develooper Front page | perl.cpan.testers.discuss | Postings from April 2020

Re: https://metabase.cpantesters.org/api/v1/: invalid securitycertificate

Thread Previous | Thread Next
From:
Doug Bell
Date:
April 3, 2020 17:00
Subject:
Re: https://metabase.cpantesters.org/api/v1/: invalid securitycertificate
Message ID:
34467613-D402-4F4B-A66E-3BB18D9C9418@preaction.me
I've talked with Fastly support and they're reinstating our wildcard cert. I fixed the Zendesk account attached to the CPAN Testers account and found a thread from last year saying they needed to move the domain to another cert but wouldn't without an OK from someone. I don't know if there were e-mails sent or if those e-mails got blackholed because the SMTP on cpantesters.org had been broken for a while, but it explains everything.

Once Fastly support does the last few steps, this should be resolved.

Thanks!


Doug Bell
doug@preaction.me



> On Apr 2, 2020, at 1:12 PM, James E Keenan <jkeenan@pobox.com> wrote:
> 
> On 4/2/20 1:23 PM, Slaven Rezic wrote:
>> Hi James,
>> I can confirm that the certificate is marked as invalid in my firefox, and also if calling the URL with lwp-request. However, my Test::Reporter-based report sender still works. It's just working because Test::Reporter::Transport::Metabase is using HTTP::Tiny, and HTTP::Tiny does not do certificate validation by default (see the verify_SSL option). Works:
>>     perl5.31.10 -MData::Dumper -MHTTP::Tiny -e 'warn Dumper(HTTP::Tiny->new->get("https://metabase.cpantesters.org/api/v1/"))'
> 
> With this (albeit with perl-5.30.0 and after installing IO::Socket::SSL and Net::SSLeay), I got a 404:
> 
> #####
> $ perl -MData::Dumper -MHTTP::Tiny -e 'warn Dumper(HTTP::Tiny->new->get("https://metabase.cpantesters.org/api/v1/"))'
> $VAR1 = {
>          'protocol' => 'HTTP/1.1',
>          'status' => '404',
>          'url' => 'https://metabase.cpantesters.org/api/v1/',
>          'content' => '<!DOCTYPE html>
> ...
> ',
>          'reason' => 'Not Found',
>          'success' => '',
>          'headers' => {
>                         'via' => [
>                                    '1.1 varnish',
>                                    '1.1 varnish'
>                                  ],
>                         'age' => '0',
>                         'content-length' => '20240',
>                         'x-cache-hits' => '0, 0',
>                         'x-cache' => 'MISS, MISS',
>                         'x-served-by' => 'cache-lcy19261-LCY, cache-bos4650-BOS',
>                         'date' => 'Thu, 02 Apr 2020 18:02:37 GMT',
>                         'connection' => 'keep-alive',
>                         'server' => 'Mojolicious (Perl)',
>                         'x-timer' => 'S1585850556.546659,VS0,VE2416',
>                         'accept-ranges' => 'bytes',
>                         'content-type' => 'text/html;charset=UTF-8'
>                       }
>        };
> #####
> 
> 
>> Fails:
>>     perl5.31.10 -MData::Dumper -MHTTP::Tiny -e 'warn Dumper(HTTP::Tiny->new(verify_SSL=>1)->get("https://metabase.cpantesters.org/api/v1/"))' 
> 
> With this, I got a 599:
> 
> #####
> $ perl -MData::Dumper -MHTTP::Tiny -e 'warn Dumper(HTTP::Tiny->new(verify_SSL=>1)->get("https://metabase.cpantesters.org/api/v1/"))' 
> $VAR1 = {
>          'headers' => {
>                         'content-length' => 81,
>                         'content-type' => 'text/plain'
>                       },
>          'content' => 'SSL connection failed for metabase.cpantesters.org: hostname verification failed
> ',
>          'reason' => 'Internal Exception',
>          'status' => 599,
>          'url' => 'https://metabase.cpantesters.org/api/v1/',
>          'success' => ''
>        };
> #####
> 
> 
>> Regards,
>>      Slaven
> 
> Thank you very much.
> Jim Keenan
> 
> 
>>> James E Keenan < jkeenan@pobox.com <mailto:jkeenan@pobox.com>> hat am 2. April 2020 um 14:29 geschrieben:
>>> 
>>> 
>>> Today I had occasion to call a program which uses
>>> App::cpanminus::reporter. I have run programs with that module hundreds
>>> of times before. The program failed with this output in the debugger.
>>> 
>>> #####
>>> error loading Test::Reporter::Transport::Metabase. Please install the
>>> missing module or choose a different transport mechanism.
>>> 
>>> at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm
>>> line 21.
>>> CPAN::Testers::Common::Client::Config::__ANON__[/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm:21]("\x{a}error loading Test::Reporter::Transport::Metabase. Please in"...) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 87
>>> CPAN::Testers::Common::Client::Config::mywarn(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), "\x{a}error loading Test::Reporter::Transport::Metabase. Please in"...) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 647
>>> CPAN::Testers::Common::Client::Config::_validate_transport(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), "transport", "Metabase uri https://metabase.cpantesters.org/api/v1/ id_file"...) called at error loading Test::Reporter::Transport::Metabase. Please install the missing module or choose a different transport mechanism.
>>> 
>>> at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm
>>> line 21.
>>> CPAN::Testers::Common::Client::Config::__ANON__[/usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm:21]("\x{a}error loading Test::Reporter::Transport::Metabase. Please in"...) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 87
>>> CPAN::Testers::Common::Client::Config::mywarn(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), "\x{a}error loading Test::Reporter::Transport::Metabase. Please in"...) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 647
>>> CPAN::Testers::Common::Client::Config::_validate_transport(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), "transport", "Metabase uri https://metabase.cpantesters.org/api/v1/ id_file"...) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 448
>>> CPAN::Testers::Common::Client::Config::_get_config_options(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), HASH(0x806c7d5b8)) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 41
>>> CPAN::Testers::Common::Client::Config::read(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8)) called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pm line 171
>>> App::cpanminus::reporter::_check_cpantesters_config_data(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900)) called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pm line 219
>>> App::cpanminus::reporter::run(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900)) called at cpanm-reporter.pl line 23
>>> line 448
>>> CPAN::Testers::Common::Client::Config::_get_config_options(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8), HASH(0x806c7d5b8)) called at /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm line 41
>>> CPAN::Testers::Common::Client::Config::read(CPAN::Testers::Common::Client::Config=HASH(0x806bdc0d8)) called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pm line 171
>>> App::cpanminus::reporter::_check_cpantesters_config_data(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900)) called at /usr/local/lib/perl5/site_perl/App/cpanminus/reporter.pm line 219
>>> App::cpanminus::reporter::run(CPAN::cpanminus::reporter::RetainReports=HASH(0x801e7e900)) called at cpanm-reporter.pl line 23
>>> #####
>>> 
>>> All the relevant modules are up to date on the machine where the program
>>> was run.
>>> 
>>> I examined
>>> /usr/local/lib/perl5/site_perl/CPAN/Testers/Common/Client/Config.pm. I
>>> zeroed in on the call to the internal method '_validate_transport'. I
>>> entered this URL into my browser:
>>> 
>>> https://metabase.cpantesters.org/api/v1/
>>> 
>>> I got the standard Firefox "Warning: Potential Security Risk Ahead"
>>> screen. When I clicked "Learn more...", I got:
>>> 
>>> #####
>>> Websites prove their identity via certificates. Firefox does not trust
>>> this site because it uses a certificate that is not valid for
>>> metabase.cpantesters.org. The certificate is only valid for
>>> c.sni.fastly.net.
>>> 
>>> Error code: SSL_ERROR_BAD_CERT_DOMAIN
>>> #####
>>> 
>>> (Hat-tip to BingOS.)
>>> 
>>> How can we fix this or how can I work-around it?
>>> 
>>> Thank you very much.
>>> Jim Keenan

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About