Closed
Bug 921666
Opened 11 years ago
Closed 11 years ago
Add SSL certificates for idp.dev.lcip.org for Android devices
Categories
(Cloud Services :: Operations: Miscellaneous, task)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 889749
People
(Reporter: nalexander, Unassigned)
Details
(Whiteboard: [qa+])
Like Bug 884008.
Updated•11 years ago
|
Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: shyam → nmaul
Comment 1•11 years ago
|
||
N.B., all endpoints that'll be touched by Android devices -- this, the corresponding stage environment, eventual production deployment, and other identity-related services -- will all need cross-root certs and such, and cannot use SNI. Them's the breaks.
Updated•11 years ago
|
Assignee: server-ops-webops → nobody
Component: Server Operations: Web Operations → Operations
Product: mozilla.org → Mozilla Services
QA Contact: nmaul
Version: other → unspecified
Reporter | ||
Comment 2•11 years ago
|
||
Backtrace, trying to POST to https://idp.dev.lcip.org/certificate/sign:
E GeckoLogger(10363) fennec_ncalexan :: FxAccountSyncAdapter :: Failed to sign.
E GeckoLogger(10363) javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
E GeckoLogger(10363) at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:818)
E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:752)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:229)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.retryRequest(BaseResource.java:268)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:239)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.go(BaseResource.java:296)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.post(BaseResource.java:326)
E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.post(BaseResource.java:449)
E GeckoLogger(10363) at org.mozilla.gecko.background.fxa.FxAccountClient.post(FxAccountClient.java:226)
E GeckoLogger(10363) at org.mozilla.gecko.background.fxa.FxAccountClient.sign(FxAccountClient.java:545)
E GeckoLogger(10363) at org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter.onPerformSync(FxAccountSyncAdapter.java:78)
E GeckoLogger(10363) at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:247)
Updated•11 years ago
|
Whiteboard: [qa+]
Comment 3•11 years ago
|
||
Historical reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=884008
Reporter | ||
Comment 4•11 years ago
|
||
After much investigation, this is a ciphersuite mismatch. Sorry for the fire-drill, ops. Closing in favour of Bug 889749.
Reporter | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Status: RESOLVED → VERIFIED
Comment 6•11 years ago
|
||
For my possible future reference, this seems to be the minimal change to nginx default config that enables the old ciphersuite:
ssl_ciphers HIGH:!aNULL:!MD5:RC4-SHA;
You need to log in
before you can comment on or make changes to this bug.
Description
•