openoffice-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Bad site certificate
Date Sun, 04 Nov 2012 17:53:14 GMT

On Nov 1, 2012, at 5:39 PM, NoOp wrote:

> On 11/01/2012 10:45 AM, Andrea Pescetti wrote:
>> On 25/10/2012 NoOp wrote:
>>> On 10/25/2012 10:50 AM, Andrea Pescetti wrote:
>>>> The recommended way to access the OpenOffice site in HTTPS for those who
>>>> prefer it over HTTP is to use:
>>>> https://ooo-site.apache.org
>>> Like the above, the URL should be configured to automatically redirect
>>> to https://ooo-site.apache.org when an https request is received?
>> 
>> Apparently, this won't work since Infra says "Redirect won't work, as 
>> the SSL handshake precedes the first opportunity to send a redirect".
> 
> That doesn't make any sense as I've already demonstrated that the other
> https links to those IP addresses do indeed redirect.
> 
>> 
>> But you are welcome to weigh in directly on
>> https://issues.apache.org/jira/browse/INFRA-5450 :
>> registration is open to everyone.
> 
> Thanks, but no thanks. I suppose I could provide a server trace &
> wireshark session file etc., but I doubt that it will do any good to
> attempt to change Daniel Shahaf's mind.  You, however, might ask him
> just how the other https links work on those IP's, yet the OOo link does
> not, and why 443 is turned on for that URL to begin with if Apache do
> not intend to support https on that link.

If 443 were turned off then another vhost for another project would answer the request and
there would still be a warning.

If a *.openoffice.org certificate were purchased it would be secondary to *.apache.org and
older browsers would still have trouble. I've setup multiple certificates on httpd at work
and know this to be so. No way the ASF will put the *.openoffice.org certificate (if purchased)
first.

We can do a rewrite of https traffic to http but that happens after the handshake and the
security warning.

I doubt that this razor fine point is worth the effort and the tradeoff of increased complexity
for Infrastructure.

If we had a view of what browsers are used and how much is https we can measure the impact
and determine if effort here is worth it.

> 
>> And if in the end the most sensible solution is that we acquire a 
>> certificate for *.openoffice.org , this is surely something the PMC and 
>> Infra can look into. But it would be good to see the discussion in the 
>> issue page converge.

That discussion is there in the JIRA. You can see the bit above. It is an incremental improvement
effective for modern browsers.

Regards,
Dave

>> 
>> Regards,
>>   Andrea.
>> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
> For additional commands, e-mail: ooo-users-help@incubator.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org


Mime
View raw message