| Time |
Nick |
Message |
| 06:01 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
| 07:03 |
|
agoben joined #evergreen |
| 07:06 |
|
rjackson_isl joined #evergreen |
| 08:19 |
|
alynn26 joined #evergreen |
| 08:40 |
|
rfrasur joined #evergreen |
| 08:41 |
|
dbwells joined #evergreen |
| 09:01 |
|
collum joined #evergreen |
| 09:28 |
|
terranm joined #evergreen |
| 09:39 |
terranm |
Happy Feedback Fest everyone! I just sent out an email to the list-servs with details. Here is the list of sandboxes and patches currently applied: https://docs.google.com/spreadsheets/d/1nDXg83ZAZlDYBxb0z59-hKqEjjPxpEuUssI2qtANax4/edit?usp=sharing |
| 09:40 |
terranm |
berick++ csharp++ Bmagic++ for building sandboxes! |
| 09:41 |
Bmagic |
in the face |
| 09:41 |
Bmagic |
Bugs are like monsters from The Mummy. They come out of the sand.... boxes |
| 09:42 |
terranm |
lol |
| 09:43 |
Bmagic |
If we could just get Brendan Fraser to test.... |
| 10:06 |
|
aabbee joined #evergreen |
| 10:07 |
rfrasur |
terranm++ |
| 11:11 |
|
sandbergja joined #evergreen |
| 12:35 |
terranm |
alynn26++ for already diving into pullrequest testing and signing off on four patches this morning! |
| 12:50 |
|
collum joined #evergreen |
| 13:03 |
|
dbwells_ joined #evergreen |
| 14:11 |
|
remingtron joined #evergreen |
| 14:12 |
bshum |
Well that's interesting... Chrome 80 doesn't let you bypass the self-signed certs anymore? :( |
| 14:15 |
bshum |
Oh, wait, I'm on v79. Let's update to 80 and see if it's better or worse... :D |
| 14:19 |
bshum |
Nope |
| 14:19 |
bshum |
Still doesn't work, blah |
| 14:27 |
bshum |
Well this'll be fun... |
| 14:30 |
bshum |
Bmagic: bugsquash.mobiusconsortium.org looks like the cert expired two days ago |
| 14:30 |
bshum |
But at least I can get past it since it used to be a legit cert and Google doesn't just completely kill the bypass options |
| 14:30 |
bshum |
But for self-signed on my own VMs locally with trying to get to it via IP, it bombs hard |
| 14:31 |
bshum |
Oh well, there's always Firefox, I guess? |
| 14:42 |
* bshum |
will need to ponder this and test some scenarios with the ssl cert generation and ansible installer |
| 14:55 |
jeff |
is there an issue documenting that change? |
| 14:56 |
jeff |
because i'm not able to reproduce based on your description. |
| 14:57 |
bshum |
Well I wonder if it's how ansible makes the cert during the installation |
| 14:57 |
bshum |
it sets it up with a hostname of "localhost" |
| 14:58 |
bshum |
And Chrome is blocking it from getting further now |
| 14:58 |
bshum |
I tried changing the Chrome setting for chrome://flags/#allow-insecure-localhost |
| 14:58 |
bshum |
But that seems to have done nothing too |
| 14:58 |
jeff |
do you have an exposed instance with such a cert i can test? |
| 14:59 |
bshum |
Possibly because it's an IP address, not actually localhost |
| 14:59 |
bshum |
No, it's private networking within my Virtualbox |
| 14:59 |
jeff |
wait, did something generate a cert for an IP address? |
| 14:59 |
bshum |
I've got to expand my testing radius a bit, sorry jeff |
| 15:00 |
bshum |
jeff: No, the automatically generated cert doesn't include the IP address |
| 15:00 |
bshum |
Just a hostname of localhost and "XX" for most of the default values |
| 15:00 |
bshum |
https://github.com/berick/evergreen-ansible-installer/blob/ubuntu-18.04/evergreen/apache.yml#L37 |
| 15:01 |
bshum |
This is the part of berick's ansible script which generates the SSL cert |
| 15:01 |
bshum |
I'm tracking back from that to see what the generated SSL cert is |
| 15:01 |
bshum |
And how that's making everything unhappy |
| 15:02 |
bshum |
And yeah, web_domain is "localhost" in the variable settings |
| 15:03 |
bshum |
I was going to move that cert out of the way and then retry using a standard cert creation and maybe set a real hostname |
| 15:03 |
bshum |
That works within my private network |
| 15:03 |
bshum |
To see if it handles it differently |
| 15:03 |
bshum |
But of course, I also just blew away that VM, so I have to redo the whole install first |
| 15:08 |
bshum |
jeff: The most I can find is Google talking about trying to kill off mixed content stuff - https://security.googleblog.com/2019/10/no-more-mixed-messages-about-https_3.html |
| 15:08 |
bshum |
But nothing about self-signed certs specifically (yet) |
| 15:10 |
bshum |
Though some vendors noted issues with v79 and v80 for self-signed certs - https://support.google.com/chrome/thread/28404872?hl=en |
| 15:10 |
bshum |
So that's what got me thinking on the issue |
| 15:10 |
bshum |
But perhaps it is just the way the certs are done and there's still some lifelines to be grabbed |
| 15:12 |
jeff |
``As of 2/13/2020 Chrome has updated to version 80.0.3987.106 which no longer causes issues with firewall management.'' |
| 15:12 |
jeff |
from a sonicwall article linked from your URL above: https://www.sonicwall.com/support/product-notification/resolved-unable-to-access-firewall-management-using-chrome-v80/200211160032277/ |
| 15:12 |
jeff |
doesn't reference a chromium issue, though. |
| 15:12 |
bshum |
Yup I saw that, and I do have 80.0.3987.106 |
| 15:13 |
bshum |
But I was still broken, so I wondered how they fixed it exactly, and whether it was something more specific we're missing |
| 15:14 |
bshum |
Oh cool...My Mac just black screened and rebooted itself... |
| 15:14 |
bshum |
That's fun |
| 15:16 |
|
sandbergja joined #evergreen |
| 15:16 |
jeff |
what happens when you run into the cert issue? interstitial repeats? can't actually see link/button to "proceed"? |
| 15:17 |
bshum |
There is no link to proceed |
| 15:17 |
bshum |
It just says invalid cert |
| 15:17 |
bshum |
There was a longer warning message too |
| 15:17 |
bshum |
But I lost it just now when my Mac rebooted itself |
| 15:18 |
bshum |
I'll get the exact message this time once it rebuilds the server again. Assuming it fails this time. |
| 15:31 |
pinesol |
[evergreen|Bill Erickson] LP1862395 Repair nested i18n Angular attribute - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=041f768> |
| 15:41 |
pinesol |
[evergreen|Terran McCanna] LP#1839359 Select element on login not accessible - <http://git.evergreen-ils.org/?p=Evergreen.git;a=commit;h=8d022fc> |
| 16:07 |
Bmagic |
bshum: oh! Sheesh. It's good now |
| 16:08 |
Bmagic |
mine is using letsencrypt |
| 16:11 |
bshum |
Bmagic: Yeah, letsencrypt worked fine for one of my other servers |
| 16:11 |
bshum |
But this self-signed cert thing is resulting is very broken behavior for me on Chrome |
| 16:11 |
bshum |
jeff did suggest to me a workaround by typing "thisisunsafe" into my browser and it let me through :D |
| 16:11 |
bshum |
It's just really weird |
| 16:12 |
bshum |
I need to retest on a different platform and see if it's a Mac+chrome problem |
| 16:12 |
bshum |
or if it's similar issue on other platforms too |
| 16:12 |
bshum |
See if it's a Mac thing or a Chrome thing, I guess |
| 16:12 |
bshum |
berick's ansible isn't the problem either, I generated a new self-signed cert and it was also unhappy with that |
| 16:28 |
bshum |
Bmagic++ # bugsquash worlds |
| 16:28 |
rhamby_ |
bshum: I get that too on my vm, you can start chrome from the command line with a flag that overrides it ... or use firefox (which is what I've been doing) |
| 16:30 |
rhamby_ |
bhsum: I think this is the parameter/flag : –ignore-certificate-errors |
| 16:41 |
bshum |
rhamby++ # I'll try that out when I get a moment to spin back up my local VMs again |
| 16:42 |
bshum |
I had a feeling it might end up being stuff like that |
| 16:42 |
bshum |
I just wish there was better ways of handling it all |
| 16:42 |
bshum |
Besides getting a real SSL cert :D |
| 16:53 |
bshum |
jeff++ |
| 17:48 |
|
sandbergja joined #evergreen |
| 18:00 |
pinesol |
News from qatests: Testing Success <http://testing.evergreen-ils.org/~live> |
| 19:37 |
|
JBoyer joined #evergreen |
| 21:47 |
|
remingtron_ joined #evergreen |
| 22:16 |
|
sandbergja joined #evergreen |
| 23:07 |
|
sandbergja joined #evergreen |
| 23:08 |
|
sandbergja_ joined #evergreen |
