Branko Čibej wrote:
Note that all the sites that fail in your list have wildcard
certificates — CN=*.apache.org for the Apache sites and
CN=*.openoffice.org for the OO sites. This may be related to wildcard
cert support
Interesting find, and I was hopeful this could be the solution. But if
try with fosdem.org (that has a wildcard certificate too) it works even
on the Ubuntu system (i.e., the one where I cannot get the updates):
$ soffice https://fosdem.org/2019/ # Works, HTTPS with wildcard
in OpenSSL/LibreSSL/GnuTLS/whateveryou'reusing on the
affected systems. Correlating this with the SSL library name and version
would be useful.
But, as reported by Pedro in the first test,
$ curl https://ooo-updates.apache.org/index.html
works well, while
$ soffice https://ooo-updates.apache.org/index.html
so it's unclear to what extent system libraries are involved. I've
tried, with no success, to install more libraries
$ sudo apt-get install libssl1.0-dev
(see here for context:
https://github.com/wkhtmltopdf/wkhtmltopdf/issues/2938#issuecomment-334784936
)
but the Ubuntu system still refused to open the update URL.
For debugging, I suggest using cURL instead of OO, for example:
curl -sviI https://www.openoffice.org/
Thanks, if the issue is with SSL this indeed helps in finding more
details. Still, curl will always work also on affected systems, so if it
is SSL-related it won't be enough to check whether the site uses a
wildcard SSL certificate... Maybe some more technical certificate details?
I'm now trying to check the OpenOffice code to see whether we can get
some more meaningful output instead of the empty details string we
currently print. For those interested, the error message is assembled in
main/uui/source/iahndl.cxx
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
