[Cuis-dev] SSL Tests query

Juan Vuletich juan at jvuletich.org
Tue Oct 27 07:16:52 PDT 2020


On 10/26/2020 7:55 PM, Douglas Brebner via Cuis-dev wrote:
> On 26/10/2020 14:17, Juan Vuletich wrote:
>> I guess that code needs some TLC. Networking is not something I'm 
>> specially into, so I'd really appreciate if you and/or others in the 
>> community fix it.
>>
> Well, I suppose leaping in at the deep end is a way to learn, though 
> I've very little experience at any of this :)

That's the attitude! :)

> So far, I've found the following
>
> 1. Client side TLS works, I can connect to a remote site and receive 
> data. Wireshark shows Cuis to be using TLS 1.3 which is a Very Good 
> Thing. (assuming it's doing it correctly)
>
> 2. The comments and tests seem to say that there is no checking of 
> server TLS certificates on MacOS at all. (No mac so can't test)

If you want specific tests to be done in MacOS64, Ubuntu64, Win64, 
Win32, Win32V3 systems, just give me very detailed instructions and I'll 
run them and tell the results.

> 3. The certificate is definitely expired. It was made to last one year 
> so I suspect it was meant to be replaced yearly.
>
> 4. Squeak has the same certificate and most of the same test failures 
> and no one has apparently noticed.

I'm not sure what would be a sensible strategy here, but I think it 
would be wise to contact interested people in the Squeak and Pharo 
communities. There's no reason for this code to diverge much between 
dialects.

> 5. [bug?] Transcript doesn't accept #crlf though network streams do 
> (Breaks WebClient logging)
>
> 6. [bug] Transcript does not display CRLF in strings properly. The CR 
> is shown as a character, but the following LF does nothing (no new 
> line, text just continues). CRLF is standard line ending for most 
> network protocols.
>
> 7. [bug] CRLF in Workspace shows double spacing (extra lines). Found 
> by printIt on WebClient httpGet:

All these are the result of Cuis switching to lf as the line separator.

(7) To make it easy to spot the different possible line endings, I made 
CR, CRLF, and LF be displayed in three distinctive ways. This actually 
helps you see that you are correctly getting a CRLF, and not just LF by 
mistake, so it is not a bug but a feature.

(5) I understand that CRLF is a standard in networking. Maybe you can 
add #crlf to Transcript as an extension method in the WebClient package?

(6) Additionally, Transcript ignores LF, and shows each entry in a line. 
This is something we might change, though.

> 8. [bug?] Concatenating a String with a SmallInteger works in Squeak 
> but not Cuis. i.e. "'string', 1" fails on Cuis but returns 'string1' 
> on Squeak. (Breaks SqueakSSL checkCert: method)

I'm pretty sure this was not allowed in St-80 or earlier versions of 
Squeak. I don't think I like it. Going in that direction makes me think 
about WatMan https://www.destroyallsoftware.com/talks/wat . I suggest 
modifying the method to call #printString if appropriate.

> 9. Three of the tests ping Google, Yahoo and Facebook. They're just 
> testing TLS connection but I don't like that at all. Also, they 
> receive 403, 400 and timeout errors.
>
> 10. Can we rename the package to Network-TLS? :)
>
>
> I don't know what you want to do with the crlf & concatenation problems.
>

See comments above.

Thanks,

-- 
Juan Vuletich
www.cuis-smalltalk.org
https://github.com/Cuis-Smalltalk/Cuis-Smalltalk-Dev
https://github.com/jvuletich
https://www.linkedin.com/in/juan-vuletich-75611b3
@JuanVuletich



More information about the Cuis-dev mailing list