Closed Bug 921666 Opened 11 years ago Closed 11 years ago

Add SSL certificates for idp.dev.lcip.org for Android devices

Categories

(Cloud Services :: Operations: Miscellaneous, task)

All
Android
task
Not set
normal

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 889749

People

(Reporter: nalexander, Unassigned)

Details

(Whiteboard: [qa+])

Assignee: server-ops → server-ops-webops
Component: Server Operations → Server Operations: Web Operations
QA Contact: shyam → nmaul
N.B., all endpoints that'll be touched by Android devices -- this, the corresponding stage environment, eventual production deployment, and other identity-related services -- will all need cross-root certs and such, and cannot use SNI. Them's the breaks.
Assignee: server-ops-webops → nobody
Component: Server Operations: Web Operations → Operations
Product: mozilla.org → Mozilla Services
QA Contact: nmaul
Version: other → unspecified
Backtrace, trying to POST to https://idp.dev.lcip.org/certificate/sign: E GeckoLogger(10363) fennec_ncalexan :: FxAccountSyncAdapter :: Failed to sign. E GeckoLogger(10363) javax.net.ssl.SSLPeerUnverifiedException: No peer certificate E GeckoLogger(10363) at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:818) E GeckoLogger(10363) at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:752) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:229) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.retryRequest(BaseResource.java:268) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:239) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.go(BaseResource.java:296) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.post(BaseResource.java:326) E GeckoLogger(10363) at org.mozilla.gecko.sync.net.BaseResource.post(BaseResource.java:449) E GeckoLogger(10363) at org.mozilla.gecko.background.fxa.FxAccountClient.post(FxAccountClient.java:226) E GeckoLogger(10363) at org.mozilla.gecko.background.fxa.FxAccountClient.sign(FxAccountClient.java:545) E GeckoLogger(10363) at org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter.onPerformSync(FxAccountSyncAdapter.java:78) E GeckoLogger(10363) at android.content.AbstractThreadedSyncAdapter$SyncThread.run(AbstractThreadedSyncAdapter.java:247)
Whiteboard: [qa+]
After much investigation, this is a ciphersuite mismatch. Sorry for the fire-drill, ops. Closing in favour of Bug 889749.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
For my possible future reference, this seems to be the minimal change to nginx default config that enables the old ciphersuite: ssl_ciphers HIGH:!aNULL:!MD5:RC4-SHA;
You need to log in before you can comment on or make changes to this bug.