----- Original Message ---- > From: Johannes Beigel <[EMAIL PROTECTED]> > Sent: Tuesday, 16 September, 2008 15:10:05 > > In the apache logs I get a > > PHP Notice: Udefined property: stdClass::$is_cached in > > Collection.body.php on line 638 > > Could you update the Collection extension? The line looks different > now, so the error might be gone. Yes, that has now ceased happening using today's SVN / Hg version's
> > At this point the error message bucks up and I get something useful: > > The POST request to > > https://lightning.eatechnology.com:8443/cgi-bin/mwlib.cgi > > failed (SSL certificate problem, verify that the CA cert is OK. > > Details: error:14090086:SSL > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed). > > which is presumably because the server is on a self-signed > > certificate. Any ideas how to tell the collection extension that the > > certificate is OK (I'm sure I've been here before, but can't find > > anything in the mailing list archive or trac)? > > Seems to be a problem with curl for PHP. You could apply the two lines > from this blog post: > > http://ademar.name/blog/2006/04/curl-ssl-certificate-problem-v.html > > to Collection.body.php where the curl options are set (search for > curl_setopt). I think we shouldn't add this in the official version > though. Fair enough - it is a somewhat odd situation. Adding those lines does indeed work, although at the moment it seems to be somewhat flaky on this slow server - I've had a message about the POST timing out after 3 seconds a couple of times, but if you refresh it then the PDF has in fact been rendered OK. If I worked up a patch against the Collection extension to use $wgCollectionPDFserverCert to specify a .pem file for Curl to use to validate the PDF server would you be interested? If the variable isn't set everything carries on as normal, but people with internal closed wikis (probably quite a lot more than you think) served over https with self-signed certificates can use it to avoid hacking the extension. You could also use it in a paranoid sort of way if you knew which root certificate signed your server to exclude all the other root certs .... Richard --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "mwlib" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/mwlib?hl=en -~----------~----~----~----~------~----~------~--~---
