[Cuis-dev] SSL Tests query

Douglas Brebner kirtai+st at gmail.com
Tue Oct 27 08:01:52 PDT 2020


On 27/10/2020 14:16, Juan Vuletich wrote:
> On 10/26/2020 7:55 PM, Douglas Brebner via Cuis-dev wrote:
>> 3. The certificate is definitely expired. It was made to last one 
>> year so I suspect it was meant to be replaced yearly.
>>
>> 4. Squeak has the same certificate and most of the same test failures 
>> and no one has apparently noticed.
>
> I'm not sure what would be a sensible strategy here, but I think it 
> would be wise to contact interested people in the Squeak and Pharo 
> communities. There's no reason for this code to diverge much between 
> dialects.

I wanted to isolate the problem before involving multiple communities. I 
do need to check Pharo though. At first I dismissed it since it uses 
Zinc instead of WebClient but now I realise that this is a problem at 
the TLS level, not HTTPS and they likely use similar code. They might 
already have fixes.

Maybe the Squeak or Pharo people could use their infrastructure to 
automatically generate certificates too.

> (5) I understand that CRLF is a standard in networking. Maybe you can 
> add #crlf to Transcript as an extension method in the WebClient package?
Ok, though I'll probably put it in Network-Kernel instead, so that any 
users of SocketStream or SecureSocketStream can use the same protocol to 
write network strings to Transcript too.
>> 8. [bug?] Concatenating a String with a SmallInteger works in Squeak 
>> but not Cuis. i.e. "'string', 1" fails on Cuis but returns 'string1' 
>> on Squeak. (Breaks SqueakSSL checkCert: method)
>
> I'm pretty sure this was not allowed in St-80 or earlier versions of 
> Squeak. I don't think I like it. Going in that direction makes me 
> think about WatMan https://www.destroyallsoftware.com/talks/wat . I 
> suggest modifying the method to call #printString if appropriate.

Alright.


Thanks :)



More information about the Cuis-dev mailing list