On 26 December 2013 10:28, Andrea Pescetti <pesce...@apache.org> wrote: > On 23/12/2013 sebb wrote: >> >> ... >> http://wiki.services.openoffice.org/wiki/Documentation/FAQ/Installation >> >> Confirm with IE, which reports a certificate for *.apache.org (Thawte) > > > I've seen it happening from time to time, regardless of the browser I use, > but randomly: at times, loading a wiki page gives the "certificate mismatch" > error, but I am unable to reproduce it consistently. Almost always the > certificate is correct and the browser does not complain. > > Today I could investigate it better. At the time of writing this, if I open > http://wiki.services.openoffice.org/wiki/Documentation/FAQ/Installation > with any of the browsers I commonly use, the certificate I get is the right > one (for *.openoffice.org, issued 11 June 2013). Though, if I fire up an old > Konqueror I get the *.apache.org certificate, issued on 20 December 2011, > and thus the "mismatch" warning. > > Experience with wget is quite complex too. > > With wget 1.12: > $ wget https://wiki.openoffice.org/wiki/Documentation/FAQ/Installation > ERROR: certificate common name “*.apache.org” doesn’t match requested host > name “wiki.openoffice.org”.
I get the same with 1.11.4 on WinXP. > With wget 1.14: > $ wget https://wiki.openoffice.org/wiki/Documentation/FAQ/Installation > [works as expected] On minotaur, I get ERROR: cannot verify wiki.openoffice.org's certificate, issued by '/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA': Unable to locally verify the issuer's authority. Adding --no-check-certificate allows wget to work with a Warning: WARNING: cannot verify wiki.openoffice.org's certificate, issued by '/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA': Unable to locally verify the issuer's authority. > With wget 1.13.4 from ooo-wiki2-vm (so this is repeatable by others): > $ wget https://wiki.openoffice.org/wiki/Documentation/FAQ/Installation > ERROR: certificate common name `*.apache.org' doesn't match requested host > name `wiki.openoffice.org'. > > To avoid misunderstandings: this page does not currently contain any > "insecure" content. This is a separate problem, see below. > > Might it be that the *.apache.org certificate is served as a fallback to > some older clients that for some reason do not support the *.openoffice.org > one? Could be true. > >> Does not happen in Firefox for me either, though I do get a shield >> icon [1] indicating that there is some http: reference that needs to >> be changed to https: >> [IE also reports the same issue, if one ignores the cert. error] > > > I investigated this on the VM as far as my permissions allow. It should be > due to the hardcoded "http" in the file GoogleCoop/GoogleCoop.php > > To work around this, I've temporarily removed the "Search within the FAQs" > function that was including Google CSE via http, see > https://wiki.openoffice.org/w/index.php?title=Documentation%2FFAQ%2FInstallation&diff=232487&oldid=188626 > > Does this solve the "insecure content" problem for you? It does for me. Yes, Firefox, Opera are now happy, as is IE once on gets past the cert error. > The right fix would then to change http to https in > GoogleCoop/GoogleCoop.php but I can't modify that file. > > Regards, > Andrea. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
