Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https doesn't work (Terena CA) with "Check now" button #70

Closed
valtri opened this issue Dec 27, 2014 · 8 comments
Closed

https doesn't work (Terena CA) with "Check now" button #70

valtri opened this issue Dec 27, 2014 · 8 comments
Assignees
@pypingou

Comments

@valtri
Copy link

valtri commented Dec 27, 2014

There is not working fetch over SSL at release-monitoring.org. The URL is:
https://code.soundsoftware.ac.uk/projects/qm-dsp/files

Some intermediate certificates in Terena CA has been changed recently, so maybe just upgrading ca-certificates could help?
@valtri
Copy link
Author

valtri commented Dec 29, 2014

OK, it looks like this problem is only with the "Check now" button.

The release status of the qm-dsp has been updated OK automatically next day.

@valtri valtri changed the title https doesn't work (Terena CA) https doesn't work (Terena CA) with "Check now" button Dec 29, 2014
@ralphbean
Copy link
Contributor

OK, it looks like this problem is only with the "Check now" button.

The "Check now" button works for me on qm-dsp. Do you still see this issue @valtri?

@tomspur
Copy link
Contributor

tomspur commented Feb 20, 2015

The failure of 'http://dl.hexchat.net/hexchat/' might be related to this:

  File "anitya.git/anitya/lib/backends/__init__.py", line 260, in call_url
    return requests.get(url, headers=headers)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 65, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 49, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 461, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 599, in send
    history = [resp for resp in gen] if allow_redirects else []
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 192, in resolve_redirects
    allow_redirects=False,
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 573, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: hostname 'dl.hexchat.net' doesn't match either of 'ssl2000.cloudflare.com', 'cloudflare.com', '*.cloudflare.com'

@pypingou
Copy link
Member

Most of the failure with https are related to invalid certificate(s)

@valtri
Copy link
Author

valtri commented Feb 22, 2015

The "Check now" button doesn't show there, but that's not critical (it may be feature - check is not needed when checked recently). The update check of qm-dsp looks OK. I would consider this part as solved. :-)

The hexchat: there is used http:// at https://release-monitoring.org/project/1313/. The certificate looks updated (it contains *.hexchat.net in altnames), maybe it could work now.

@pypingou
Copy link
Member

The hexchat: there is used http:// at https://release-monitoring.org/project/1313/. The certificate
looks updated (it contains *.hexchat.net in altnames), maybe it could work now.

Apparently this does not cover dl.hexchat.net:
requests.exceptions.SSLError: hostname 'dl.hexchat.net' doesn't match either of 'ssl2000.cloudflare.com', 'cloudflare.com', '*.cloudflare.com'

@tomspur
Copy link
Contributor

tomspur commented Feb 23, 2015

It is strange, that chromium and firefox accept this certificate, but curl and python-requests don't...

@pypingou pypingou mentioned this issue Mar 23, 2015
Merged
@pypingou pypingou self-assigned this Mar 23, 2015
@pypingou
Copy link
Member

The pull-request mentioned above fixes this issue by allowing to make insecure http calls.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pypingou pypingou

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tomspur @ralphbean @pypingou @valtri