Bug #4589: [API] Problem connecting using Firefox - Arvados

Actions

Copy link

Bug #4589

closed

[API] Problem connecting using Firefox

Added by Peter Amstutz over 9 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Normal

Assigned To:

Peter Amstutz

Category:

Target version:

2014-12-10 sprint

Story points:

0.5

Description

Firefox 31+ increased SSL certificate checking in a way that seems to silently break on our self-signed development/test certificates. (I thought this was due to MD5 but on further investigation the certs are using either SHA1 or SHA256.)

Figure out what is causing this and adjust certificate generation to fix it.

^^^ This is wrong.

Subtasks 1 (0 open — 1 closed)

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

Description updated (diff)

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

The in the meantime we can use the workaround described here:

http://www-01.ibm.com/support/docview.wss?uid=swg21680147&myns=swglotus&mynp=OCSSKTMJ&mync=R

Actions

Copy link

Updated by Ward Vandewege over 9 years ago

Subject changed from [API] SSL certs used for development/testing should be signed with SHA1 instead of MD5 to [API] SSL certs used for development/testing should be signed with SHA2 instead of MD5

Actions

Copy link

Updated by Ward Vandewege over 9 years ago

Target version changed from Bug Triage to 2014-12-10 sprint

Actions

Copy link

Updated by Ward Vandewege over 9 years ago

Story points set to 0.5

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

Assigned To set to Peter Amstutz

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

Subject changed from [API] SSL certs used for development/testing should be signed with SHA2 instead of MD5 to [API] SSL certs used for development/testing are invalid when used with Firefox
Description updated (diff)

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

This is a Firefox problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1042889

Also I filed a Debian bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770508

It may be best to just wait and see if this gets fixed than fiddle too much with our testing infrastructure.

Actions

Copy link

Updated by Peter Amstutz over 9 years ago

Next step is to try this: https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging

Actions

Copy link

#10

Updated by Peter Amstutz over 9 years ago

As far as I can tell, the problem is simply that Firefox has gotten in its head that connections to localhost:3001 should go into a black hole. Here's the workaround:

cd ~/.mozilla/firefox/xxxxx.default
mv cert8.db cert8.db.old

Actions

Copy link

#11

Updated by Peter Amstutz over 9 years ago

Subject changed from [API] SSL certs used for development/testing are invalid when used with Firefox to [API] Problem connecting using Firefox
Description updated (diff)

See note on Debian bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770508#20

Actions

Copy link

#12