Forgot to mention, this was done in Pharo 6.1 (from zeroconf script). On Windows 7 and Ubuntu 16.04 (32 bit vm)
On 10 July 2018 at 20:28, Julián Maestri <serp...@gmail.com> wrote: > tl;dr > Querying an HTTPS site with a self signed certificate does not fail / > raise an exception (and it should). > > Long: > I'm trying to use client and server HTTPS validation with Zinc on Pharo. > > I prepared: a self signed CA certificate, and server and client > certificates signed by the same CA. > I set up an Apache server with a site over HTTPS requiring client > authentication. This worked (had to install the client certificate on my > browser to access the site). > > After some failed attempts, i found this link > <http://forum.world.st/How-to-use-HTTPS-SSL-with-Zinc-tp4952461p4952507.html> > which was very helpful and successfully managed to authenticate a > *ZnClient* with the Apache Server. > > This is the small snippet, only configuring the full path to the client > certificate is enough (getting the right format for the pem file is another > thing, it must have both certificate and key inside). > > | result | > Transcript clear. > result := ZnClient new > certificate: 'certs/client.pem' asFileReference asAbsolute pathString; > logToTranscript; > url: 'https://my-secure-site'; > get. > Transcript crShow: result. > > That worked on linux, windows still fails i don't know why. > > Trying to make it work on linux, i started checking without client > authentication, and realized that Zinc was not complaining about the server > certificate not known by a trusted CA. > I changed the server certificate with a new one, self signed to make the > case simpler, and Zing still did not complain. > > This is a problem, it should either fail, or let me configure it to fail > when the server is not trustworthy. > I'm not sure if it's Zinc, Zodiac or the SqueakSSL plugin. > > Am i doing anything wrong? Is there a configuration option which i can not > find? If necessary, i can (temporarily) set up a public server with a > self-signed certificate to help reproduce the case (the server i'm > currently using is on a local network). > > > > PD: Sadly for this particular project (reverse proxy) this would be a no > go, i can not use Pharo :( > >
