Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import shouldn't fail when a pod certificate is invalid #8300

Closed
Flaburgan opened this issue Sep 20, 2021 · 7 comments
Closed

Import shouldn't fail when a pod certificate is invalid #8300

Flaburgan opened this issue Sep 20, 2021 · 7 comments
Labels
🚚 migration
Milestone
1.0.0

Comments

@Flaburgan
Copy link
Member

DiasporaFederation::Discovery::DiscoveryError: Failed to fetch https://diaspora.eigenlab.org/.well-known/webfinger?resource=acct:vcuculo@diaspora.eigenlab.org for vcuculo@diaspora.eigenlab.org: Faraday::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

See full stack trace:
https://gist.githubusercontent.com/Flaburgan/beb704a006ae1a299f4e1caf11bd70c2/raw/e1a7729bd002dbe42171172a0a830f279151fa91/Import%2520from%2520diasp.org
@tclaus
Copy link
Member

tclaus commented Sep 28, 2021
edited

diaspora.eigenlab.org uses a self signed, expired certificate. So this should not be used. The diaspora service is down.
This is informative message and can be ignored.

@tclaus tclaus closed this as completed Sep 28, 2021
@tclaus
Copy link
Member

tclaus commented Sep 28, 2021

Reopen, because it seems that migration stops if a pod is not fetchable. In this case, by SSL problem.

@tclaus tclaus reopened this Sep 28, 2021
@tclaus
Copy link
Member

tclaus commented Sep 28, 2021

@SuperTux88

Should a rescue 'OpenSSL::SSL::SSLError' be added to the 'entity_importer.rb

diaspora/lib/archive_importer/entity_importer.rb

Line 15 in 274edf7

rescue DiasporaFederation::Entities::Signable::SignatureVerificationFailed,

?

@SuperTux88
Copy link
Member

SuperTux88 commented Sep 28, 2021
edited

No, OpenSSL::SSL::SSLError is way too low-level and shouldn't be handled there, the federation code always (or should if it doesn't already) either raises a DiscoveryError or NotFetchable if something goes wrong on a lower level (connection problem, 404, SSL-errors, or whatever). The import code shouldn't need to handle all these low-level problems.

And this is actually weird, in this case it's a DiasporaFederation::Federation::Fetcher::NotFetchable that causes the problem, which is already handled there, so it shouldn't fail anymore? Was this test done with old code without NotFetchable already being handled there?

(1ec0314 was merged 10 days ago, this issue is newer, but maybe the test was done before that or before updating with this fix included?)

@Flaburgan
Copy link
Member Author

That test has been done the 8th of September with the commits from #8274 at that time.

@SuperTux88
Copy link
Member

OK, as far as I can see that PR didn't contain that fix at this time, but it should be fixed now, so closing this.

@SuperTux88 SuperTux88 added this to the 0.8.0.0 milestone Sep 28, 2021
@tclaus
Copy link
Member

tclaus commented Sep 28, 2021 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🚚 migration
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
3 participants
@SuperTux88 @tclaus @Flaburgan