Last modified: 2013-03-20 18:33:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T36788, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 34788 - Non-Wikipedia mobile domains use Wikipedia's SSL certificate


Summary:	Non-Wikipedia mobile domains use Wikipedia's SSL certificate

Status:	RESOLVED FIXED

Product:	Wikimedia
Classification:	Unclassified
Component:	SSL related (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Normal normal with 6 votes (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:	ops

Duplicates:	34833 35096 37024 37650 38412 46037 (view as bug list)
Depends on:
Blocks:	35760 35215 41184
	Show dependency tree / graph

Reported:	2012-02-29 09:17 UTC by Max Semenik
Modified:	2013-03-20 18:33 UTC (History)
CC List:	22 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
ugly error message in Firefox android (112.96 KB, image/png) 2013-02-08 17:21 UTC, Brion Vibber	Details
Errors on m.wikivoyage in Firefox (137.50 KB, image/png) 2013-03-12 19:11 UTC, Brion Vibber	Details
Windows Phone 7.5 error screen on wikivoyage (63.85 KB, image/png) 2013-03-12 19:12 UTC, Brion Vibber	Details
Add an attachment (proposed patch, testcase, etc.)

Description Max Semenik 2012-02-29 09:17:43 UTC

Try visiting https://en.m.wiktionary.org/wiki/Wiktionary:Main_Page - you'll get warning that host does not match certificate. The cert is issued to Wikipedia.

Comment 1 Sam Reed (reedy) 2012-02-29 13:56:18 UTC

RT #2541

Comment 2 Sam Reed (reedy) 2012-03-09 20:58:50 UTC

*** Bug 35096 has been marked as a duplicate of this bug. ***

Comment 3 Patrick Hayes 2012-03-15 18:11:44 UTC

*** Bug 34833 has been marked as a duplicate of this bug. ***

Comment 4 Max Semenik 2012-05-22 16:43:01 UTC

*** Bug 37024 has been marked as a duplicate of this bug. ***

Comment 5 DavidL 2012-06-13 13:26:36 UTC

How many months to resolve a Critical bug with High priority ?

Comment 6 DavidL 2012-07-15 13:17:29 UTC

(In reply to comment #1)
> RT #2541

This site has private access only.

How many years to solve a Critical problem with High priority ? No one is assigned to this bug, and no solution is proposed.

Comment 8 Huji 2012-10-13 03:13:56 UTC

On a related note, if you go to .com addresses (like https://en.wikipedia.com/) using HTTPS protocol, before you get forwarded to the .org address, you will get an error message regarding the SSL key. That is because the .com addresses use the SSL key that is for *.wikipedia.org

Comment 9 MZMcBride 2012-10-13 04:11:02 UTC

(In reply to comment #6)
> (In reply to comment #1)
>> RT #2541
> 
> This site has private access only.
> 
> How many years to solve a Critical problem with High priority ? No one is
> assigned to this bug, and no solution is proposed.

Well, it's obviously not a critical problem with high priority, then. If it were, it would have been fixed already, right? :-)

I'm gonna bump the priority down a bit, as the mobile sites not properly handling SSL isn't that critical, as I read it. It used to be that the mobile site was completely read-only, but maybe that's changed? I'm not sure what the critical or high priority parts would be here.

I think you're really asking for a status update from RT #2541. I'll CC a few a people on this bug who may be able to help with that.

(In reply to comment #8)
> On a related note, if you go to .com addresses (like https://en.wikipedia.com/)
> using HTTPS protocol, before you get forwarded to the .org address, you will
> get an error message regarding the SSL key. That is because the .com addresses
> use the SSL key that is for *.wikipedia.org

I split this out to bug 40998.

Comment 10 Tpt 2012-10-13 20:37:14 UTC

If the good certificates won't be added, is there a way to redirect users, that used "normal" website in https and click on "Mobile view" link, to mobile website using http ?

Comment 11 Dan Wolff 2012-11-11 12:22:17 UTC

...or remove the "Mobile view" link altogether when in https. Seriously - this really should be dealt with, even if we don't get good certificates.

Comment 12 DavidL 2013-01-12 00:47:58 UTC

Critical problems do not seems to be high priority for wikimedia...

Comment 13 Andre Klapper 2013-01-14 10:18:11 UTC

DavidL: "Critical" means "Crashes, loss of data" as per http://www.mediawiki.org/wiki/Bugzilla/Fields#Severity . That's not the case here.

With regard to the problems and the current status of this:

> The problem is that mobile is served by Varnish, whereas the main projects
> are still on Squid, and NGINX (HTTPS) will need to distinguish between the
> two in this new setup.

As for the current status, RobHa "emailed digicert to attempt to get ALL our domains as SANS on a single root level wikimedia.org certificate."

Comment 14 Brion Vibber 2013-02-08 17:21:12 UTC

Created attachment 11757 [details]
ugly error message in Firefox android

Comment 15 Alex Monk 2013-02-16 18:10:11 UTC

(In reply to comment #13)
> > The problem is that mobile is served by Varnish, whereas the main projects
> > are still on Squid, and NGINX (HTTPS) will need to distinguish between the
> > two in this new setup.
> 
> As for the current status, RobHa "emailed digicert to attempt to get ALL our
> domains as SANS on a single root level wikimedia.org certificate."

This was posted over a month ago. Any updates? Just had a user in #wikimedia-tech asking about https://uk.m.wikinews.org using a wikipedia cert.

Comment 16 jeremyb 2013-02-16 18:21:18 UTC

(In reply to comment #15)
> This was posted over a month ago. Any updates?

The RT ticket's had very recent progress. I wouldn't expect any further news at least until after the weekend.

Comment 17 Ruud Koot 2013-02-20 11:14:24 UTC

*** Bug 37650 has been marked as a duplicate of this bug. ***

Comment 18 Ruud Koot 2013-02-20 11:16:18 UTC

*** Bug 38412 has been marked as a duplicate of this bug. ***

Comment 19 Quim Gil 2013-02-26 23:34:13 UTC

Just in case it's related: I just logged in to English Wikipedia from my mobile device and a dialog showed up saying that wikivoyage.org certificate is untrusted.

Comment 20 Brion Vibber 2013-03-12 19:11:15 UTC

*** Bug 46037 has been marked as a duplicate of this bug. ***

Comment 21 Brion Vibber 2013-03-12 19:11:49 UTC

Created attachment 11917 [details]
Errors on m.wikivoyage in Firefox

Comment 22 Brion Vibber 2013-03-12 19:12:46 UTC

Created attachment 11918 [details]
Windows Phone 7.5 error screen on wikivoyage

Comment 23 Ryan Lane 2013-03-12 22:36:06 UTC

Done for all except for mediawiki.org

Comment 24 Ryan Lane 2013-03-12 22:37:06 UTC

mediawiki.org was accidentally left out of the unified certificate. We'll be ordering a new one soon.

Comment 25 Brion Vibber 2013-03-13 00:16:03 UTC

Note that m.wikipedia.org was also accidentally left off, so the unified cert is being rolled back.

Comment 26 Andre Klapper 2013-03-20 18:33:53 UTC

According to RobH "This was done and pushed out awhile ago, all done!"

Closing as FIXED.

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links

326374
aklapper
arichards
ariel
b
base-w
brion
bryan.endersstocker
bugzilla+org.wikimedia
danny.b
dzahn
headerfuturetree
huji.huji
lambdav
maarten
pfhayes
qgil
rlane32
sam
shealen.clare
thomaspt
twkozlowski