Last modified: 2014-11-17 20:56:48 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T73797, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 71797 - Crash with HTTPS only Mediawiki instances
Crash with HTTPS only Mediawiki instances
Status: NEW
Product: OCG
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Unprioritized normal
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-08 14:16 UTC by Kelson [Emmanuel Engelhart]
Modified: 2014-11-17 20:56 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kelson [Emmanuel Engelhart] 2014-10-08 14:16:26 UTC 
If you have a HTTPS only instance of Mediawiki, it's not possible to use OCG directly.

You get this error:
error: Error: Hostname/IP doesn't match certificate's altnames
    at SecurePair.<anonymous> (tls.js:1371:23)
    at SecurePair.EventEmitter.emit (events.js:92:17)
    at SecurePair.maybeInitFinished (tls.js:974:10)
    at CleartextStream.read [as _read] (tls.js:462:15)
    at CleartextStream.Readable.read (_stream_readable.js:320:10)
    at EncryptedStream.write [as _write] (tls.js:366:25)
    at doWrite (_stream_writable.js:221:10)
    at writeOrBuffer (_stream_writable.js:211:5)
    at EncryptedStream.Writable.write (_stream_writable.js:180:11)
    at write (_stream_readable.js:583:24) channel=backend.bundler.bin, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, details=undefined
error: Bundling process died with non zero code: 1 channel=backend.bundler.error, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, metabook={

It should be explained how to get rid of this error in the document. I'm not sure this is relevant to take care about this as in 99% of the instances this run on the same machine like MW. Maybe a simple option (activated per default?) should avoid this check.

I have achieved to get ride of this problem by addingprocess.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

PS: This problem is also valid for Parsoid.
Comment 1 Nemo 2014-10-30 08:05:11 UTC 
What's the https domain in question? Are you sure the certificates for it are correct?
Comment 2 C. Scott Ananian 2014-10-30 13:29:37 UTC 
Yeah, this sonuds like your HTTPS certificates are invalid.  That's not a Parsoid/OCG problem.
Comment 3 Kelson [Emmanuel Engelhart] 2014-10-30 14:53:30 UTC 
I know only two people who have tried to installed OCG and both were puzzled by this problem.

We need:
1 - A correct error handling
2 - The solution should be clearly documented somewhere with a step-by-step procedure (In my case, although I have searched, I was not able to find this procedure clearly explained)
3 - Point a link to that solution in the error message
Comment 4 Kelson [Emmanuel Engelhart] 2014-11-17 20:56:48 UTC 
Parsoid has implemented this in a nice way IMO. It's possible to specify in localsettings.js:

	// Require SSL certificates to be valid (default true)
	// Set to false when using self-signed SSL certificates
	parsoidConfig.strictSSL = false;
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links