New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

connection on HTTPS #1

Open
plegall opened this Issue Nov 25, 2015 · 7 comments

Comments

Projects
None yet
3 participants
@plegall
Member

plegall commented Nov 25, 2015

It seems that Remote Sync can't connect on HTTPS or maybe on HTTPS with self-signed certificate, as described on http://fr.piwigo.org/forum/viewtopic.php?pid=216522#p216522

Tell me if you have a Piwigo behind HTTPS for testing (I should be able to provide one)

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 25, 2015

Can you start the application like mentioned here please : https://github.com/Piwigo/Piwigo-Java#troubleshooting ?

Is the remote gallery version > 2.6? Because, it was never tested with older versions. Maybe a test of the version would be a good thing.

And finally, yes a HTTPS gallery would be useful.

ghost commented Nov 25, 2015

Can you start the application like mentioned here please : https://github.com/Piwigo/Piwigo-Java#troubleshooting ?

Is the remote gallery version > 2.6? Because, it was never tested with older versions. Maybe a test of the version would be a good thing.

And finally, yes a HTTPS gallery would be useful.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 25, 2015

It seems to work with HTTPS. But I must investigate with self signed certificates.

I can add an option to ignore SSL certificate problems, and just log a warning instead of throwing an Exception.

ghost commented Nov 25, 2015

It seems to work with HTTPS. But I must investigate with self signed certificates.

I can add an option to ignore SSL certificate problems, and just log a warning instead of throwing an Exception.

ghost pushed a commit that referenced this issue Nov 25, 2015

new version 0.0.10:
* add ignore self signed SSL certificate (issue #1)
* fix readme and build with maven 3

ghost pushed a commit that referenced this issue Nov 26, 2015

new version 0.0.11:
* self signed SSL certificate (issue #1): rename "Ignore" to "Trust" 
* add FAQ entry

ghost pushed a commit that referenced this issue Nov 29, 2015

new version 0.0.12:
* self signed SSL certificate (issue #1): throw error with self signed
certificates to suggest to use trust option
@rorrison

This comment has been minimized.

Show comment
Hide comment
@rorrison

rorrison Feb 6, 2016

I've just set up a Let's Encrypt certificate on my test site - https://test.orrison.com/piwigo, and am getting an error:
[ERROR] Unable to connect : SSL certificate exception (Please use option 'Trust SSL certificates') [ERROR] Error in sync

This isn't a self-signed certificate, but I tried ticking the "Trust self signed SSL certificates" option anyway, but it didn't help.

(That's perhaps a separate bug: the error message says "Please use option 'Trust SSL certificates'" but the option is actually "Trust self signed SSL certificates".)

I'd be happy to set up a login for you on that test site.

I have been using the remote sync on this site for some time, without any problems until I installed the certificate. I'm on Piwigo 2.7.4, and I think the latest Remote Sync (it doesn't show a version number).

Also perhaps significant: I've turned on rewriting from http: to https: and Strict-Transport-Security.

Java debug log attached: remotesync-log.txt

Final update for this test case: Java (current version 8 Update 73 on Windows) doesn't include the necessary root certificates for Let's Encrypt, so it looks like a Java problem. It is possible to add root certificates to Java.

rorrison commented Feb 6, 2016

I've just set up a Let's Encrypt certificate on my test site - https://test.orrison.com/piwigo, and am getting an error:
[ERROR] Unable to connect : SSL certificate exception (Please use option 'Trust SSL certificates') [ERROR] Error in sync

This isn't a self-signed certificate, but I tried ticking the "Trust self signed SSL certificates" option anyway, but it didn't help.

(That's perhaps a separate bug: the error message says "Please use option 'Trust SSL certificates'" but the option is actually "Trust self signed SSL certificates".)

I'd be happy to set up a login for you on that test site.

I have been using the remote sync on this site for some time, without any problems until I installed the certificate. I'm on Piwigo 2.7.4, and I think the latest Remote Sync (it doesn't show a version number).

Also perhaps significant: I've turned on rewriting from http: to https: and Strict-Transport-Security.

Java debug log attached: remotesync-log.txt

Final update for this test case: Java (current version 8 Update 73 on Windows) doesn't include the necessary root certificates for Let's Encrypt, so it looks like a Java problem. It is possible to add root certificates to Java.

@rorrison

This comment has been minimized.

Show comment
Hide comment
@rorrison

rorrison Feb 7, 2016

Another test case: https://orrison.com/test/piwigo works ok, using a certificate issued by Comodo.

rorrison commented Feb 7, 2016

Another test case: https://orrison.com/test/piwigo works ok, using a certificate issued by Comodo.

mhelleboid added a commit that referenced this issue Aug 3, 2016

new version 0.0.13:
* new trust ssl strategy (issue #1)
* new exception for site redirection error
* begin support for piwigo version 2.8.x (issue #3)
@mhelleboid

This comment has been minimized.

Show comment
Hide comment
@mhelleboid

mhelleboid Aug 3, 2016

Collaborator

Can you try again the trust ssl certificates option?

Collaborator

mhelleboid commented Aug 3, 2016

Can you try again the trust ssl certificates option?

@rorrison

This comment has been minimized.

Show comment
Hide comment
@rorrison

rorrison Aug 5, 2016

It is now connecting fine on my test site with a Let's Encrypt certificate. Using v0.0.13 and Java version 8 update 101 (update 101 included the root certificate used by Let's Encrypt).
It works with and without the "Trust SSL certificates" option.

rorrison commented Aug 5, 2016

It is now connecting fine on my test site with a Let's Encrypt certificate. Using v0.0.13 and Java version 8 update 101 (update 101 included the root certificate used by Let's Encrypt).
It works with and without the "Trust SSL certificates" option.

@mhelleboid

This comment has been minimized.

Show comment
Hide comment
@mhelleboid

mhelleboid Aug 5, 2016

Collaborator

Can you make the same test with an older java version?

Collaborator

mhelleboid commented Aug 5, 2016

Can you make the same test with an older java version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment