Hi Julián,

Although we have TLS/SSL support (in the form of Zodiac, Zinc is just a user 
offering HTTP(S) on top), it is currently all dependent on a plugin that is 
different on all platforms and mostly lacks support for certificates.

It is what it is.

I know that some developers are working on these issues, but I won't / can't 
say more as this is all very early days.


> On 11 Jul 2018, at 01:28, Julián Maestri <serp...@gmail.com> wrote:
> tl;dr
> Querying an HTTPS site with a self signed certificate does not fail / raise 
> an exception (and it should).
> Long:
> I'm trying to use client and server HTTPS validation with Zinc on Pharo.
> I prepared: a self signed CA certificate, and server and client certificates 
> signed by the same CA.
> I set up an Apache server with a site over HTTPS requiring client 
> authentication. This worked (had to install the client certificate on my 
> browser to access the site).
> After some failed attempts, i found this link which was very helpful and 
> successfully managed to authenticate a ZnClient with the Apache Server.
> This is the small snippet, only configuring the full path to the client 
> certificate is enough (getting the right format for the pem file is another 
> thing, it must have both certificate and key inside).
> | result |
> Transcript clear.
> result := ZnClient new
>   certificate: 'certs/client.pem' asFileReference asAbsolute pathString;
>   logToTranscript;
>   url: 'https://my-secure-site';
>   get.
> Transcript crShow: result.
> That worked on linux, windows still fails i don't know why.
> Trying to make it work on linux, i started checking without client 
> authentication, and realized that Zinc was not complaining about the server 
> certificate not known by a trusted CA.
> I changed the server certificate with a new one, self signed to make the case 
> simpler, and Zing still did not complain.
> This is a problem, it should either fail, or let me configure it to fail when 
> the server is not trustworthy.
> I'm not sure if it's Zinc, Zodiac or the SqueakSSL plugin.
> Am i doing anything wrong? Is there a configuration option which i can not 
> find? If necessary, i can (temporarily) set up a public server with a 
> self-signed certificate to help reproduce the case (the server i'm currently 
> using is on a local network).
> PD: Sadly for this particular project (reverse proxy) this would be a no go, 
> i can not use Pharo :(

Reply via email to