Page MenuHomePhabricator
Create Task
Maniphest T73797

Crash with HTTPS only Mediawiki instances
Closed, DeclinedPublic
Actions

Description

If you have a HTTPS only instance of Mediawiki, it's not possible to use OCG directly.

You get this error:
error: Error: Hostname/IP doesn't match certificate's altnames

at SecurePair.<anonymous> (tls.js:1371:23)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:974:10)
at CleartextStream.read [as _read] (tls.js:462:15)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:221:10)
at writeOrBuffer (_stream_writable.js:211:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:583:24) channel=backend.bundler.bin, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, details=undefined

error: Bundling process died with non zero code: 1 channel=backend.bundler.error, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, metabook={

It should be explained how to get rid of this error in the document. I'm not sure this is relevant to take care about this as in 99% of the instances this run on the same machine like MW. Maybe a simple option (activated per default?) should avoid this check.

I have achieved to get ride of this problem by addingprocess.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

PS: This problem is also valid for Parsoid.

Version: unspecified
Severity: normal

Details

Reference
bz71797

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 3:54 AM
bzimport added a project: OfflineContentGenerator.
bzimport set Reference to bz71797.
bzimport added a subscriber: Unknown Object (MLST).
Kelson created this task.Oct 8 2014, 2:16 PM
Nemo_bis added a comment.Oct 30 2014, 8:05 AM

What's the https domain in question? Are you sure the certificates for it are correct?

cscott added a comment.Oct 30 2014, 1:29 PM

Yeah, this sonuds like your HTTPS certificates are invalid. That's not a Parsoid/OCG problem.

Kelson added a comment.Oct 30 2014, 2:53 PM

I know only two people who have tried to installed OCG and both were puzzled by this problem.

We need:
1 - A correct error handling
2 - The solution should be clearly documented somewhere with a step-by-step procedure (In my case, although I have searched, I was not able to find this procedure clearly explained)
3 - Point a link to that solution in the error message

Kelson added a comment.Nov 17 2014, 8:56 PM

Parsoid has implemented this in a nice way IMO. It's possible to specify in localsettings.js:

Require SSL certificates to be valid (default true)
 Set to false when using self-signed SSL certificates
parsoidConfig.strictSSL = false;

Reedy removed a subscriber: wikibugs-l-list.Nov 29 2015, 2:06 PM
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 29 2015, 2:06 PM
Jdforrester-WMF edited projects, added OCG-General; removed OfflineContentGenerator.Apr 8 2016, 2:47 PM
Aklapper added a comment.Sep 14 2017, 9:18 AM

As already announced in Tech News, OfflineContentGenerator (OCG) will not be used anymore after October 1st, 2017 on Wikimedia sites. OCG will be replaced by Electron. You can read more on mediawiki.org.

Aklapper closed this task as Declined.Feb 28 2021, 9:29 AM

Declining this task as OCG has been dead for years.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL