On 26 December 2013 14:06, Andrea Pescetti <pesce...@apache.org> wrote:
> On 09/11/2013 Ricardo Berlasso wrote: > >> 2013/11/9 janI >> >>> On 9 November 2013 00:47, Ricardo Berlasso wrote: >>> >>>> Some people get certificate errors on the forums >>>> https://forum.openoffice.org/en/forum/viewtopic.php?f=50&t=65462 >>>> >>> This error should not be random but comes every time a page that contains >>> src= or href= http://xyz is loaded. >>> The error is a serious warning, that the page you are loading contains >>> unsecure content (http://). >>> This is the part I have warned about earlier (and dave f. has taken care >>> of >>> for www). The databases of forum and wiki should be updated (any vm admin >>> can do that), so that all relevant (ref inside forum/wiki) >>> src=http://xyzand href= >>> http://xyz are changed to src=//xyz and href=//xyz. >>> >> Thanks, Jan, now the problem is clear for me. Maybe Imacat can do this DB >> update. >> > > Coming back to this in light of the recent wiki discussion > http://markmail.org/message/22jtkldai7opey2f : for sure Jan is right in > saying that the embedded content (not actually all href link, but the > meaning is clear) should be served via HTTPS. But I see this as a secondary > problem: the root cause is probably at an earlier stage. > > If we take as example the link Ricardo posted > https://forum.openoffice.org/en/forum/viewtopic.php?f=50&t=65462 > all requests needed to render the page are done in HTTPS, I've just > checked. > > So the issue is, again, with the certificate we serve to the client, and > I've managed to get the usual erratic behavior (on one system I get the *. > apache.org certificate and the mismatch warning, on another system I get > the *.openoffice.org certificate and no warning). > > Again, to make it repeatable from a machine others have access to, > pescetti@ooo-wiki2-vm:~$ wget "https://forum.openoffice.org/ > en/forum/viewtopic.php?f=50&t=65462" > ERROR: certificate common name `*.apache.org' doesn't match requested > host name `forum.openoffice.org'. > > I've opened > https://issues.apache.org/jira/browse/INFRA-7131 > to track the problem. > there is a problem, no doubt about it, but the strange thing is that if use your test on minotaur (people), then it works. I am not a certificate specialist (medthomas is the real specialist), but to me it looks as cached certificates (or root path). on ooo-wiki2, I am convinced it is a caching problem, where the wrong certificate is stored. Once medthomas comes back after vacation I will have a talk with him. rgds jan I. > > Regards, > Andrea. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
