Closed
Bug 595072
Opened 14 years ago
Closed 13 years ago
Sync doesn't accept custom HTTPS servers with self-signed certs
Categories
(Cloud Services Graveyard :: Server: Sync, defect)
Cloud Services Graveyard
Server: Sync
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: markus.podar+bugzilla.mozilla.org, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b5) Gecko/20100101 Firefox/4.0b5 Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b5) Gecko/20100101 Firefox/4.0b5 I'm using an URL in the form of https://$FQDN/weave/ but the sync dialog always states "Please enter a valid server URL". Ultimately I can't use this service. The URL I'm using has a public DNS entry and is using a self-signed certificate (which is valid until 2017) and is protected by HTTP basic auth. The whole length of the URL is 41 characters (in case that matters). I can access the URL in FF itself without problems (I get the usual "Do you understand the risks.. blabla" page because I'm using my own certificate). I've set up the minimal weave server there according to the guide at http://tobyelliott.wordpress.com/2009/09/11/weave-minimal-server/ ; even at the blog this comment also mentions the problem: http://tobyelliott.wordpress.com/2009/09/11/weave-minimal-server/#comment-564 Reproducible: Always Steps to Reproduce: 1. Go to Tool / Set Up Sync... 2. Choose "I've never used sync before" 3. In "Connect to" choose "Use a custom server" 4. Enter the URL https://$FQDN/weave/ (e.g. https://www.google.com/ just as an example) Actual Results: An inline error message shows up "Please enter a valid server URL" Expected Results: No error message should be shown.
Updated•14 years ago
|
Product: Firefox → Mozilla Services
QA Contact: general → general
Comment 1•14 years ago
|
||
(In reply to comment #0) > The URL I'm using has a public DNS entry and is using a self-signed certificate Did you accept this certificate into your profile by clicking on the "Add Exception..." and then the "Confirm Security Exception" buttons? If not, try that. It should work. So in essence, Sync should work just fine with HTTPS urls, but it will fail on unrecognized certs. Importing the cert should fix the problem. Perhaps the setup wizard UI could be a bit more helpful about this...
Updated•14 years ago
|
Component: General → Firefox Sync: UI
OS: Windows 7 → All
QA Contact: general → sync-ui
Hardware: x86 → All
Reporter | ||
Comment 2•14 years ago
|
||
I thought about that too, and yes, I did import it (but only after I encountered the problem). But when I enter https://www.google.com/ I get the same "Please enter a valid server URL". That makes me think if it's really the HTTPS which has the problem or something else. Your comment indicates to me that there are some background checks going, so is it possible that various checks always produce this same "Please enter a valid..." error message and the real error is hidden? *Short pause looking into my apache logs* Ok, I didn't realize that the dialog is already smart by accessing the URL and checking things. I saw that this in my access log: "GET /weave/user/1.0/a HTTP/1.1" 404 Calling this URL indeed gives my a "Function not found" response from the minimal weave server. When I just continue entering my User Name I get a second error message below the user name "Already in use". However it doesn't matter which name I provide I always get this. So, is this more of a minimal weave server problem then? I'm unsure what's really expected here.
Comment 3•14 years ago
|
||
The minimal weave server doesn't support the user signup API. Instead you need to create a user account on the server using the provided script and then choose "I'm already using Sync on another computer" (or "I already have a Sync account" in nightlies). I'm pretty sure this is described in the docs as well.
Reporter | ||
Comment 4•14 years ago
|
||
The only docs in the minimal web server is a README which has this about the client setup: --------------8<----------------- CLIENT SETUP in about.config, set extensions.weave.serverURL to https://<your servername>/weave/ You can run it under http, but this is insecure and not recommended. --------------8<----------------- So there was no indication to me that I can't use the user signup API. It is clear now and I guess this bug can be closed.
Comment 5•14 years ago
|
||
Ugh, yeah, looks like I was wrong. I thought this was documented. CCing Toby to let him know about this. Anyway, I think the bug is still invalid in the sense that we could do better in terms of the UI. Ideally the setup wizard would point the user to the same "Add Security Exception" dialog as the browser does...
Summary: Sync doesn't accept HTTPS URLs → Sync doesn't accept custom HTTPS servers with self-signed certs
Comment 6•14 years ago
|
||
(In reply to comment #5) > Anyway, I think the bug is still invalid Of course I meant *valid*.
Reporter | ||
Comment 7•14 years ago
|
||
Mind that in my case the problem wasn't the security certificate, but likely that I didn't properly set up a user. However... when I reconsider the steps: 1. I entered the URL 2. I received the error message (I did *not yet* enter a username 3. the request logged on the server was: "GET /weave/user/1.0/a HTTP/1.1" 404 As I said in that case I didn't enter a username, so I didn't enter "a" for it. Maybe it's some kind of probe for the dialog? Is the web server supposed to understand this (special username "a" for probing)? Because if not, then in general that would almost always lead to a that error message and could be confusing.
Comment 8•14 years ago
|
||
The setup wizard queries the server whether the username "a" is taken or not. It interprets either answer (yes or no) as the server being valid (= it implements the sign up API) and an HTTP error as it being invalid. It's not super brilliant but it works ;)
Comment 9•14 years ago
|
||
Ah, I see. We say "You can create and delete users by running the create_user script from the command line.", but don't actually point out that you can't do it through the client. I'll add something there.
Comment 10•13 years ago
|
||
Not a UI bug. Throwing this over to the server chaps to close out.
Component: Firefox Sync: UI → Server: Core
QA Contact: sync-ui → core-server
Comment 11•13 years ago
|
||
Added the explicit note to the README that you can't create users from the client, so I think all issues here have been resolved.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Component: Server: Core → Server: Sync
QA Contact: core-server → sync-server
Updated•1 year ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•