subject:"\[racket\-users\] HTTPS problem with net\/url"

Re: [racket-users] HTTPS problem with net/url

2016-01-06 Thread Matthew Flatt

Racket is using the too-old version of "libssl.dylib" that is provided
by the OS. The too-old version doesn't work with some servers.

For that server, I get the same error in v6.3. It works for me with the
development version of Racket --- but only because I've been working on
this problem (and related issues) for the past day. The next Racket
snapshot will include its own copy of "libssl.1.0.0dylib" to solve the
problem.

To fix a v6.3 installation, you can download

https://racket-packages.s3-us-west-2.amazonaws.com/pkgs/cfaf0f27a375dbdac2e6f68d3863328b64b84eb2/racket-x86_64-macosx-2.zip

and copy the two ".dylib" files from the "racket" folder into

 /Applications/Racket_v6.3/lib/

Thanks for delaying this question until the first day that I know the
answer!

At Wed, 6 Jan 2016 13:50:51 -0800, David Storrs wrote:
> Hi folks,
> 
> tl;dr:  How do I make HTTPS calls from within Racket?
> 
> Background:
> 
> I co-write a play-by-post RPG (
> https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-narut
> o-quest.24481/
> -- stop by if you're curious; the barrier to entry is low).   The players
> all vote to control a single character, so being able to easily tally the
> votes is a big thing.  As part of my "learning Racket" efforts, I'm writing
> a web spider that will crawl the forum starting from a given location and
> tally up votes.
> 
> In this I have the following method:
> 
> (define (web/call url-string #:method [:method get-pure-port] )
>   (string->xexp
>(call/input-url (string->url url-string)
>(curry :method #:redirections 5)
>port->string)))
> 
> (NB:  That originally hardcoded get-pure-port; I put the keyword in just as
> an exercise, but it wouldn't actually work if you gave it an impure port.
> Will fix when tuits are available.)
> 
> When I do this:
> 
> (define u "
> https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-narut
> o-qu\
> est.24481/page-6")
> 
> (web/call u)
> 
> I get this:
> 
> [dstorrs@MacBook-Pro:~/personal/study/scheme/sv_vote_tally:]$
> racket tallyho.rkt
> racket tallyho.rkt
> ssl-connect: connect failed (error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
>   context...:
>/Applications/Racket_v6.3/collects/openssl/mzssl.rkt:1401:8: loop
>/Applications/Racket_v6.3/collects/openssl/..:261:28
>/Applications/Racket_v6.3/collects/openssl/..:259:25
>/Applications/Racket_v6.3/collects/net/http-client.rkt:224:0
> 
> /Applications/Racket_v6.3/collects/racket/contract/private/arrow-val-first.rkt:
> 324:3
>/Applications/Racket_v6.3/collects/net/url.rkt:77:0:
> http://getpost-impure-port
>/Applications/Racket_v6.3/collects/net/url.rkt:179:2: redirection-loop
>/Applications/Racket_v6.3/collects/net/url.rkt:143:0: getpost-pure-port
>/Applications/Racket_v6.3/collects/net/url.rkt:245:4: call/input-url
>/Users/dstorrs/personal/study/scheme/spider/spider.rkt:204:0: web/call19
>/Users/dstorrs/personal/study/scheme/sv_vote_tally/tallyho.rkt: [running
> body]
> 
> I've just spent a whole lot of time Googling around.  There are a lot of
> tutorials about how to write a web *server* in Racket, and some of those
> touch on SSL and/or HTTPS.  There's not so much for web *clients* though,
> and the actual web-client module doesn't seem to handle HTTPS.
> 
> When I read the docs for net/url I saw this bit:
> 
> Beware: By default, "https" scheme handling does not verify a server’s
> certificate (i.e., it’s equivalent of clicking through a browser’s
> warnings), so communication is safe, but the identity of the server is not
> verified. To validate the server’s certificate, set current-https-protocol
>  .rkt%29._current-https-protocol%29%29>
> to a context created with ssl-make-client-context
>  in..rkt%29._ssl-make-client-context%29%29>,
> and enable certificate validation in the context with ssl-set-verify!
>  in..rkt%29._ssl-set-verify%21%29%29>
> .
> 
> When I look at 'current-https-protocol' I see this:
> 
> Changed in version 6.1 of package base: Added 'tls11 and 'tls12. Changed in
> version 6.1.1.3: Default to new 'auto and disabled SSL 2.0 and 3.0 by
> default.
> 
> So it should be attempting to negotiate the protocol on its own.
> 
> Help me, wisdom of crowds.  What is it that I don't know?
> 
> Dave
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users"

Re: [racket-users] HTTPS problem with net/url

2016-01-06 Thread David Storrs

Wow.  You're fantastic Matthew, thank you.

> Thanks for delaying this question until the first day that I know the
answer!

No problem.  I'm nice like that. ;>

On Wed, Jan 6, 2016 at 2:15 PM, Matthew Flatt  wrote:

> Racket is using the too-old version of "libssl.dylib" that is provided
> by the OS. The too-old version doesn't work with some servers.
>
> For that server, I get the same error in v6.3. It works for me with the
> development version of Racket --- but only because I've been working on
> this problem (and related issues) for the past day. The next Racket
> snapshot will include its own copy of "libssl.1.0.0dylib" to solve the
> problem.
>
> To fix a v6.3 installation, you can download
>
>
> https://racket-packages.s3-us-west-2.amazonaws.com/pkgs/cfaf0f27a375dbdac2e6f68d3863328b64b84eb2/racket-x86_64-macosx-2.zip
>
> and copy the two ".dylib" files from the "racket" folder into
>
>  /Applications/Racket_v6.3/lib/
>
> Thanks for delaying this question until the first day that I know the
> answer!
>
> At Wed, 6 Jan 2016 13:50:51 -0800, David Storrs wrote:
> > Hi folks,
> >
> > tl;dr:  How do I make HTTPS calls from within Racket?
> >
> > Background:
> >
> > I co-write a play-by-post RPG (
> >
> https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-narut
> > o-quest.24481/
> > -- stop by if you're curious; the barrier to entry is low).   The players
> > all vote to control a single character, so being able to easily tally the
> > votes is a big thing.  As part of my "learning Racket" efforts, I'm
> writing
> > a web spider that will crawl the forum starting from a given location and
> > tally up votes.
> >
> > In this I have the following method:
> >
> > (define (web/call url-string #:method [:method get-pure-port] )
> >   (string->xexp
> >(call/input-url (string->url url-string)
> >(curry :method #:redirections 5)
> >port->string)))
> >
> > (NB:  That originally hardcoded get-pure-port; I put the keyword in just
> as
> > an exercise, but it wouldn't actually work if you gave it an impure port.
> > Will fix when tuits are available.)
> >
> > When I do this:
> >
> > (define u "
> >
> https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-narut
> > o-qu\
> > est.24481/page-6")
> >
> > (web/call u)
> >
> > I get this:
> >
> > [dstorrs@MacBook-Pro:~/personal/study/scheme/sv_vote_tally:]$
> > racket tallyho.rkt
> > racket tallyho.rkt
> > ssl-connect: connect failed (error:14077410:SSL
> > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
> >   context...:
> >/Applications/Racket_v6.3/collects/openssl/mzssl.rkt:1401:8: loop
> >/Applications/Racket_v6.3/collects/openssl/..:261:28
> >/Applications/Racket_v6.3/collects/openssl/..:259:25
> >/Applications/Racket_v6.3/collects/net/http-client.rkt:224:0
> >
> >
> /Applications/Racket_v6.3/collects/racket/contract/private/arrow-val-first.rkt:
> > 324:3
> >/Applications/Racket_v6.3/collects/net/url.rkt:77:0:
> > http://getpost-impure-port
> >/Applications/Racket_v6.3/collects/net/url.rkt:179:2: redirection-loop
> >/Applications/Racket_v6.3/collects/net/url.rkt:143:0:
> getpost-pure-port
> >/Applications/Racket_v6.3/collects/net/url.rkt:245:4: call/input-url
> >/Users/dstorrs/personal/study/scheme/spider/spider.rkt:204:0:
> web/call19
> >/Users/dstorrs/personal/study/scheme/sv_vote_tally/tallyho.rkt:
> [running
> > body]
> >
> > I've just spent a whole lot of time Googling around.  There are a lot of
> > tutorials about how to write a web *server* in Racket, and some of those
> > touch on SSL and/or HTTPS.  There's not so much for web *clients* though,
> > and the actual web-client module doesn't seem to handle HTTPS.
> >
> > When I read the docs for net/url I saw this bit:
> >
> > Beware: By default, "https" scheme handling does not verify a server’s
> > certificate (i.e., it’s equivalent of clicking through a browser’s
> > warnings), so communication is safe, but the identity of the server is
> not
> > verified. To validate the server’s certificate, set
> current-https-protocol
> > <
> http://docs.racket-lang.org/net/url.html#%28def._%28%28lib._net%2Furl-connect
> .
> > .rkt%29._current-https-protocol%29%29>
> > to a context created with ssl-make-client-context
> > <
> http://docs.racket-lang.org/openssl/index.html#%28def._%28%28lib._openssl%2Fma
> > in..rkt%29._ssl-make-client-context%29%29>,
> > and enable certificate validation in the context with ssl-set-verify!
> > <
> http://docs.racket-lang.org/openssl/index.html#%28def._%28%28lib._openssl%2Fma
> > in..rkt%29._ssl-set-verify%21%29%29>
> > .
> >
> > When I look at 'current-https-protocol' I see this:
> >
> > Changed in version 6.1 of package base: Added 'tls11 and 'tls12. Changed
> in
> > version 6.1.1.3: Default to new 'auto and disabled SSL 2.0 and 3.0 by
> > default.
> >
> > So it should be attempting to negotiate the protocol on its own.
> >
> >

[racket-users] HTTPS problem with net/url

2016-01-06 Thread David Storrs

Hi folks,

tl;dr:  How do I make HTTPS calls from within Racket?

Background:

I co-write a play-by-post RPG (
https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-naruto-quest.24481/
-- stop by if you're curious; the barrier to entry is low).   The players
all vote to control a single character, so being able to easily tally the
votes is a big thing.  As part of my "learning Racket" efforts, I'm writing
a web spider that will crawl the forum starting from a given location and
tally up votes.

In this I have the following method:

(define (web/call url-string #:method [:method get-pure-port] )
  (string->xexp
   (call/input-url (string->url url-string)
   (curry :method #:redirections 5)
   port->string)))

(NB:  That originally hardcoded get-pure-port; I put the keyword in just as
an exercise, but it wouldn't actually work if you gave it an impure port.
Will fix when tuits are available.)

When I do this:

(define u "
https://forums.sufficientvelocity.com/threads/marked-for-death-a-rational-naruto-qu\
est.24481/page-6")

(web/call u)

I get this:

[dstorrs@MacBook-Pro:~/personal/study/scheme/sv_vote_tally:]$
racket tallyho.rkt
racket tallyho.rkt
ssl-connect: connect failed (error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure)
  context...:
   /Applications/Racket_v6.3/collects/openssl/mzssl.rkt:1401:8: loop
   /Applications/Racket_v6.3/collects/openssl/..:261:28
   /Applications/Racket_v6.3/collects/openssl/..:259:25
   /Applications/Racket_v6.3/collects/net/http-client.rkt:224:0

/Applications/Racket_v6.3/collects/racket/contract/private/arrow-val-first.rkt:324:3
   /Applications/Racket_v6.3/collects/net/url.rkt:77:0:
http://getpost-impure-port
   /Applications/Racket_v6.3/collects/net/url.rkt:179:2: redirection-loop
   /Applications/Racket_v6.3/collects/net/url.rkt:143:0: getpost-pure-port
   /Applications/Racket_v6.3/collects/net/url.rkt:245:4: call/input-url
   /Users/dstorrs/personal/study/scheme/spider/spider.rkt:204:0: web/call19
   /Users/dstorrs/personal/study/scheme/sv_vote_tally/tallyho.rkt: [running
body]

I've just spent a whole lot of time Googling around.  There are a lot of
tutorials about how to write a web *server* in Racket, and some of those
touch on SSL and/or HTTPS.  There's not so much for web *clients* though,
and the actual web-client module doesn't seem to handle HTTPS.

When I read the docs for net/url I saw this bit:

Beware: By default, "https" scheme handling does not verify a server’s
certificate (i.e., it’s equivalent of clicking through a browser’s
warnings), so communication is safe, but the identity of the server is not
verified. To validate the server’s certificate, set current-https-protocol

to a context created with ssl-make-client-context
,
and enable certificate validation in the context with ssl-set-verify!

.

When I look at 'current-https-protocol' I see this:

Changed in version 6.1 of package base: Added 'tls11 and 'tls12. Changed in
version 6.1.1.3: Default to new 'auto and disabled SSL 2.0 and 3.0 by
default.

So it should be attempting to negotiate the protocol on its own.

Help me, wisdom of crowds.  What is it that I don't know?

Dave

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [racket-users] HTTPS problem with net/url

Re: [racket-users] HTTPS problem with net/url

[racket-users] HTTPS problem with net/url

3 matches

Site Navigation

Mail list logo

Footer information