Hi,
> Am 12.01.2016 um 16:25 schrieb Sven Van Caekenberghe <s...@stfx.eu>:
>
> Given a ZdcSecureSocketStream you can access the #sslSession. In this session
> object you can use #certificateName: to set the path or name of the
> certificate (before you #connect !). That is the general idea.
>
> Now, I don't know if this works or not. Be prepared to look in the plugin C
> code! On Linux this will probably work.
>
> And please let us know how it goes ;-)
>
I spend some time yesterday trying it. With a linux installation I could issue
a client connection and that didn't throw an error. Then Holger was really
helpful with Mac OS. He just compiled the Mac plugin using the unix openssl
sources. I just copied that in the VM folder and then I could do the same on my
Mac. I tried to send a push message via apples push server using:
| deviceId payload ip stream notification |
payload := '{
"aps" : {
"alert" : "Pharo finally got it!"
}
}'.
deviceId := 'XXX'.
notification := ByteArray streamContents: [ :str |
str
nextPut: 1;
nextPutAll: (1 asPaddedByteArray: 4);
nextPutAll: ((DateAndTime now + 1 day) asUTC asUnixTime
asByteArray);
nextPutAll: (32 asPaddedByteArray: 2);
nextPutAll: (ByteArray readHexFrom: deviceId);
nextPutAll: (payload size asPaddedByteArray: 2);
nextPutAll: payload asByteArray ].
ip := NetNameResolver addressForName: 'gateway.push.apple.com' timeout: 30.
stream := ZdcSecureSocketStream
openConnectionToHost: ip
port: 2195
timeout: 30.
stream
binary;
shouldSignal: true;
autoFlush: false;
bufferSize: 4096;
timeout: 30.
stream sslSession
enableLogging;
certificateName: '/Users/norbert/multiprod.pem'.
stream
connect;
nextPutAll: notification;
flush;
close.
That is working and I receive the message on my phone. So basically the client
certificate stuff seems to work. The awkward thing about it is that you have to
specify a filename for the cert. I have the certificates in a database and
writing a file everytime I want to send something is not that good. Especially
not if there are concurrent requests for sending messages.
There is one constraint for this to work. You specify a filename for
certificate. In the file you need to have certificate and key. The plugin reads
both from the same file. There is no code for specifying a CA chain. So this is
resolved system wide and that means you need to install every CA for your
certificate in the system.
Norbert
>> On 12 Jan 2016, at 16:05, Norbert Hartl <norb...@hartl.name> wrote:
>>
>> Is there a way to make SSL connections to the outside world using client
>> certificates from pharo?
>>
>> thanks,
>>
>> Norbert
>>
>>
>>
>
>
