSL
sqSetupSSL: setting bios
sqConnectSSL: Setting connect state
sqConnectSSL: BIO_write 0 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: sqCopyBioSSL
sqCopyBioSSL: 297 bytes pending; buffer size 17408
sqConnectSSL: 8a69058
sqConnectSSL: BIO_write 3143 bytes
sqConnectSSL: SSL_connect
sqConnectSSL: sqCopyBioSSL
sqCopyBioSSL: 2057 bytes pending; buffer size 17408
ConnectionClosed: Connection closed while waiting for data.
[ ConnectionClosed signal: 'Connection closed while waiting for data.' ] in
Socket>>waitForDataFor: in Block: [ ConnectionClosed signal: 'Connection closed
whil...etc...
Socket>>waitForDataFor:ifClosed:ifTimedOut:
Socket>>waitForDataFor:
ZdcSecureSocketStream(ZdcAbstractSocketStream)>>socketWaitForData
ZdcSecureSocketStream>>readEncryptedBytes:startingAt:count:
ZdcSecureSocketStream>>connect
UndefinedObject>>DoIt
I'm not sure what is going on and I believe it is rather hard to figure out
what is the error exactly. Using
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert my.pem
-debug -showcerts -CAfile entrust_2048_ca.cer
it works. I don't know if the missing CA file is the culprit. But I doubt the
squeak SSL code does verifying so it might be something else.
Norbert
>
>> On 12 Jan 2016, at 16:05, Norbert Hartl <norb...@hartl.name> wrote:
>>
>> Is there a way to make SSL connections to the outside world using client
>> certificates from pharo?
>>
>> thanks,
>>
>> Norbert
>>
>>
>>
>
>
