Last modified: 2013-03-20 18:33:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 34788 - Non-Wikipedia mobile domains use Wikipedia's SSL certificate
Non-Wikipedia mobile domains use Wikipedia's SSL certificate
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: Normal normal with 6 votes (vote)
: ---
Assigned To: Nobody - You can work on this!
: ops
: 34833 35096 37024 37650 38412 46037 (view as bug list)
Depends on:
Blocks: 35760 35215 41184
  Show dependency treegraph
 
Reported: 2012-02-29 09:17 UTC by Max Semenik
Modified: 2013-03-20 18:33 UTC (History)
22 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
ugly error message in Firefox android (112.96 KB, image/png)
2013-02-08 17:21 UTC, Brion Vibber
Details
Errors on m.wikivoyage in Firefox (137.50 KB, image/png)
2013-03-12 19:11 UTC, Brion Vibber
Details
Windows Phone 7.5 error screen on wikivoyage (63.85 KB, image/png)
2013-03-12 19:12 UTC, Brion Vibber
Details

Description Max Semenik 2012-02-29 09:17:43 UTC
Try visiting https://en.m.wiktionary.org/wiki/Wiktionary:Main_Page - you'll get warning that host does not match certificate. The cert is issued to Wikipedia.
Comment 1 Sam Reed (reedy) 2012-02-29 13:56:18 UTC
RT #2541
Comment 2 Sam Reed (reedy) 2012-03-09 20:58:50 UTC
*** Bug 35096 has been marked as a duplicate of this bug. ***
Comment 3 Patrick Hayes 2012-03-15 18:11:44 UTC
*** Bug 34833 has been marked as a duplicate of this bug. ***
Comment 4 Max Semenik 2012-05-22 16:43:01 UTC
*** Bug 37024 has been marked as a duplicate of this bug. ***
Comment 5 DavidL 2012-06-13 13:26:36 UTC
How many months to resolve a Critical bug with High priority ?
Comment 6 DavidL 2012-07-15 13:17:29 UTC
(In reply to comment #1)
> RT #2541

This site has private access only.

How many years to solve a Critical problem with High priority ? No one is assigned to this bug, and no solution is proposed.
Comment 8 Huji 2012-10-13 03:13:56 UTC
On a related note, if you go to .com addresses (like https://en.wikipedia.com/) using HTTPS protocol, before you get forwarded to the .org address, you will get an error message regarding the SSL key. That is because the .com addresses use the SSL key that is for *.wikipedia.org
Comment 9 MZMcBride 2012-10-13 04:11:02 UTC
(In reply to comment #6)
> (In reply to comment #1)
>> RT #2541
> 
> This site has private access only.
> 
> How many years to solve a Critical problem with High priority ? No one is
> assigned to this bug, and no solution is proposed.

Well, it's obviously not a critical problem with high priority, then. If it were, it would have been fixed already, right? :-)

I'm gonna bump the priority down a bit, as the mobile sites not properly handling SSL isn't that critical, as I read it. It used to be that the mobile site was completely read-only, but maybe that's changed? I'm not sure what the critical or high priority parts would be here.

I think you're really asking for a status update from RT #2541. I'll CC a few a people on this bug who may be able to help with that.

(In reply to comment #8)
> On a related note, if you go to .com addresses (like https://en.wikipedia.com/)
> using HTTPS protocol, before you get forwarded to the .org address, you will
> get an error message regarding the SSL key. That is because the .com addresses
> use the SSL key that is for *.wikipedia.org

I split this out to bug 40998.
Comment 10 Tpt 2012-10-13 20:37:14 UTC
If the good certificates won't be added, is there a way to redirect users, that used "normal" website in https and click on "Mobile view" link, to mobile website using http ?
Comment 11 Dan Wolff 2012-11-11 12:22:17 UTC
...or remove the "Mobile view" link altogether when in https. Seriously - this really should be dealt with, even if we don't get good certificates.
Comment 12 DavidL 2013-01-12 00:47:58 UTC
Critical problems do not seems to be high priority for wikimedia...
Comment 13 Andre Klapper 2013-01-14 10:18:11 UTC
DavidL: "Critical" means "Crashes, loss of data" as per http://www.mediawiki.org/wiki/Bugzilla/Fields#Severity . That's not the case here.

With regard to the problems and the current status of this:

> The problem is that mobile is served by Varnish, whereas the main projects
> are still on Squid, and NGINX (HTTPS) will need to distinguish between the
> two in this new setup.

As for the current status, RobHa "emailed digicert to attempt to get ALL our domains as SANS on a single root level wikimedia.org certificate."
Comment 14 Brion Vibber 2013-02-08 17:21:12 UTC
Created attachment 11757 [details]
ugly error message in Firefox android
Comment 15 Alex Monk 2013-02-16 18:10:11 UTC
(In reply to comment #13)
> > The problem is that mobile is served by Varnish, whereas the main projects
> > are still on Squid, and NGINX (HTTPS) will need to distinguish between the
> > two in this new setup.
> 
> As for the current status, RobHa "emailed digicert to attempt to get ALL our
> domains as SANS on a single root level wikimedia.org certificate."

This was posted over a month ago. Any updates? Just had a user in #wikimedia-tech asking about https://uk.m.wikinews.org using a wikipedia cert.
Comment 16 jeremyb 2013-02-16 18:21:18 UTC
(In reply to comment #15)
> This was posted over a month ago. Any updates?

The RT ticket's had very recent progress. I wouldn't expect any further news at least until after the weekend.
Comment 17 Ruud Koot 2013-02-20 11:14:24 UTC
*** Bug 37650 has been marked as a duplicate of this bug. ***
Comment 18 Ruud Koot 2013-02-20 11:16:18 UTC
*** Bug 38412 has been marked as a duplicate of this bug. ***
Comment 19 Quim Gil 2013-02-26 23:34:13 UTC
Just in case it's related: I just logged in to English Wikipedia from my mobile device and a dialog showed up saying that wikivoyage.org certificate is untrusted.
Comment 20 Brion Vibber 2013-03-12 19:11:15 UTC
*** Bug 46037 has been marked as a duplicate of this bug. ***
Comment 21 Brion Vibber 2013-03-12 19:11:49 UTC
Created attachment 11917 [details]
Errors on m.wikivoyage in Firefox
Comment 22 Brion Vibber 2013-03-12 19:12:46 UTC
Created attachment 11918 [details]
Windows Phone 7.5 error screen on wikivoyage
Comment 23 Ryan Lane 2013-03-12 22:36:06 UTC
Done for all except for mediawiki.org
Comment 24 Ryan Lane 2013-03-12 22:37:06 UTC
mediawiki.org was accidentally left out of the unified certificate. We'll be ordering a new one soon.
Comment 25 Brion Vibber 2013-03-13 00:16:03 UTC
Note that m.wikipedia.org was also accidentally left off, so the unified cert is being rolled back.
Comment 26 Andre Klapper 2013-03-20 18:33:53 UTC
According to RobH "This was done and pushed out awhile ago, all done!"

Closing as FIXED.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links