[asterisk-dev] Can't connect to Jira with Safari OS/X

Kevin P. Fleming kpfleming at digium.com
Fri Jul 15 06:36:21 CDT 2011 

On 07/15/2011 04:59 AM, Olle E. Johansson wrote:
>
> 8 jul 2011 kl. 18.23 skrev Kevin P. Fleming:
>
>> On 07/08/2011 10:51 AM, Olle E. Johansson wrote:
>>>
>>> 8 jul 2011 kl. 16.31 skrev Kevin P. Fleming:
>>>
>>>> On 07/08/2011 09:28 AM, Olle E. Johansson wrote:
>>>>> My Safari claims it can't open a secure connection to issues.asterisk.org
>>>>>
>>>>> Can someone at Digium forward this to IT staff? THe error message would not make sense to them, since it's localized into Swedish.
>>>>
>>>> The IT staff doesn't run the JIRA system, we here in Engineering do :-)
>>>>
>>>> In addition, we're aware of this problem, and it appears to be a bug in Safari. The Apache proxy that sits in front of JIRA is configured to request (but not require) an SSL client certificate, as we use that method for providing privileged access to some JIRA accounts. It seems that Safari does not know how to deal with this request properly, but other browsers handle it just fine. It doesn't seem to be restricted to OS/X either... Safari on Windows has the same problem.
>>>>
>>>> Unfortunately it's not possible to reconfigure Apache to avoid this problem; we don't know what HTTP user-agent is in use until after the SSL/TLS negotiations are completed.
>>>
>>> Check the SSLinsecurenegotiation parameter. I've just had a similar problem with an SSL client using a buggy OpenSSL. Maybe Safari suffers from the same.
>>>
>>> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation
>>
>> That's re-negotiation; I'm pretty sure that this problem is happening during the initial negotiation, not re-negotiation. If you don't mind, please confirm for me by trying to go to:
>>
>> https://issues.asterisk.org (without the /jira suffix)
>>
>> If that works, then it's caused by the client certificate request, because both URLs land at the same Apache instance, with a "<Location /jira>" stanza that asks for client verification.
>>
> Something changed. I am no longer getting an error message, but a select box for client certificate.

That's correct; I followed up on this thread last week to say that we'd 
corrected the renegotiation problem. The server still requests a client 
certificate, but it's not required, you can just tell your browser not 
to supply one.

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

More information about the asterisk-dev mailing list