Page MenuHomePhabricator

Jobs Queue Doesn't Make Proper TLS Request (HTTP request against the HTTP port which generates a 301 redirect)
Closed, ResolvedPublic

Description

My wiki is private and runs on TLS only. Since 1.23 the jobs queue won't run because it makes an HTTP request against the HTTP port, which generates a 301 redirect, that mediawiki ignores. fsockopen can handle SSL/TLS negotiations but there is no code apparently detecting the $wgServer containing https:// and adjusting accordingly. I was able to modify the fsockopen like this to make it work (near line 666 in MediaWiki.php 1.24.0):

$sock = fsockopen(
       "tls://" . $info['host'],
        isset( $info['port'] ) ? $info['port'] : 443,
        $errno,
        $errstr,
        // If it takes more than 100ms to connect to ourselves there
        // is a problem elsewhere.
        0.1
);

Obviously in a proper design, you would assume port 443 (unless overridden) and TLS from "https://" in the $wgServer and prepend tls:// or ssl:// to the hostname for fsockopen.

Event Timeline

Kmstange created this task.Feb 10 2015, 1:04 AM
Kmstange raised the priority of this task from to Needs Triage.
Kmstange updated the task description. (Show Details)
Kmstange added a project: MediaWiki-JobQueue.
Kmstange added a subscriber: Kmstange.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 10 2015, 1:04 AM
Aklapper renamed this task from Jobs Queue Doesn't Make Proper TLS Request to Jobs Queue Doesn't Make Proper TLS Request (HTTP request against the HTTP port which generates a 301 redirect).Feb 10 2015, 1:00 PM
Aklapper triaged this task as Low priority.
Aklapper set Security to None.
Aklapper lowered the priority of this task from Low to Lowest.Apr 9 2015, 12:35 PM
Kmstange closed this task as Resolved.May 20 2016, 7:11 PM
Kmstange claimed this task.

This was reported again in T107290 and fixed there.