[ww-devel] The library browser not updating problem
Arnold Pizer
apizer at math.rochester.edu
Wed Aug 27 15:33:53 EDT 2014
Hi Jason,
No, I still get the same error. I also tried setting in
webwork.apache2.4-conf
PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
and a few similar things all to no avail.
Arnie
On Wed, Aug 27, 2014 at 2:45 PM, Jason Aubrey <aubreyja at gmail.com> wrote:
> Arnie,
>
> We think might have a general solution, and you might be in the best
> position to test it. In line 143 of WebworkClient.pm could you put
>
> ssl_opts => { verify_hostname => 0 }
>
> inside the ->proxy() bit. So I think it should look like
>
> -> proxy(($self->url).'/'.REQUEST_URI,ssl_opts => { verify_hostname => 0 }
> );
>
> The ssl_opts should get passed to LWP::UserAgent and maybe disable the
> hostname verification for the web service calls.
>
> Jason
>
>
> On Wed, Aug 27, 2014 at 11:34 AM, Arnold Pizer <apizer at math.rochester.edu>
> wrote:
>
>> Thanks. After sending the email, I realized that the problem wasn't with
>> the browser but figured someone with a deeper understanding would respond.
>>
>> When we figure this out, it would be good if we could make a
>> configuration option that (1) disables hostname verification or (2)
>> does something else to make this problem easier to solve.
>>
>> Arnie
>>
>>
>> On Wed, Aug 27, 2014 at 2:19 PM, Jason Aubrey <aubreyja at gmail.com> wrote:
>>
>>> I'll need to track down who really needs the cert, but in this case it's
>>> not the browser. I *think* it's LWP::UserAgent via LWP::Protocol::https.
>>> You can see here
>>>
>>>
>>> http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
>>> <https://urldefense.proofpoint.com/v1/url?u=http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=694e0ff4bb49d7042a44336317f7c7cc829d5d813697e43c845370e10f27db8d>
>>>
>>> It's description of how ssl requests can fail (which sounds like how
>>> ours are failing.) So, the deeper solution might be to fix it here by
>>> disabling the check:
>>>
>>> If hostname verification is requested by LWP::UserAgent's ssl_opts, and
>>>> neither SSL_ca_file nor SSL_ca_path is set, then SSL_ca_file is
>>>> implied to be the one provided by Mozilla::CA. If the Mozilla::CA module
>>>> isn't available SSL requests will fail. Either install this module, set up
>>>> an alternative SSL_ca_file or disable hostname verification
>>>>
>>>
>>> That's if I'm right about who is complaining.
>>>
>>> Jason
>>>
>>>
>>>
>>> On Wed, Aug 27, 2014 at 11:08 AM, Arnold Pizer <
>>> apizer at math.rochester.edu> wrote:
>>>
>>>> Hi John et all,
>>>>
>>>> I'm pretty sure I'm having the same problem. When I look at things
>>>> following Matt's suggestion, I see that the last module called is instructorXMLHandler.pm
>>>> and I see the error msg
>>>> Errors: 500 Can't connect to 192.168.56.101:443
>>>> <https://urldefense.proofpoint.com/v1/url?u=http://192.168.56.101:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=e09084ada64c076fd5495663842d43b8ab6e007ddf6f5804a79eb17d6621ab9a>
>>>> (certificate verify failed) at /opt/webwork/webwork2/lib/WebworkClient.pm
>>>> line 158. End Errors
>>>>
>>>> My problem is that I'm using a selfsigned certificate for testing. So
>>>> I don't think creating a self signed SSLCA certificate alone will solve the
>>>> problem. I think I should be able to get the browser to trust the
>>>> certificate and if this works it will be OK as long as only instructors
>>>> have this problem. Are there any things that students do (or will do) that
>>>> will bring up similar problems? If so, the option of using self signed
>>>> certificates will have to be abandoned.
>>>>
>>>> If anyone has gotten a browser to trust a self signed certificate or
>>>> can point me to a good reference, I would appreciate the hint. There seem
>>>> to be quite a few references, but I haven't found one that works yet. At
>>>> least now I know the problem is really with the SSL certificate.
>>>>
>>>> Arnie
>>>>
>>>>
>>>> On Wed, Aug 27, 2014 at 11:50 AM, John Jones <jj at asu.edu> wrote:
>>>>
>>>>> Can someone write a version of this explanation a la an apache for
>>>>> dummies?
>>>>>
>>>>> Arnie, can you check to see if this fixes the problem you encountered
>>>>> during mathfest?
>>>>>
>>>>> John
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Aug 27, 2014 at 8:40 AM, Jason Aubrey <aubreyja at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks Matt - that worked!
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 26, 2014 at 4:56 PM, Matt Haught <matt_haught at ncsu.edu>
>>>>>> wrote:
>>>>>>
>>>>>>> Same problem here on our devel server but not our production. I have
>>>>>>> been scratching my head with it today. Our devel server also uses
>>>>>>> the
>>>>>>> incommon certs while the production is using godaddy from before we
>>>>>>> could get incommon. So that got me thinking... I have something for
>>>>>>> you to try that appears to have worked for us.
>>>>>>>
>>>>>>> Add a SSLCACertificateFile apache conf line and have it use the
>>>>>>> intermediate/root only cert (2nd link down in the InCommon email)
>>>>>>>
>>>>>>> Matt Haught
>>>>>>> North Carolina State University
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Aug 26, 2014 at 5:49 PM, Jason Aubrey <aubreyja at gmail.com>
>>>>>>> wrote:
>>>>>>> > Well, at this point I think the error has something to do with how
>>>>>>> my ssl is
>>>>>>> > configured. Here is some evidence from my apache log with
>>>>>>> LogLevel info:
>>>>>>> >
>>>>>>> > There were a lot of errors: 500 Can't connect to
>>>>>>> > webwork.math.arizona.edu:443
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>> at /opt/webwork/webwork2/lib/WebworkClient.pm
>>>>>>> > line 158
>>>>>>> >
>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] SSL library
>>>>>>> error 1 in
>>>>>>> > handshake (server webwork.math.arizona.edu:443
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>> )
>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] SSL Library Error: 336151576
>>>>>>> > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] Connection
>>>>>>> closed to
>>>>>>> > child 0 with abortive shutdown (server
>>>>>>> webwork.math.arizona.edu:443
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>> )
>>>>>>> >
>>>>>>> > So, you can see (1) that 'it' can't connect to
>>>>>>> webwork.math.arizona.edu:443
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>> > and (2) the ssl handshake seems to be dying due to an unknown
>>>>>>> certificate
>>>>>>> > authority. But if you looked at my server, you would see (3) that
>>>>>>> my
>>>>>>> > certificate authority is in fact well known:
>>>>>>> >>
>>>>>>> >> Issued By
>>>>>>> >>
>>>>>>> >> Common Name (CN) InCommon Server CA
>>>>>>> >>
>>>>>>> >> Organizaton (O) Internet2
>>>>>>> >>
>>>>>>> >> etc...
>>>>>>> >
>>>>>>> > Also, there is the fact that (4) my web browsers have no problem
>>>>>>> connecting
>>>>>>> > to the https site.
>>>>>>> > So,
>>>>>>> > (a) Maybe the perl module(s) running the webservice calls (LWP?)
>>>>>>> don't
>>>>>>> > recognize the certificate authority.
>>>>>>> > (b) Maybe the way my redirect to ssl is set up is messing with the
>>>>>>> web
>>>>>>> > service calls. (Permanent redirect to a *:443 vhost)
>>>>>>> > (c) Maybe there is some other configuration problem with my ssl
>>>>>>> set up.
>>>>>>> > (d) Maybe this is completely unrelated to the actual problem.
>>>>>>> >
>>>>>>> > Thanks for any ideas.
>>>>>>> > Jason
>>>>>>> >
>>>>>>> _______________________________________________
>>>>>>> webwork-devel mailing list
>>>>>>> webwork-devel at webwork.maa.org
>>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> webwork-devel mailing list
>>>>>> webwork-devel at webwork.maa.org
>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> webwork-devel mailing list
>>>>> webwork-devel at webwork.maa.org
>>>>>
>>>>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Prof. Arnold K. Pizer
>>>> Dept. of Mathematics
>>>> University of Rochester
>>>> Rochester, NY 14627
>>>> (585) 766-8812
>>>>
>>>> _______________________________________________
>>>> webwork-devel mailing list
>>>> webwork-devel at webwork.maa.org
>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> webwork-devel mailing list
>>> webwork-devel at webwork.maa.org
>>>
>>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459
>>>
>>>
>>
>>
>> --
>> Prof. Arnold K. Pizer
>> Dept. of Mathematics
>> University of Rochester
>> Rochester, NY 14627
>> (585) 766-8812
>>
>> _______________________________________________
>> webwork-devel mailing list
>> webwork-devel at webwork.maa.org
>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d>
>>
>>
>
> _______________________________________________
> webwork-devel mailing list
> webwork-devel at webwork.maa.org
>
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d
>
>
--
Prof. Arnold K. Pizer
Dept. of Mathematics
University of Rochester
Rochester, NY 14627
(585) 766-8812
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://webwork.maa.org/pipermail/webwork-devel/attachments/20140827/25680e52/attachment-0001.html>
More information about the webwork-devel
mailing list