TCP/IP bounty beta release

If you could describe how Recce is “hit and miss” that would be helpful

Well I think you summed it up later in the post with failure to fetch with parser errors, the read licence error and also corrupted downloads.

Also if I do a search for say “church” in Flicker or Google it comes back with a malformed request error amongst other things and if I try multiple times it will come back OK.

This is of course with AcornSSL 1.04

AcornSSL 1.04

Where did that come from? If it is indeed broken I want to make sure it doesn’t unexpectedly pop up from somewhere. The 1.03 I’ve been using with my applications (one of which uses URL_Fetcher) hasn’t caused any issues so far.

Where did that come from?

As Matthew says RComp and it is the latest ROOL build with updates from the ARM stream.

Ah. OK. Thanks. I could not find it anywhere on the ROOL website, but RComp will have other channels…

Ah. OK. Thanks. I could not find it anywhere on the ROOL website, but RComp will have other channels…

I believe the new SSL is built into the latest betas.

As part of the ROM modules? Could be. I downloaded the beta HardDisc4 image today and it wasn’t there.

As part of the ROM modules?

No it is not in RISC OS 5.26, see here

It will not be in 5.26, as that was before the last AcornSSL beta.
The suggestion was that it may be in the latest 5.27 beta ROMs.

The suggestion was that it may be in the latest 5.27 beta ROMs.

Well it is not, that appears to be an entirely spurious suggestion. It is not in the Titanium OS5.27 (17-Mar-19) nor has it been seen in “Recent changes to cvs”.

This is much better from Doug Webb.

and it is the latest ROOL build with updates from the ARM stream.

And this is where my knowledge of cvs expires, but anyway …

Somewhere on cvs there is an ‘ARM’ stream, or branch?

I did find this which related to a perhaps similar situation.

HTH.

Well it is not, that appears to be an entirely spurious suggestion

I hadn’t gone looking so I assumed the reference, by Steve Reville (IIRC), to “folding it in to the OS” rather than releasing newer versions on a distinct link was a completed action. Shows what you get for assuming.

Somewhere on cvs there is an ‘ARM’ stream, or branch?

I think you’ll find the ARM stream reference is to the original mbed source of the code.

I’ve done some more testing on a RiscPC using AcornSSL 1.04 and RiscOSM/Recce and apart from the invalid licence message that Matthew mentions it fetches the photos. via Flicker well. Google Street view has some issues with faling to decode the jpeg messages which may be the data corruption.

Funningly enough I have more issues fetching photos using RiscOSM/Recce and AcornSSL 1.04 on my ARMX6 with parser errors and binding errors etc.

Reverting to AcornSSL 1.03 in both cases, RiscPC and ARMX6, seems to help.

So it seems that AcornSSL 1.04 does seem to cause some issues but it is not an entirely clear picture.

Perhaps it may be one opf timing and that reflects a differnece between RiscPC and ARMX6

i.e. Module is: AcornSSL 1.04 (26 Jan 2018) mbedTLS 2.16.0

Clearly some one needs to look at the messaging at IP level to see what is going on along with general application level debugging.

Edit: On the RiscPC I tried a Unipod 100Mb link and also a standard 10Mb link and the fetching time is a lot slower than on a ARMX6 for both but the 100Mb link is a bit quicker than the 10Mb. Also the render time on the RiscPC is longer but then again Netsurf may be contrained by the RiscPC.

Module is: AcornSSL 1.04 (26 Jan 2018) mbedTLS 2.16.0

26 Jan 2018 Are you sure about that date?

The last public beta of AcornSSL was
1.03 (28 Dec 2018) mbedTLS 2.16.0

Presumably any problems with that version should be directed to the supplier of that version of the module, as no-one else knows what changes were made. The visible CVS does not have any entries yet for AcornSSL.

26 Jan 2018 Are you sure about that date?

Yep, as i said before AcornSSL 1.04 from RComp in NetFetch5.49 beta.

Has a ROOL details as well:

This module is supplied with permission from
RISC OS Open Ltd.

RISC OS 5 is © Castle Technologies / RISC OS
Developments Ltd and is Apache 2.0 licensed.

I have uploaded a new beta release (beta 3) of NF 5.5 to the location on the coupons supplied with the upgrade. It may improve things, as it makes a few timing changes in NF. I suspect old machines may need to fetch multiple SSL sessions one after the other rather than in all in parallel, but the new version may allow for more pauses/delays etc to occur.

I can’t tell any difference at this end, but then I’ve not had any issues fetching my SSL mail anyway, so that’s not really useful info.

Also, I’d be cautious about recommending anyone go backwards in AcornSSL versions. ROOL have quietly fixed a number of show-stopper issues (eg. sockets blocking and errant behaviours) over time, and I know Hermes has been greatly affected by these during development (ie. the fixes are essential).

What exactly is that supposed to mean? The last version of AcornSSL that was made publicly available is 1.03. If 1.04 (or later) is so much better, then why is it nowhere to be found?

Are you guys really sure that “1.03 was the last version released publicly”? I don’t know where I got 1.04 from, but it wasn’t anywhere special. Probably the current disc image or something. It is possible it was sent to Alan from ROOL, but I’m not 100% sure. Things were a bit rushed before the SW Show.

Are you guys really sure that “1.03 was the last version released publicly”?

Yes, ROOL’s final beta which is 1.03 (28 Dec 2018). There has been nothing since.

Edit – version date corrected.

Are you guys really sure that “1.03 was the last version released publicly”?

From the archive labelled “TCP-IP_Beta6_FINAL” the readme has an MD5 checksum listed:
MD5 (AcornSSL) = be6cda6b964c0cec98af35d9895bec2a
That module is 1.03 (28 Dec 2018) – Note " 28 Dec 2018 " I think David has a typo in his posting

Unless that’s 1.04 with some reported bugs from 1.03 fixed you appear to be supplying people with a largely untested beta.

Interesting that neither a beta of 1.04 appearing in public nor the “we’re going to mark this one as closed and roll it into our ROM builds” reported by Steve Reville has occurred.

David: Thanks for proving my memory wasn’t faulty.

I’ve been trying to be polite. The other versions were, for us, completely unusable. I don’t want to list all the dirty laundry, but we supply what we use / what works. Since the supposedly “tested” (your words) versions had major problems, I think I prefer to supply the version that actually works and fetches my email 20+ times every day. It can only have come from ROOL.

Forgive me that I cannot recall the exact specifics, but I know that until very recently, we were having major trouble with SSL sockets blocking when they shouldn’t (ie. making the machine single-task) and also issues with some socket commands not behaving as expected. These were resolved with updates to AcornSSL in 2019, and I think in 1.04 as opposed to 1.03 looking at the module dates.

Edit – now found it. ROOL issued the update late January when they acknowledged (and fixed) a socket blocking problem. Alan had, by that point re-coded to try and work around the problem, but confirms that 1.04 resolves the issue allowing the original code to work as inteded (and as it does for ordinary sockets).

As far as I’m aware, the only outstanding difficulties are that some socket commands (eg. socket_select, I think) don’t function in quite the same manner as they do for non-SSL sockets, making using AcornSSL not a “drop in” solution (ie. you have to be aware of some subtle differences when dealing with SSL sockets vs ordinary sockets) but these are implementational issues rather than “bugs”, and I suspect that ROOL have better things to do (eg. Git migration)!

The other versions were, for us, completely unusable.

Beta releases, out and about for testing purposes.

Since the supposedly “tested” (your words)

Who said that? Back on March 15th you asked "Has anyone tested AcornSSL “properly” " and between then and now we established that you are the only one with access and no one else had any opportunity to test it, so the answer to your question appears to be “not us, we don’t have a copy”
Various people appear to have been operating under the misapprehension that the people who had tested all the listed beta versions had also tested the 1.04 version.

As far as I’m aware, the only outstanding difficulties are that some socket commands (eg. socket_select, I think) don’t function in quite the same manner as they do for non-SSL sockets, making using AcornSSL not a “drop in” solution (ie. you have to be aware of some subtle differences when dealing with SSL sockets vs ordinary sockets) but these are implementational issues rather than “bugs”, and I suspect that ROOL have better things to do (eg. Git migration)!

Possibly busy with Git work, or waiting for other bug reports to come in other than the one submitted by yourself. At work a singe report tends to get a lower priority than multiple reports, ROOL are probably the same.

The problem there is that until those testers I mentioned earlier (like David and Chris) get hold of a copy of 1.04 to test I think we can say the level of testing is limited and problem reports will be similarly limited.
ROOL mistake basically.

Yes, sorry, I’m rather sensative about this due to the sheer amount of (paid) time that’s gone into all this, so I’d rather like to see it all finished and released (finally!) (smile).

I agree that 1.04 needs to be made available via this thread, and to be honest, I thought it already had been. Obviously I can supply anyone who wants it with a copy for testing purposes, but politically it’d be better if someone from ROOL made the distribution archive (I don’t want to muddy waters further).

Steve

We can either continue a game that you seem to relish of point scoring or take a positive stance and like one or two of us offer support and test things.

I have done that and offered no criticism of either Rool or RComp.

Mistakes happen but we as a community have to understand the difficulties of running an OS with limited resources.

I’m glad we have seen to have got to the bottom of the mystery and hopefully we can get some things sorted on what is a major undertaking.

We can either continue a game that you seem to relish of point scoring or take a positive stance and like one or two of us offer support and test things.

How about:

One – we all get to try/test/use the same module. Clearly there’s a v1.04, which for some reason hasn’t been released (or did I miss it too?). Really, we all ought to be testing the same thing, that’s just a logical statement of fact.

And:

Two – people remember what beta actually implies. It implies that “it’s supposed to work but you’re the guinea pig that tries to break it”. The have been no official stable releases of AcornSSL because, well, because it’s still in beta status at this time. It may suck if you have something commercial and/or important that you want to run with it, but that’s just how it is. It’s a beta, this is a beta test, the proper release will be along when its concluded. If the one you’re using doesn’t work, that’s good too – feed back info so it can get fixed.

ROOL mistake basically.

Perhaps their mistake was in posting a “final” beta? I mean, damn, that’s just tempting fate……. ;-)

Rick,

we all get to try/test/use the same module

people remember what beta actually implies.

All good and valid points and why I was clear where I got my module from and also what testing I was doing and against what criteria.

As I said people make mistakes and I don’t really care who made it the point I was making is that it helps if we can help fix the issue with testing.

Perhaps I was being a bit harsh in my wording but in a small community we should be all helping as much as we can.

Perhaps their mistake was in posting a “final” beta? I mean, damn, that’s just tempting fate……. ;-)

Never a truer word said :-)

Perhaps I was being a bit harsh in my wording

Not particularly. “Yorkshire”¹ is the comment my wife would make.

but in a small community we should be all helping as much as we can.

As Rick pointed out that “FINAL” in the name of beta 1.03 was a kite in a thunderstorm.
However, there is still the issue of circulating beta 1.04 and any subsequent version from an official source.

One item raised by Andrew’s comments is the question of the AcornSSL non-equivalence. Should the attempt be made to make things equivalent, or was the AcornSSL API at odds with the rest of the world?
If it is the latter then people need to be advised on how to alter their code to match.

¹ Straight to the point, no gloss.

Edit: Thinking about it Andrew may have been referencing AcornSSL not being a direct drop in replacement of the R-Comp SSL, in which case it’s just a documentation of the differences that is required.