> On 15 Jan 2016, at 15:09, Sven Van Caekenberghe <s...@stfx.eu> wrote:
>
> Wow, thanks for sharing!
>
> Please, please, Holger, share the new Mac SSL Plugin somewhere so that we can
> test it too. (Next step is to push this change upstream in the VM).
Norbert, Holger,
I think an SSL Plugin for OS X based on the OpenSSL code for (L|U)nix is *very*
important.
Could you please share it, just for testing, please, please ?
Thx,
Sven
>> On 15 Jan 2016, at 14:49, Norbert Hartl <norb...@hartl.name> wrote:
>>
>> Hi,
>>
>>> Am 12.01.2016 um 16:25 schrieb Sven Van Caekenberghe <s...@stfx.eu>:
>>>
>>> Given a ZdcSecureSocketStream you can access the #sslSession. In this
>>> session object you can use #certificateName: to set the path or name of the
>>> certificate (before you #connect !). That is the general idea.
>>>
>>> Now, I don't know if this works or not. Be prepared to look in the plugin C
>>> code! On Linux this will probably work.
>>>
>>> And please let us know how it goes ;-)
>>>
>> I spend some time yesterday trying it. With a linux installation I could
>> issue a client connection and that didn't throw an error. Then Holger was
>> really helpful with Mac OS. He just compiled the Mac plugin using the unix
>> openssl sources. I just copied that in the VM folder and then I could do the
>> same on my Mac. I tried to send a push message via apples push server using:
>>
>> | deviceId payload ip stream notification |
>> payload := '{
>> "aps" : {
>> "alert" : "Pharo finally got it!"
>> }
>> }'.
>> deviceId := 'XXX'.
>>
>> notification := ByteArray streamContents: [ :str |
>> str
>> nextPut: 1;
>> nextPutAll: (1 asPaddedByteArray: 4);
>> nextPutAll: ((DateAndTime now + 1 day) asUTC asUnixTime
>> asByteArray);
>> nextPutAll: (32 asPaddedByteArray: 2);
>> nextPutAll: (ByteArray readHexFrom: deviceId);
>> nextPutAll: (payload size asPaddedByteArray: 2);
>> nextPutAll: payload asByteArray ].
>>
>> ip := NetNameResolver addressForName: 'gateway.push.apple.com' timeout: 30.
>> stream := ZdcSecureSocketStream
>> openConnectionToHost: ip
>> port: 2195
>> timeout: 30.
>> stream
>> binary;
>> shouldSignal: true;
>> autoFlush: false;
>> bufferSize: 4096;
>> timeout: 30.
>> stream sslSession
>> enableLogging;
>> certificateName: '/Users/norbert/multiprod.pem'.
>> stream
>> connect;
>> nextPutAll: notification;
>> flush;
>> close.
>>
>> That is working and I receive the message on my phone. So basically the
>> client certificate stuff seems to work. The awkward thing about it is that
>> you have to specify a filename for the cert. I have the certificates in a
>> database and writing a file everytime I want to send something is not that
>> good. Especially not if there are concurrent requests for sending messages.
>>
>> There is one constraint for this to work. You specify a filename for
>> certificate. In the file you need to have certificate and key. The plugin
>> reads both from the same file. There is no code for specifying a CA chain.
>> So this is resolved system wide and that means you need to install every CA
>> for your certificate in the system.
>>
>> Norbert
>>
>>>> On 12 Jan 2016, at 16:05, Norbert Hartl <norb...@hartl.name> wrote:
>>>>
>>>> Is there a way to make SSL connections to the outside world using client
>>>> certificates from pharo?
>>>>
>>>> thanks,
>>>>
>>>> Norbert
>
