Wow, thanks for sharing!
Please, please, Holger, share the new Mac SSL Plugin somewhere so that we can
test it too. (Next step is to push this change upstream in the VM).
> On 15 Jan 2016, at 14:49, Norbert Hartl <norb...@hartl.name> wrote:
>
> Hi,
>
>> Am 12.01.2016 um 16:25 schrieb Sven Van Caekenberghe <s...@stfx.eu>:
>>
>> Given a ZdcSecureSocketStream you can access the #sslSession. In this
>> session object you can use #certificateName: to set the path or name of the
>> certificate (before you #connect !). That is the general idea.
>>
>> Now, I don't know if this works or not. Be prepared to look in the plugin C
>> code! On Linux this will probably work.
>>
>> And please let us know how it goes ;-)
>>
> I spend some time yesterday trying it. With a linux installation I could
> issue a client connection and that didn't throw an error. Then Holger was
> really helpful with Mac OS. He just compiled the Mac plugin using the unix
> openssl sources. I just copied that in the VM folder and then I could do the
> same on my Mac. I tried to send a push message via apples push server using:
>
> | deviceId payload ip stream notification |
> payload := '{
> "aps" : {
> "alert" : "Pharo finally got it!"
> }
> }'.
> deviceId := 'XXX'.
>
> notification := ByteArray streamContents: [ :str |
> str
> nextPut: 1;
> nextPutAll: (1 asPaddedByteArray: 4);
> nextPutAll: ((DateAndTime now + 1 day) asUTC asUnixTime
> asByteArray);
> nextPutAll: (32 asPaddedByteArray: 2);
> nextPutAll: (ByteArray readHexFrom: deviceId);
> nextPutAll: (payload size asPaddedByteArray: 2);
> nextPutAll: payload asByteArray ].
>
> ip := NetNameResolver addressForName: 'gateway.push.apple.com' timeout: 30.
> stream := ZdcSecureSocketStream
> openConnectionToHost: ip
> port: 2195
> timeout: 30.
> stream
> binary;
> shouldSignal: true;
> autoFlush: false;
> bufferSize: 4096;
> timeout: 30.
> stream sslSession
> enableLogging;
> certificateName: '/Users/norbert/multiprod.pem'.
> stream
> connect;
> nextPutAll: notification;
> flush;
> close.
>
> That is working and I receive the message on my phone. So basically the
> client certificate stuff seems to work. The awkward thing about it is that
> you have to specify a filename for the cert. I have the certificates in a
> database and writing a file everytime I want to send something is not that
> good. Especially not if there are concurrent requests for sending messages.
>
> There is one constraint for this to work. You specify a filename for
> certificate. In the file you need to have certificate and key. The plugin
> reads both from the same file. There is no code for specifying a CA chain. So
> this is resolved system wide and that means you need to install every CA for
> your certificate in the system.
>
> Norbert
>
>>> On 12 Jan 2016, at 16:05, Norbert Hartl <norb...@hartl.name> wrote:
>>>
>>> Is there a way to make SSL connections to the outside world using client
>>> certificates from pharo?
>>>
>>> thanks,
>>>
>>> Norbert
