Require SSL certificates to be valid; don not allow to use your own certificate
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	• bzimport
	Sep 12 2014, 8:53 AM

Description

Author: vichak

Description:
The error when you use self signed certificate is the following :

Page Fetch failure for "https://myhost/api.php": Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE

DoesNotExistError: Page Fetch failure for "https://myhost/api.php": Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at ApiRequest._requestCB (/usr/lib/parsoid/src/lib/mediawiki.ApiRequest.js:153:15)
at self.callback (/usr/lib/parsoid/node_modules/request/request.js:121:22)
at Request.emit (events.js:95:17)
at ClientRequest.self.clientErrorHandler (/usr/lib/parsoid/node_modules/request/request.js:230:10)
at ClientRequest.emit (events.js:95:17)
at CleartextStream.socketErrorListener (http.js:1547:9)
at CleartextStream.emit (events.js:95:17)
at SecurePair.<anonymous> (tls.js:1386:19)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:979:10)

I push a code review on https://gerrit.wikimedia.org/r/#/c/159811/2
But this not working...

It need to offer the strictSSL option of request module. I found this option on https://github.com/mikeal/request

I hardcoded strictSSL to false in my production server...

I wanted to share this.

Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=64003

Details

Reference: bz70761

Related Objects

Mentioned In: T87513: localsettings.js ought to contain a setting to override User-Agent and SSL cert verification

Event Timeline

• bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:55 AM

• bzimport added a project: Parsoid.

• bzimport set Reference to bz70761.

• bzimport created this task.Sep 12 2014, 8:53 AM

gerritadmin wrote:

Change 159811 had a related patch set uploaded by Vichak:
(Bug 70761) Add strictSSL option to ParsoidConfig

https://gerrit.wikimedia.org/r/159811

This bug has been marked as a duplicate of bug 64003 ***