Re: PicoLisp SSL Problem

2012-02-15 Thread Thorsten
Alexander Burger a...@software-lab.de writes: Hi Alex, https://wiki.picolisp.com I tried it on the wiki with firefox 10, first firefox complains about the self-signed certificate, and then doesn't connect after a security exception has been defined. But I have no idea, what the problem may

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
Hi Henrik, Could it be that they come with new default settings/behavior making them simply reject sites using self signed certs? Thats quite possible. However, I tried to inspect the settings with them on the phone, but nothing showed up. Cheers, - Alex -- UNSUBSCRIBE:

Re: PicoLisp SSL Problem

2012-02-15 Thread Jon Kleiser
Hi Alex, I had no problem connecting to https://wiki.picolisp.com when using Safari 5.1.2 on my Mac, but with Firefox 10.0.1 and Chrome 17.0.963.46 I got connection was reset and got no further. /Jon On 2/15/12 8:00 AM, Alexander Burger wrote: Hi all, since Firefox 10 (Windows) is out,

Re: PicoLisp SSL Problem

2012-02-15 Thread dexen deVries
On Wednesday 15 of February 2012 14:45:00 you wrote: Could it be that they come with new default settings/behavior making them simply reject sites using self signed certs? There are two problems at once: 1) the cert is self-signed, but you can add exception for it and that's OK 2) the cert only

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
On Wed, Feb 15, 2012 at 09:28:23AM +0100, dexen deVries wrote: On Wednesday 15 of February 2012 14:45:00 you wrote: Could it be that they come with new default settings/behavior making them simply reject sites using self signed certs? There are two problems at once: 1) the cert is

Re: PicoLisp SSL Problem

2012-02-15 Thread Henrik Sarvell
So this means, that the certificate isn't sent at all! So earlier versions of for instance FF accepts this fact but with version 10 it's a no go? On Wed, Feb 15, 2012 at 3:47 PM, Alexander Burger a...@software-lab.de wrote: On Wed, Feb 15, 2012 at 09:28:23AM +0100, dexen deVries wrote: On

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
On Wed, Feb 15, 2012 at 09:28:23AM +0100, dexen deVries wrote: Perhaps strangely, in case of wildcard certificates, the important part is the `Certificate Subject Alt Name' field. For example, one of my websites has: DNS Name: *.example.pl DNS Name: example.pl that is, both

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
On Wed, Feb 15, 2012 at 09:47:48AM +0100, Alexander Burger wrote: What I could see was that 'httpGate' does an accept() on the connection, but nothing else. So this means, that the certificate isn't sent at all! Forget that. I traced the wrong process :( The certificate is probably indeed

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
Hi Henrik, So this means, that the certificate isn't sent at all! So earlier versions of for instance FF accepts this fact but with version 10 it's a no go? Sorry, I've just noticed my error (see my other post). I'm not sure what actually happens. Question to those who can reproduce the

Re: PicoLisp SSL Problem

2012-02-15 Thread dexen deVries
On Wednesday 15 of February 2012 11:12:32 you wrote: On Wed, Feb 15, 2012 at 09:47:48AM +0100, Alexander Burger wrote: What I could see was that 'httpGate' does an accept() on the connection, but nothing else. So this means, that the certificate isn't sent at all! Forget that. I

Re: PicoLisp SSL Problem

2012-02-15 Thread Henrik Sarvell
When I install Tamper (google firefox addon tamper) in FF 10 and access the https version of the wiki Tamper reports the request as pending. This seems to indicate that nothing is returned from the server, ie that FF 10 sends something that breaks the SSL handling (and more) server side. On

Re: PicoLisp SSL Problem

2012-02-15 Thread Henrik Sarvell
Yes, if FF blocks the result before Tamper gets to access it then what I said above is not correct, that is the big caveat. On Wed, Feb 15, 2012 at 5:43 PM, dexen deVries dexen.devr...@gmail.com wrote: On Wednesday 15 of February 2012 11:12:32 you wrote: On Wed, Feb 15, 2012 at 09:47:48AM

Re: PicoLisp SSL Problem

2012-02-15 Thread Randall Dow
Look at this: http://forums.mozillazine.org/viewtopic.php?f=38t=2416901 -- Rand On Feb 15, 2012, at 11:52 AM, Henrik Sarvell wrote: Yes, if FF blocks the result before Tamper gets to access it then what I said above is not correct, that is the big caveat. On Wed, Feb 15, 2012 at 5:43

Re: PicoLisp SSL Problem

2012-02-15 Thread Henrik Sarvell
I think the discussion on the aforementioned bugzilla page relates to issues that have nothing to do with web filters and such. The browser behavior has changed it seems. On Wed, Feb 15, 2012 at 6:32 PM, Alexander Burger a...@software-lab.de wrote: Hi Randall,

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
On Wed, Feb 15, 2012 at 06:46:05PM +0700, Henrik Sarvell wrote: I think the discussion on the aforementioned bugzilla page relates to issues that have nothing to do with web filters and such. The browser behavior has changed it seems. I'm wondering whether it might have to do with the

Re: PicoLisp SSL Problem

2012-02-15 Thread José Romero
On Wed, 15 Feb 2012 08:00:10 +0100 Alexander Burger a...@software-lab.de wrote: Hi all, since Firefox 10 (Windows) is out, some of my customers complain that they can't access their PicoLisp applications via SSL any longer. At least one also reports the same for Safari. They can't access

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
Hi José, points to a protocol error, either the browsers are now doing something nonstandard or you cut some corner (or relied on something nonstandard clients used to do) when you implemented the proxy originally and they came back to haunt you. Yeah, that's what I'm suspecting too. But

Re: PicoLisp SSL Problem

2012-02-15 Thread Tamas Herman
beware of tinyproxy. i used it for a while 2-3yrs ago as a regular web proxy but it was very unstable. just put an nginx in reverse proxy mode in front of pil. -- tom -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
Hi Tomas, you could try nginx as Tamas suggested and see if you get the same problem. Tamas Herman hermanta...@gmail.com writes: just put an nginx in reverse proxy mode in front of pil. Yes, but as I tried to explain in my previous mail, it won't work with the application server. It

Re: PicoLisp SSL Problem

2012-02-15 Thread Tomas Hlavaty
Hi Alex, Yes, but as I tried to explain in my previous mail, it won't work with the application server. It depends on 'httpGate' rewriting parts of the HTTP header, and inserting certain PicoLisp-specific new headers, which would not work if 'httpGate' believes to work unencrypted. Perhaps,

Re: PicoLisp SSL Problem

2012-02-15 Thread Alexander Burger
Hi Tomas, as described on that web page, you can configure nginx to set the headers exactly like httpGate! I used it instead of httpGate OK, thanks. Good to know. However, I need to solve the original problem, not have a quick and dirty fix. I can't risk to change a production system where