[ww-devel] The library browser not updating problem

Thu Aug 28 14:50:41 EDT 2014

Also in case you didn't see it Geoff submitted a pull request with a
modification to WebworkClient.pm that he says fixes it;

https://github.com/openwebwork/webwork2/pull/474

Jason

On Thu, Aug 28, 2014 at 11:45 AM, Arnold Pizer <apizer at math.rochester.edu>
wrote:

> Hi all,
>
> I got this working by creating my own Certification Authority following
> the directions at
> https://help.ubuntu.com/14.04/serverguide/certificates-and-security.html.
>
> I'll modify
>
> http://webwork.maa.org/wiki/Installation_Manual_for_2.9_on_Ubuntu_14.04#Create_a_self-signed_Certificate
> accordingly.  I'm not sure how much of what I did was needed.
>
> First I tried pointing SSLCACertificateFile to my original self signed
> certificate which some people say should work.  It didn't but I have read
> that the SSLCACertificateFile needs to be a .pem file and my file was a
> .crt file.  Maybe I should try generating a self signed pem file and point
> both SSLCACertificateFile and SSLCertificateFile there.
>
> But at least I have something that works.
>
> Arnie
>
>
> On Wed, Aug 27, 2014 at 5:53 PM, John Jones <jj at asu.edu> wrote:
>
>> I the problem arises from the ajax call, which is generated by jquery.  I
>> think the configuration change has to either be done when we send the
>> request (so in jquery's $.post command) or in the receiver, which is apache.
>>
>> John
>>
>>
>>
>> On Wed, Aug 27, 2014 at 12:33 PM, Arnold Pizer <apizer at math.rochester.edu
>> > wrote:
>>
>>> Hi Jason,
>>>
>>> No, I still get the same error. I also tried setting in
>>> webwork.apache2.4-conf
>>> PerlSetEnv PERL_LWP_SSL_VERIFY_HOSTNAME 0
>>> and a few similar things all to no avail.
>>>
>>> Arnie
>>>
>>>
>>> On Wed, Aug 27, 2014 at 2:45 PM, Jason Aubrey <aubreyja at gmail.com>
>>> wrote:
>>>
>>>> Arnie,
>>>>
>>>> We think might have a general solution, and you might be in the best
>>>> position to test it. In line 143 of WebworkClient.pm could you put
>>>>
>>>> ssl_opts => { verify_hostname => 0 }
>>>>
>>>> inside the ->proxy() bit.  So I think it should look like
>>>>
>>>> -> proxy(($self->url).'/'.REQUEST_URI,ssl_opts => { verify_hostname =>
>>>> 0 } );
>>>>
>>>> The ssl_opts should get passed to LWP::UserAgent and maybe disable the
>>>> hostname verification for the web service calls.
>>>>
>>>> Jason
>>>>
>>>>
>>>> On Wed, Aug 27, 2014 at 11:34 AM, Arnold Pizer <
>>>> apizer at math.rochester.edu> wrote:
>>>>
>>>>> Thanks.  After sending the email, I realized that the problem wasn't
>>>>> with the browser but figured someone with a deeper understanding would
>>>>> respond.
>>>>>
>>>>> When we figure this out, it would be good if we could make a
>>>>> configuration option that  (1) disables hostname verification or (2)
>>>>> does something else to make this problem easier to solve.
>>>>>
>>>>> Arnie
>>>>>
>>>>>
>>>>> On Wed, Aug 27, 2014 at 2:19 PM, Jason Aubrey <aubreyja at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> I'll need to track down who really needs the cert, but in this case
>>>>>> it's not the browser.  I *think* it's LWP::UserAgent via
>>>>>> LWP::Protocol::https.  You can see here
>>>>>>
>>>>>>
>>>>>> http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm
>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://search.cpan.org/~mschilli/LWP-Protocol-https-6.06/lib/LWP/Protocol/https.pm&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=694e0ff4bb49d7042a44336317f7c7cc829d5d813697e43c845370e10f27db8d>
>>>>>>
>>>>>> It's description of how ssl requests can fail (which sounds like how
>>>>>> ours are failing.)  So, the deeper solution might be to fix it here by
>>>>>> disabling the check:
>>>>>>
>>>>>> If hostname verification is requested by LWP::UserAgent's ssl_opts,
>>>>>>> and neither SSL_ca_file nor SSL_ca_path is set, then SSL_ca_file is
>>>>>>> implied to be the one provided by Mozilla::CA. If the Mozilla::CA module
>>>>>>> isn't available SSL requests will fail. Either install this module, set up
>>>>>>> an alternative SSL_ca_file or disable hostname verification
>>>>>>>
>>>>>>
>>>>>> That's if I'm right about who is complaining.
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 27, 2014 at 11:08 AM, Arnold Pizer <
>>>>>> apizer at math.rochester.edu> wrote:
>>>>>>
>>>>>>> Hi John et all,
>>>>>>>
>>>>>>> I'm pretty sure I'm having the same problem.  When I look at things
>>>>>>> following Matt's suggestion, I see that the last module called is instructorXMLHandler.pm
>>>>>>> and I see the error msg
>>>>>>> Errors: 500 Can't connect to 192.168.56.101:443
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://192.168.56.101:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=e09084ada64c076fd5495663842d43b8ab6e007ddf6f5804a79eb17d6621ab9a>
>>>>>>> (certificate verify failed) at /opt/webwork/webwork2/lib/WebworkClient.pm
>>>>>>> line 158. End Errors
>>>>>>>
>>>>>>> My problem is that I'm using a selfsigned certificate for testing.
>>>>>>>  So I don't think creating a self signed SSLCA certificate alone will solve
>>>>>>> the problem.  I think I should be able to get the browser to trust the
>>>>>>> certificate and if this works it will be OK as long as only instructors
>>>>>>> have this problem.  Are there any things that students do (or will do) that
>>>>>>> will bring up similar problems?  If so, the option of using self signed
>>>>>>> certificates will have to be abandoned.
>>>>>>>
>>>>>>> If anyone has gotten a browser to trust a self signed certificate or
>>>>>>> can point me to a good reference, I would appreciate the hint.  There seem
>>>>>>> to be quite a few references, but I haven't found one that works yet.  At
>>>>>>> least now I know the problem is really with the SSL certificate.
>>>>>>>
>>>>>>> Arnie
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 27, 2014 at 11:50 AM, John Jones <jj at asu.edu> wrote:
>>>>>>>
>>>>>>>> Can someone write a version of this explanation a la an apache for
>>>>>>>> dummies?
>>>>>>>>
>>>>>>>> Arnie, can you check to see if this fixes the problem you
>>>>>>>> encountered during mathfest?
>>>>>>>>
>>>>>>>> John
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 27, 2014 at 8:40 AM, Jason Aubrey <aubreyja at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Thanks Matt - that worked!
>>>>>>>>>
>>>>>>>>> Jason
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Aug 26, 2014 at 4:56 PM, Matt Haught <matt_haught at ncsu.edu
>>>>>>>>> > wrote:
>>>>>>>>>
>>>>>>>>>> Same problem here on our devel server but not our production. I
>>>>>>>>>> have
>>>>>>>>>> been scratching my head with it today.  Our devel server also
>>>>>>>>>> uses the
>>>>>>>>>> incommon certs while the production is using godaddy from before
>>>>>>>>>> we
>>>>>>>>>> could get incommon.  So that got me thinking...  I have something
>>>>>>>>>> for
>>>>>>>>>> you to try that appears to have worked for us.
>>>>>>>>>>
>>>>>>>>>> Add a SSLCACertificateFile apache conf line and have it use the
>>>>>>>>>> intermediate/root only cert (2nd link down in the InCommon email)
>>>>>>>>>>
>>>>>>>>>> Matt Haught
>>>>>>>>>> North Carolina State University
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Aug 26, 2014 at 5:49 PM, Jason Aubrey <aubreyja at gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>> > Well, at this point I think the error has something to do with
>>>>>>>>>> how my ssl is
>>>>>>>>>> > configured.  Here is some evidence from my apache log with
>>>>>>>>>> LogLevel info:
>>>>>>>>>> >
>>>>>>>>>> > There were a lot of errors: 500 Can't connect to
>>>>>>>>>> > webwork.math.arizona.edu:443
>>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>>>>> at /opt/webwork/webwork2/lib/WebworkClient.pm
>>>>>>>>>> > line 158
>>>>>>>>>> >
>>>>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] SSL
>>>>>>>>>> library error 1 in
>>>>>>>>>> > handshake (server webwork.math.arizona.edu:443
>>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>>>>> )
>>>>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] SSL Library Error: 336151576
>>>>>>>>>> > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
>>>>>>>>>> ca
>>>>>>>>>> > [Tue Aug 26 14:35:13 2014] [info] [client 127.0.0.1] Connection
>>>>>>>>>> closed to
>>>>>>>>>> > child 0 with abortive shutdown (server
>>>>>>>>>> webwork.math.arizona.edu:443
>>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>>>>> )
>>>>>>>>>> >
>>>>>>>>>> > So, you can see (1) that 'it' can't connect to
>>>>>>>>>> webwork.math.arizona.edu:443
>>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.math.arizona.edu:443&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=659704ee979814c39994ceb4ce07d99d6c2c6560c6cac50cdf09c2cb8a72a7bf>
>>>>>>>>>> > and (2) the ssl handshake seems to be dying due to an unknown
>>>>>>>>>> certificate
>>>>>>>>>> > authority.  But if you looked at my server, you would see (3)
>>>>>>>>>> that my
>>>>>>>>>> > certificate authority is in fact well known:
>>>>>>>>>> >>
>>>>>>>>>> >> Issued By
>>>>>>>>>> >>
>>>>>>>>>> >> Common Name (CN) InCommon Server CA
>>>>>>>>>> >>
>>>>>>>>>> >> Organizaton (O) Internet2
>>>>>>>>>> >>
>>>>>>>>>> >> etc...
>>>>>>>>>> >
>>>>>>>>>> > Also, there is the fact that (4) my web browsers have no
>>>>>>>>>> problem connecting
>>>>>>>>>> > to the https site.
>>>>>>>>>> > So,
>>>>>>>>>> > (a) Maybe the perl module(s) running the webservice calls
>>>>>>>>>> (LWP?) don't
>>>>>>>>>> > recognize the certificate authority.
>>>>>>>>>> > (b) Maybe the way my redirect to ssl is set up is messing with
>>>>>>>>>> the web
>>>>>>>>>> > service calls. (Permanent redirect to a *:443 vhost)
>>>>>>>>>> > (c) Maybe there is some other configuration problem with my ssl
>>>>>>>>>> set up.
>>>>>>>>>> > (d) Maybe this is completely unrelated to the actual problem.
>>>>>>>>>> >
>>>>>>>>>> > Thanks for any ideas.
>>>>>>>>>> > Jason
>>>>>>>>>> >
>>>>>>>>>> _______________________________________________
>>>>>>>>>> webwork-devel mailing list
>>>>>>>>>> webwork-devel at webwork.maa.org
>>>>>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> webwork-devel mailing list
>>>>>>>>> webwork-devel at webwork.maa.org
>>>>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> webwork-devel mailing list
>>>>>>>> webwork-devel at webwork.maa.org
>>>>>>>>
>>>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=hIi8Y6c%2BF6urweTkKtsDeHM2YeEf66fH%2BdSLpZNJEOE%3D%0A&s=f02b3d4aa31c9f5bdb0b9e2da8bbe66c3f5c55044c9d192f6f36541793737fbd
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Prof. Arnold K. Pizer
>>>>>>> Dept. of Mathematics
>>>>>>> University of Rochester
>>>>>>> Rochester, NY 14627
>>>>>>> (585) 766-8812
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> webwork-devel mailing list
>>>>>>> webwork-devel at webwork.maa.org
>>>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> webwork-devel mailing list
>>>>>> webwork-devel at webwork.maa.org
>>>>>>
>>>>>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=qcv1sUmY2mmPdAagwB7DjEHK%2FmPDlw6Qt7YtABKv6do%3D%0A&s=9c972ecbed0fdbb30c086953ea4315f9ae5d19e9d5bba619d57c28a460e32459
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Prof. Arnold K. Pizer
>>>>> Dept. of Mathematics
>>>>> University of Rochester
>>>>> Rochester, NY 14627
>>>>> (585) 766-8812
>>>>>
>>>>> _______________________________________________
>>>>> webwork-devel mailing list
>>>>> webwork-devel at webwork.maa.org
>>>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d>
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> webwork-devel mailing list
>>>> webwork-devel at webwork.maa.org
>>>>
>>>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=KO2RS6ixedrUyvT4arnoHWxFGWY%2BKXWHdd258XPl4sA%3D%0A&s=9fe3159f2d9a66ce99574df5e5079e1082892345249a223a33d5f01b48a2345d
>>>>
>>>>
>>>
>>>
>>> --
>>> Prof. Arnold K. Pizer
>>> Dept. of Mathematics
>>> University of Rochester
>>> Rochester, NY 14627
>>> (585) 766-8812
>>>
>>> _______________________________________________
>>> webwork-devel mailing list
>>> webwork-devel at webwork.maa.org
>>> http://webwork.maa.org/mailman/listinfo/webwork-devel
>>> <https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=sPqxTKzP%2BXUkKQzphH%2B0Vf%2BHx8y0AjIPpgR8Sic8eSY%3D%0A&s=94c62b5b43b030e6c4d27f9579ee92b47860f672b55a1385bba5bc7384c68d1c>
>>>
>>>
>>
>> _______________________________________________
>> webwork-devel mailing list
>> webwork-devel at webwork.maa.org
>>
>> https://urldefense.proofpoint.com/v1/url?u=http://webwork.maa.org/mailman/listinfo/webwork-devel&k=p4Ly7qpEBiYPBVenR9G2iQ%3D%3D%0A&r=g5j9%2FzBITNFXnOqzhQf%2B0b%2F2j5jSmy74eqJk2rpyoc4%3D%0A&m=sPqxTKzP%2BXUkKQzphH%2B0Vf%2BHx8y0AjIPpgR8Sic8eSY%3D%0A&s=94c62b5b43b030e6c4d27f9579ee92b47860f672b55a1385bba5bc7384c68d1c
>>
>>
>
>
> --
> Prof. Arnold K. Pizer
> Dept. of Mathematics
> University of Rochester
> Rochester, NY 14627
> (585) 766-8812
>
> _______________________________________________
> webwork-devel mailing list
> webwork-devel at webwork.maa.org
> http://webwork.maa.org/mailman/listinfo/webwork-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://webwork.maa.org/pipermail/webwork-devel/attachments/20140828/2e521740/attachment-0001.html>