Bug #4589

[API] Problem connecting using Firefox

Added by Peter Amstutz about 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
12/03/2014
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
0.5

Description

Firefox 31+ increased SSL certificate checking in a way that seems to silently break on our self-signed development/test certificates. (I thought this was due to MD5 but on further investigation the certs are using either SHA1 or SHA256.)

Figure out what is causing this and adjust certificate generation to fix it.

^^^ This is wrong.


Subtasks

Task #4711: Find workaroundResolvedPeter Amstutz

History

#1 Updated by Peter Amstutz about 6 years ago

  • Description updated (diff)

#2 Updated by Peter Amstutz about 6 years ago

The in the meantime we can use the workaround described here:

http://www-01.ibm.com/support/docview.wss?uid=swg21680147&myns=swglotus&mynp=OCSSKTMJ&mync=R

#3 Updated by Ward Vandewege about 6 years ago

  • Subject changed from [API] SSL certs used for development/testing should be signed with SHA1 instead of MD5 to [API] SSL certs used for development/testing should be signed with SHA2 instead of MD5

#4 Updated by Ward Vandewege about 6 years ago

  • Target version changed from Bug Triage to 2014-12-10 sprint

#5 Updated by Ward Vandewege about 6 years ago

  • Story points set to 0.5

#6 Updated by Peter Amstutz about 6 years ago

  • Assigned To set to Peter Amstutz

#7 Updated by Peter Amstutz about 6 years ago

  • Subject changed from [API] SSL certs used for development/testing should be signed with SHA2 instead of MD5 to [API] SSL certs used for development/testing are invalid when used with Firefox
  • Description updated (diff)

#8 Updated by Peter Amstutz about 6 years ago

This is a Firefox problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1042889

Also I filed a Debian bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770508

It may be best to just wait and see if this gets fixed than fiddle too much with our testing infrastructure.

#10 Updated by Peter Amstutz almost 6 years ago

As far as I can tell, the problem is simply that Firefox has gotten in its head that connections to localhost:3001 should go into a black hole. Here's the workaround:

cd ~/.mozilla/firefox/xxxxx.default
mv cert8.db cert8.db.old

#11 Updated by Peter Amstutz almost 6 years ago

  • Subject changed from [API] SSL certs used for development/testing are invalid when used with Firefox to [API] Problem connecting using Firefox
  • Description updated (diff)

#12 Updated by Peter Amstutz almost 6 years ago

Since we have a workaround I'm going to mark this as resolved.

#13 Updated by Peter Amstutz almost 6 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF