New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transient Get Certificate Issues #219
Comments
@dsanders11 2.1 removes the dialog in headless mode, which should decrease the severity of this: https://qz.io/wiki/2.1-Headless-Deployment Also, blocking anonymous connections is already part of the UI, so you should be able to mitigate the
|
Currently, we only check the generic |
Even one certificate is enough to throw a decent wrench in things. Even with the second instance we have which is on a Windows computer with monitor and keyboard/mouse, it's unmanned most of the time so no one will notice the dialog sitting there until there's problems printing (from the front office, a ways away from the computer running QZ Tray). |
Yeah we need to rethink how we play traffic cop to allow known, good traffic through first. |
👍 On it! |
This may seem logical in principle, but in practicality, this has the side effect of blocking printing when the cert promise is broken. Most clients want to have a fallback in this scenario and that is the logic we'll be keeping.
This has been patched in #242. The fix is so small that we're going to rebase it against 2.0.5. If you can help us test this out, that would be great. I don't mean to dismiss the other great points made in the original bug report, but I think this "denial of service" bug is serious enough to roll out in the stable release and I'd like to close this bug report out once merged.
Likewise, this could be farmed out to the cert promise, since it's self-aware of its own |
I'm closing this via #242. If there are issues with the implementation, please reopen. There are several other good points in the conversation above. If they warrant a new issue, please feel free to create one for each request/bug. Thanks for reporting this. Edit: 2.0.5 has been released with this fixed. You can grab it at https://qz.io/download |
It appears that the default behavior of
callCert
in the JavaScript is not great in how it handles transient errors, such as Internet connectivity issues. It causes behavior that is very unforgiving.Issue:
sendCert
even for a rejectedcallCert
promise, causing the rejected promise from jQuery to be sent to QZ Tray (likely over the local network which won't have connection issues). This means QZ Tray sees a JSON message that has something like{"certificate": {"readyState": 0, "responseText": "error"}}
(snipped out the irrelevant details).UNKNOWN
certificate to be displayed and forces the user to allow or deny the connection request.Suggested Resolution:
getCert
to useresolve()
, notreject()
like it currently does.sendCert
ifcallCert
rejects and instead actually reject the open connection promise.callCert
is what failed, instead ofsendCert
. Maybe something like:_qz.security.callCert().catch(rejectAsCallCertFailure).then(sendCert).catch(rejectAsSendCertFailure);
Rationale for the suggested resolution is the connection failure due to not being able to get the certificate should happen on the browser side, not on the QZ Tray side which is what currently happens due to the bad certificate info which can't be parsed. At least in that case the error can be recovered from on the individual browser instead of bricking the instance.
BTW, this also highlights a way to do a denial-of-service on a QZ Tray instance which is running with trusted certificates (and so never shows dialogs). If you provide gibberish for the certificate info you'll force the dialog to be shown and grind everything to a halt until it's cleared.
IMO it should be possible to easily configure QZ Tray to auto-deny any untrusted certificates so that this wouldn't be possible.Looks like this is already provided via block anonymous requests. Would this also block a parseable certificate that's untrusted? In that case it's not an anonymous request, I think.@tresf, thoughts?
The text was updated successfully, but these errors were encountered: