Hi Julián, Although we have TLS/SSL support (in the form of Zodiac, Zinc is just a user offering HTTP(S) on top), it is currently all dependent on a plugin that is different on all platforms and mostly lacks support for certificates.
It is what it is. I know that some developers are working on these issues, but I won't / can't say more as this is all very early days. Sven > On 11 Jul 2018, at 01:28, Julián Maestri <serp...@gmail.com> wrote: > > tl;dr > Querying an HTTPS site with a self signed certificate does not fail / raise > an exception (and it should). > > Long: > I'm trying to use client and server HTTPS validation with Zinc on Pharo. > > I prepared: a self signed CA certificate, and server and client certificates > signed by the same CA. > I set up an Apache server with a site over HTTPS requiring client > authentication. This worked (had to install the client certificate on my > browser to access the site). > > After some failed attempts, i found this link which was very helpful and > successfully managed to authenticate a ZnClient with the Apache Server. > > This is the small snippet, only configuring the full path to the client > certificate is enough (getting the right format for the pem file is another > thing, it must have both certificate and key inside). > > | result | > Transcript clear. > result := ZnClient new > certificate: 'certs/client.pem' asFileReference asAbsolute pathString; > logToTranscript; > url: 'https://my-secure-site'; > get. > Transcript crShow: result. > > That worked on linux, windows still fails i don't know why. > > Trying to make it work on linux, i started checking without client > authentication, and realized that Zinc was not complaining about the server > certificate not known by a trusted CA. > I changed the server certificate with a new one, self signed to make the case > simpler, and Zing still did not complain. > > This is a problem, it should either fail, or let me configure it to fail when > the server is not trustworthy. > I'm not sure if it's Zinc, Zodiac or the SqueakSSL plugin. > > Am i doing anything wrong? Is there a configuration option which i can not > find? If necessary, i can (temporarily) set up a public server with a > self-signed certificate to help reproduce the case (the server i'm currently > using is on a local network). > > > > PD: Sadly for this particular project (reverse proxy) this would be a no go, > i can not use Pharo :( >