Crash with HTTPS only Mediawiki instances
Open, Needs TriagePublic

Description

If you have a HTTPS only instance of Mediawiki, it's not possible to use OCG directly.

You get this error:
error: Error: Hostname/IP doesn't match certificate's altnames

at SecurePair.<anonymous> (tls.js:1371:23)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:974:10)
at CleartextStream.read [as _read] (tls.js:462:15)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:366:25)
at doWrite (_stream_writable.js:221:10)
at writeOrBuffer (_stream_writable.js:211:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:583:24) channel=backend.bundler.bin, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, details=undefined

error: Bundling process died with non zero code: 1 channel=backend.bundler.error, id=65848afb3f242ab641e6d3f9cb031244c780172d, writer=rdf2latex, metabook={

It should be explained how to get rid of this error in the document. I'm not sure this is relevant to take care about this as in 99% of the instances this run on the same machine like MW. Maybe a simple option (activated per default?) should avoid this check.

I have achieved to get ride of this problem by addingprocess.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

PS: This problem is also valid for Parsoid.


Version: unspecified
Severity: normal

Details

Reference
bz71797
bzimport raised the priority of this task from to Needs Triage.
bzimport set Reference to bz71797.
bzimport added a subscriber: Unknown Object (MLST).
Kelson created this task.Oct 8 2014, 2:16 PM

What's the https domain in question? Are you sure the certificates for it are correct?

Yeah, this sonuds like your HTTPS certificates are invalid. That's not a Parsoid/OCG problem.

I know only two people who have tried to installed OCG and both were puzzled by this problem.

We need:
1 - A correct error handling
2 - The solution should be clearly documented somewhere with a step-by-step procedure (In my case, although I have searched, I was not able to find this procedure clearly explained)
3 - Point a link to that solution in the error message

Parsoid has implemented this in a nice way IMO. It's possible to specify in localsettings.js:

Require SSL certificates to be valid (default true)
Set to false when using self-signed SSL certificates
parsoidConfig.strictSSL = false;

Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptNov 29 2015, 2:06 PM

As already announced in Tech News, OfflineContentGenerator (OCG) will not be used anymore after October 1st, 2017 on Wikimedia sites. OCG will be replaced by Electron. You can read more on mediawiki.org.