New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS client regression? #1325

Closed
japplegame opened this Issue Nov 7, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@japplegame
Contributor

japplegame commented Nov 7, 2015

After upgrading from 0.7.26-rc.1 to 0.7.26, this code:

requestHTTP("https://steamcommunity.com",
    (scope HTTPClientRequest req) {},
    (scope HTTPClientResponse res) {}
);

causes error:

Task terminated with uncaught exception: Peer failed the certificate validation: 20

I found that reason is commit 7e8fcc4
After reversing appropriate diff, error has gone.

@punkUser

This comment has been minimized.

Show comment
Hide comment
@punkUser

punkUser Nov 11, 2015

Yeah I noticed the same thing - posted some more details here:
http://forum.rejectedsoftware.com/groups/rejectedsoftware.vibed/thread/27364/#post-27369

Don't totally understand the surrounding code but it looks like before it was ignoring the fact that it couldn't verify the server certificate for client requests (due to lack of a certificate store) but that new code (:764 in that commit) triggers and fails SSL requests pretty uniformly now.

Interesting it doesn't trigger if you connect to the example HTTPS server. I'm guessing that's because that uses a self-signed certificate or similar which probably hits a slightly different error return in the switch statement below where it ignores it.

punkUser commented Nov 11, 2015

Yeah I noticed the same thing - posted some more details here:
http://forum.rejectedsoftware.com/groups/rejectedsoftware.vibed/thread/27364/#post-27369

Don't totally understand the surrounding code but it looks like before it was ignoring the fact that it couldn't verify the server certificate for client requests (due to lack of a certificate store) but that new code (:764 in that commit) triggers and fails SSL requests pretty uniformly now.

Interesting it doesn't trigger if you connect to the example HTTPS server. I'm guessing that's because that uses a self-signed certificate or similar which probably hits a slightly different error return in the switch statement below where it ignores it.

@s-ludwig s-ludwig closed this in 5f48317 Nov 11, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment