[ww-devel] webwork-devel Digest, Vol 41, Issue 22
goehle at gmail.com
goehle at gmail.com
Wed Aug 27 20:17:31 EDT 2014
I submitted a pull request which turns of certificate checking for the xml
pathway. I managed to find a way to disable the certificate checking
without setting an environment variable, so it should only affect the calls
made by WebworkClient.
On Wed, Aug 27, 2014 at 5:53 PM, <webwork-devel-request at webwork.maa.org>
wrote:
> Send webwork-devel mailing list submissions to
> webwork-devel at webwork.maa.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://webwork.maa.org/mailman/listinfo/webwork-devel
> or, via email, send a message with subject or body 'help' to
> webwork-devel-request at webwork.maa.org
>
> You can reach the person managing the list at
> webwork-devel-owner at webwork.maa.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of webwork-devel digest..."
>
>
> Today's Topics:
>
> 1. Re: The library browser not updating problem (John Jones)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 27 Aug 2014 14:53:07 -0700
> From: John Jones <jj at asu.edu>
> To: WeBWorK development discussion <webwork-devel at webwork.maa.org>
> Subject: Re: [ww-devel] The library browser not updating problem
> Message-ID:
> <CAJciYuQN38yFh0Ats5ZCio=pQCYxcskFn7UoAqh1=
> NV4B+rFOg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I the problem arises from the ajax call, which is generated by jquery. I
> think the configuration change has to either be done when we send the
> request (so in jquery's $.post command) or in the receiver, which is
> apache.
>
> John
>
>
>
> On Wed, Aug 27, 2014 at 12:33 PM, Arnold Pizer <apizer at math.rochester.edu>
> wrote:
>
> > Hi Jason,
> >
> > No, I still get the same error. I also tried setting in
> > webwork.apache2.4-conf
> > PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
> > and a few similar things all to no avail.
> >
> > Arnie
> >
> >
> > On Wed, Aug 27, 2014 at 2:45 PM, Jason Aubrey <aubreyja at gmail.com>
> wrote:
> >
> >> Arnie,
> >>
> >> We think might have a general solution, and you might be in the best
> >> position to test it. In line 143 of WebworkClient.pm could you put
> >>
> >> ssl_opts => { verify_hostname => 0 }
> >>
> >> inside the ->proxy() bit. So I think it should look like
> >>
> >> -> proxy(($self->url).'/'.REQUEST_URI,ssl_opts => { verify_hostname => 0
> >> } );
> >>
> >> The ssl_opts should get passed to LWP::UserAgent and maybe disable the
> >> hostname verification for the web service calls.
> >>
> >> Jason
> >>
> >>
> >> On Wed, Aug 27, 2014 at 11:34 AM, Arnold Pizer <
> apizer at math.rochester.edu
> >> > wrote:
> >>
> >>> Thanks. After sending the email, I realized that the problem wasn't
> >>> with the browser but figured someone with a deeper understanding would
> >>> respond.
> >>>
> >>> When we figure this out, it would be good if we could make a
> >>> configuration option that (1) disables hostname verification or (2)
> >>> does something else to make this problem easier to solve.
> >>>
> >>> Arnie
> >>>
> >>>
> >>> On Wed, Aug 27, 2014 at 2:19 PM, Jason Aubrey <aubreyja at gmail.com>
> >>> wrote:
> >>>
> >>>> I'll need to track down who really needs the cert, but in this case
> >>>> it's not the browser. I *think* it's LWP::UserAgent via
> >>>> LWP::Protocol::https. You can see here
> >>>>
> >>>>
> >>>>
> http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
> >>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=694e0ff4bb49d7042a44336317f7c7cc829d5d813697e43c845370e10f27db8d
> >
> >>>>
> >>>> It's description of how ssl requests can fail (which sounds like how
> >>>> ours are failing.) So, the deeper solution might be to fix it here by
> >>>> disabling the check:
> >>>>
> >>>> If hostname verification is requested by LWP::UserAgent's ssl_opts,
> >>>>> and neither SSL_ca_file nor SSL_ca_path is set, then SSL_ca_file is
> >>>>> implied to be the one provided by Mozilla::CA. If the Mozilla::CA
> module
> >>>>> isn't available SSL requests will fail. Either install this module,
> set up
> >>>>> an alternative SSL_ca_file or disable hostname verification
> >>>>>
> >>>>
> >>>> That's if I'm right about who is complaining.
> >>>>
> >>>> Jason
> >>>>
> >>>>
> >>>>
> >>>> On Wed, Aug 27, 2014 at 11:08 AM, Arnold Pizer <
> >>>> apizer at math.rochester.edu> wrote:
> >>>>
> >>>>> Hi John et all,
> >>>>>
> >>>>> I'm pretty sure I'm having the same problem. When I look at things
> >>>>> following Matt's suggestion, I see that the last module called is
> instructorXMLHandler.pm
> >>>>> and I see the error msg
> >>>>> Errors: 500 Can't connect to 192.168.56.101:443
> >>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://192.168.56.101:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=e09084ada64c076fd5495663842d43b8ab6e007ddf6f5804a79eb17d6621ab9a
> >
> >>>>> (certificate verify failed) at
> /opt/webwork/webwork2/lib/WebworkClient.pm
> >>>>> line 158. End Errors
> >>>>>
> >>>>> My problem is that I'm using a selfsigned certificate for testing.
> So
> >>>>> I don't think creating a self signed SSLCA certificate alone will
> solve the
> >>>>> problem. I think I should be able to get the browser to trust the
> >>>>> certificate and if this works it will be OK as long as only
> instructors
> >>>>> have this problem. Are there any things that students do (or will
> do) that
> >>>>> will bring up similar problems? If so, the option of using self
> signed
> >>>>> certificates will have to be abandoned.
> >>>>>
> >>>>> If anyone has gotten a browser to trust a self signed certificate or
> >>>>> can point me to a good reference, I would appreciate the hint.
> There seem
> >>>>> to be quite a few references, but I haven't found one that works
> yet. At
> >>>>> least now I know the problem is really with the SSL certificate.
> >>>>>
> >>>>> Arnie
> >>>>>
> >>>>>
> >>>>> On Wed, Aug 27, 2014 at 11:50 AM, John Jones <jj at asu.edu> wrote:
> >>>>>
> >>>>>> Can someone write a version of this explanation a la an apache for
> >>>>>> dummies?
> >>>>>>
> >>>>>> Arnie, can you check to see if this fixes the problem you
> encountered
> >>>>>> during mathfest?
> >>>>>>
> >>>>>> John
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Wed, Aug 27, 2014 at 8:40 AM, Jason Aubrey <aubreyja at gmail.com>
> >>>>>> wrote:
> >>>>>>
> >>>>>>> Thanks Matt - that worked!
> >>>>>>>
> >>>>>>> Jason
> >>>>>>>
> >>>>>>>
> >>>>>>> On Tue, Aug 26, 2014 at 4:56 PM, Matt Haught <matt_haught at ncsu.edu
> >
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Same problem here on our devel server but not our production. I
> have
> >>>>>>>> been scratching my head with it today. Our devel server also uses
> >>>>>>>> the
> >>>>>>>> incommon certs while the production is using godaddy from before
> we
> >>>>>>>> could get incommon. So that got me thinking... I have something
> >>>>>>>> for
> >>>>>>>> you to try that appears to have worked for us.
> >>>>>>>>
> >>>>>>>> Add a SSLCACertificateFile apache conf line and have it use the
> >>>>>>>> intermediate/root only cert (2nd link down in the InCommon email)
> >>>>>>>>
> >>>>>>>> Matt Haught
> >>>>>>>> North Carolina State University
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On Tue, Aug 26, 2014 at 5:49 PM, Jason Aubrey <aubreyja at gmail.com
> >
> >>>>>>>> wrote:
> >>>>>>>> > Well, at this point I think the error has something to do with
> >>>>>>>> how my ssl is
> >>>>>>>> > configured. Here is some evidence from my apache log with
> >>>>>>>> LogLevel info:
> >>>>>>>> >
> >>>>>>>> > There were a lot of errors: 500 Can't connect to
> >>>>>>>> > webwork.math.arizona.edu:443
> >>>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf
> >
> >>>>>>>> at /opt/webwork/webwork2/lib/WebworkClient.pm
> >>>>>>>> > line 158
> >>>>>>>> >
> >>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] SSL library
> >>>>>>>> error 1 in
> >>>>>>>> > handshake (server webwork.math.arizona.edu:443
> >>>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf
> >
> >>>>>>>> )
> >>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] SSL Library Error: 336151576
> >>>>>>>> > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
> ca
> >>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] Connection
> >>>>>>>> closed to
> >>>>>>>> > child 0 with abortive shutdown (server
> >>>>>>>> webwork.math.arizona.edu:443
> >>>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf
> >
> >>>>>>>> )
> >>>>>>>> >
> >>>>>>>> > So, you can see (1) that 'it' can't connect to
> >>>>>>>> webwork.math.arizona.edu:443
> >>>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf
> >
> >>>>>>>> > and (2) the ssl handshake seems to be dying due to an unknown
> >>>>>>>> certificate
> >>>>>>>> > authority. But if you looked at my server, you would see (3)
> >>>>>>>> that my
> >>>>>>>> > certificate authority is in fact well known:
> >>>>>>>> >>
> >>>>>>>> >> Issued By
> >>>>>>>> >>
> >>>>>>>> >> Common Name (CN) InCommon Server CA
> >>>>>>>> >>
> >>>>>>>> >> Organizaton (O) Internet2
> >>>>>>>> >>
> >>>>>>>> >> etc...
> >>>>>>>> >
> >>>>>>>> > Also, there is the fact that (4) my web browsers have no problem
> >>>>>>>> connecting
> >>>>>>>> > to the https site.
> >>>>>>>> > So,
> >>>>>>>> > (a) Maybe the perl module(s) running the webservice calls (LWP?)
> >>>>>>>> don't
> >>>>>>>> > recognize the certificate authority.
> >>>>>>>> > (b) Maybe the way my redirect to ssl is set up is messing with
> >>>>>>>> the web
> >>>>>>>> > service calls. (Permanent redirect to a *:443 vhost)
> >>>>>>>> > (c) Maybe there is some other configuration problem with my ssl
> >>>>>>>> set up.
> >>>>>>>> > (d) Maybe this is completely unrelated to the actual problem.
> >>>>>>>> >
> >>>>>>>> > Thanks for any ideas.
> >>>>>>>> > Jason
> >>>>>>>> >
> >>>>>>>> _______________________________________________
> >>>>>>>> webwork-devel mailing list
> >>>>>>>> webwork-devel at webwork.maa.org
> >>>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
> >>>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd
> >
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> webwork-devel mailing list
> >>>>>>> webwork-devel at webwork.maa.org
> >>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
> >>>>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd
> >
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> webwork-devel mailing list
> >>>>>> webwork-devel at webwork.maa.org
> >>>>>>
> >>>>>>
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Prof. Arnold K. Pizer
> >>>>> Dept. of Mathematics
> >>>>> University of Rochester
> >>>>> Rochester, NY 14627
> >>>>> (585) 766-8812
> >>>>>
> >>>>> _______________________________________________
> >>>>> webwork-devel mailing list
> >>>>> webwork-devel at webwork.maa.org
> >>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
> >>>>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459
> >
> >>>>>
> >>>>>
> >>>>
> >>>> _______________________________________________
> >>>> webwork-devel mailing list
> >>>> webwork-devel at webwork.maa.org
> >>>>
> >>>>
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Prof. Arnold K. Pizer
> >>> Dept. of Mathematics
> >>> University of Rochester
> >>> Rochester, NY 14627
> >>> (585) 766-8812
> >>>
> >>> _______________________________________________
> >>> webwork-devel mailing list
> >>> webwork-devel at webwork.maa.org
> >>> http://webwork.maa.org/mailman/listinfo/webwork-devel
> >>> <
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d
> >
> >>>
> >>>
> >>
> >> _______________________________________________
> >> webwork-devel mailing list
> >> webwork-devel at webwork.maa.org
> >>
> >>
> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d
> >>
> >>
> >
> >
> > --
> > Prof. Arnold K. Pizer
> > Dept. of Mathematics
> > University of Rochester
> > Rochester, NY 14627
> > (585) 766-8812
> >
> > _______________________________________________
> > webwork-devel mailing list
> > webwork-devel at webwork.maa.org
> > http://webwork.maa.org/mailman/listinfo/webwork-devel
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://webwork.maa.org/pipermail/webwork-devel/attachments/20140827/2f9a40aa/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> webwork-devel mailing list
> webwork-devel at webwork.maa.org
> http://webwork.maa.org/mailman/listinfo/webwork-devel
>
>
> End of webwork-devel Digest, Vol 41, Issue 22
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://webwork.maa.org/pipermail/webwork-devel/attachments/20140827/316b1e65/attachment-0001.html>
More information about the webwork-devel
mailing list