Page MenuHomePhabricator

Crash with HTTPS only Mediawiki instances
Open, Needs TriagePublic


If you have a HTTPS only instance of Mediawiki, it's not possible to use OCG directly.

You get this error:
error: Error: Hostname/IP doesn't match certificate's altnames

at SecurePair.<anonymous> (tls.js:1371:23)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:974:10)
at [as _read] (tls.js:462:15)
at (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:221:10)
at writeOrBuffer (_stream_writable.js:211:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:583:24) channel=backend.bundler.bin, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, details=undefined

error: Bundling process died with non zero code: 1 channel=backend.bundler.error, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, metabook={

It should be explained how to get rid of this error in the document. I'm not sure this is relevant to take care about this as in 99% of the instances this run on the same machine like MW. Maybe a simple option (activated per default?) should avoid this check.

I have achieved to get ride of this problem by addingprocess.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

PS: This problem is also valid for Parsoid.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:54 AM
bzimport set Reference to bz71797.
bzimport added a subscriber: Unknown Object (MLST).
Kelson created this task.Oct 8 2014, 2:16 PM

What's the https domain in question? Are you sure the certificates for it are correct?

Yeah, this sonuds like your HTTPS certificates are invalid. That's not a Parsoid/OCG problem.

I know only two people who have tried to installed OCG and both were puzzled by this problem.

We need:
1 - A correct error handling
2 - The solution should be clearly documented somewhere with a step-by-step procedure (In my case, although I have searched, I was not able to find this procedure clearly explained)
3 - Point a link to that solution in the error message

Parsoid has implemented this in a nice way IMO. It's possible to specify in localsettings.js:

Require SSL certificates to be valid (default true)
Set to false when using self-signed SSL certificates
parsoidConfig.strictSSL = false;

Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 29 2015, 2:06 PM

As already announced in Tech News, OfflineContentGenerator (OCG) will not be used anymore after October 1st, 2017 on Wikimedia sites. OCG will be replaced by Electron. You can read more on