CloudforkSSO on Pharo with stunnel

The latest version of CloudforkSSO (version 1.1.0) on Pharo uses the Zinc-HTTP library. This library contains a good http client. Actually it contains multiple http clients, depending on your requirements you can pick one of them.

One feature Zinc-HTTP doesn’t support (yet?) is secure http. Most of the OAuth and OpenID providers require https connections so this is a problem. There is a good workaround for this: you can use stunnel to handle the https protocol.

I used the following stunnel.conf on OS X:

; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; security enhancements for UNIX systems
; for chroot a copy of some devices and files is needed within the jail
chroot = /opt/local/var/lib/stunnel/
setuid = nobody
setgid = nogroup
; PID is created inside the chroot jail
pid = /

; performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

CAfile = /opt/local/etc/stunnel/cacert.pem

; SSL client mode
client = yes

accept =
connect =

accept =
connect =

accept =
connect =

The cacert.pem file is required to validate the server certificates. I downloaded a version from

Now the Smalltalk side of things:

Load the latest CloudforkSSO version:

Gofer new
	squeaksource: 'Cloudfork'; 
	package: 'ConfigurationOfCloudforkSSO';
(Smalltalk at: #ConfigurationOfCloudforkSSO) project latestVersion load: 'Tests'

Instruct CloudforkSSO to use the tunnels for the secure hosts:

	self default httpClient: ((CFHttpClientTunnelAccess new)
		client: CFHttpClientZincAccess new ;
		tunnel: '' through: 'localhost:20011' ;
		tunnel: '' through: 'localhost:20012' ;
		tunnel: '' through: 'localhost:20013' ;
		tunnel: '' through: 'localhost:20014' ;
		tunnel: '' through: 'localhost:20015' ;
		yourself )

Also see the example CFServicePharoUtils class>>setupHttpsTunnels. You can test the connection:

CFPlatformServiceUtils default httpClient httpGet: ''

The demo application at is also using stunnel.

Note that there are alternatives for stunnel. One of them is described here.

Explore posts in the same categories: Cloudfork

Tags: , , , ,

Both comments and pings are currently closed.

One Comment on “CloudforkSSO on Pharo with stunnel”

  1. Just a small clarification that self in:

    self default httpClient: ((CFHttpClientTunnelAccess new) …

    should be: CFPlatformServiceUtils

Comments are closed.


Get every new post delivered to your Inbox.

%d bloggers like this: