Topic on Project:Support desk

VisualEditor and Mediawiki over https

4
Darmoric (talkcontribs)

Hi

I don't succeed to make usable VisualEditor.:

visualeditor-docserver-http-error: (curl error: 77) Problem with the SSL CA cert (path? access rights?).


Here is my stunnul4 configuration:

debug = 7

output = /var/log/stunnel4/stunnel.log

verify = 2

[parsoid]

cert = /shared/stunnel.mobolab.net.crt.pem

key = /shared/stunnel.mobolab.net-without-passphrase.key.pem

CAfile = /shared/chain.mobolab.crt.pem

accept  = 192.168.1.88:8143

connect = 192.168.1.88:8142


I can see that certificates are well loaded, but stunnel never communicates with port 8142.


What can be wrong ?


Thanks in advance

(parsoid was working well before trying to use https)


Darmoric (talkcontribs)

Here is my log: 2020.04.06 17:15:52 LOG6[cron]: Executing cron jobs

2020.04.06 17:15:52 LOG6[cron]: Cron jobs completed in 0 seconds

2020.04.06 17:15:52 LOG7[cron]: Waiting 86400 seconds

2020.04.06 17:15:52 LOG7[main]: Found 1 ready file descriptor(s)

2020.04.06 17:15:52 LOG7[main]: FD=4 events=0x2001 revents=0x0

2020.04.06 17:15:52 LOG7[main]: FD=7 events=0x2001 revents=0x1

2020.04.06 17:15:52 LOG7[main]: Service [parsoid] accepted (FD=3) from 192.168.1.88:35054

2020.04.06 17:15:52 LOG7[1]: Service [parsoid] started

2020.04.06 17:15:52 LOG7[1]: Setting local socket options (FD=3)

2020.04.06 17:15:52 LOG7[1]: Option TCP_NODELAY set on local socket

2020.04.06 17:15:52 LOG5[1]: Service [parsoid] accepted connection from 192.168.1.88:35054

2020.04.06 17:15:52 LOG6[1]: Peer certificate required

2020.04.06 17:15:52 LOG7[1]: TLS state (accept): before SSL initialization

2020.04.06 17:15:52 LOG3[1]: SSL_accept: Peer suddenly disconnected

2020.04.06 17:15:52 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

2020.04.06 17:15:52 LOG7[1]: Local descriptor (FD=3) closed

2020.04.06 17:15:52 LOG7[1]: Service [parsoid] finished (0 left)


Bawolff (talkcontribs)

as a guess, is php/curl set to use the custom cert you are using with stunnel?

Darmoric (talkcontribs)

Hi

Many thanks for your reply.

I just add this line in php.ini:


[curl]

curl.cainfo ="/etc/apache2/ssl/ca.pem"


ca.pem = certificates of CA + Intermediate

Am I wrong ? Do I have to add other certificates, modify options ?


Regards



Reply to "VisualEditor and Mediawiki over https"