Mediawiki Scary Transclusion and SSL Self Signed Certificate



Mediawiki 1.26, Ubuntu 16.04.1.

Scary transclusion ($wgEnableScaryTranscluding) stopped working when we moved Wikis to HTTPS only. Were getting error scarytranscludefailed ("[Template fetch failed for $1]").

Turned out being that we are using self signed certificates.

Had to dive into includes/parser/Parser.php, function fetchScaryTemplateMaybeFromCache, and var_dump($status) after line 4125 to understand what was going on:

 object(Status)#405 (6) {
 ["sv":protected]=>
 object(StatusValue)#403 (6) {
   ["ok":protected]=>
   bool(false)
   ["errors":protected]=>
   array(1) {
     [0]=>
     array(3) {
       ["type"]=>
       string(5) "error"
       ["message"]=>
       string(15) "http-curl-error"
       ["params"]=>
       array(1) {
         [0]=>
         string(113) "error setting certificate verify locations:
 CAfile: /etc/ssl/certs/ca-certificates.crt
 CApath: /etc/ssl/certs"
       }
     }
   }

After importing the certificate into /etc/ssl/certs/ca-certificates.crt it began working again.

openssl s_client -showcerts -connect domain:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mycertfile.pem
sudo su
cat mycertfile.pem >>/etc/ssl/certs/ca-certificates.crt

Remember to set $wgTranscludeCacheExpiry = 0 during tests, or the cache will drive you mad.

(Comment added to $wgEnableScaryTranscluding discussion page).

Comments

Post a Comment

Popular posts from this blog

Instalação eToken Pro no Ubuntu 18.04 para acesso ao eCAC da RFB

Image
É muito fácil fazer o eToken Pro (no meu caso, fornecido pela Certisign) no Ubuntu 18.04 (Bionic Beaver) para acesso ao eCAC da RFB (Receita Federal do Brasil). No Debian deve ser semelhante. Utilizei alguns tutorias antigos, mas ainda funcionam e permitram a configuração do eToken em 15 min. Meu eToken é identificado desta maneira: dmesg [176128.683323] usb 3-8: new full-speed USB device number 4 using xhci_hcd [176128.832836] usb 3-8: New USB device found, idVendor= 0529 , idProduct= 0620 [176128.832839] usb 3-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [176128.832841] usb 3-8: Product: Token JC [176128.832842] usb 3-8: Manufacturer: SafeNet lsusb Bus 003 Device 004: ID 0529:0620 Aladdin Knowledge Systems Token JC Etapas Instalar pcscd Instalar SafeNet eToken Pro v9.1 Configurar eToken no Firefox Instalar cadeia de certificados ICP-Basil v2 no Firefox Acessar o eCAC da RFB Detalhamento 1. Instalar pcscd sudo apt install pcscd ...
Read more

Integrating Drupal 8 Webforms Submissions and Rocket Chat

Image
Use Case Wanted form submissions to be posted to a Rocket Chat channel. Drupal 8 Webform has Remote Post Handlers  ( Email & Remote Post Handlers section). First learned Rocket Chat API , specially the authentication part, and practiced with PostMan . Once got it working, started the integration. Got stuck on a point where Rocket Chat needed custom headers   ( Example Call section) to be sent but Webforms module would require the development of a custom module to address it. Gladly the main developer of Drupal 8 Webforms,  Jacob Rockowitz , was kind enough to add custom header capabilities to the module ( this is the issue ). The patch has just been committed and the feature is expected to be available in the next release of Webforms. I had to get the git version to get the patch. It easily worked! Then it was just a matter of:  figuring out how to submit a YAML array (Webforms) to a JSON array (RocketChat) for the attachments field of...
Read more

Ubuntu 17.10 - CIFS Mount Error Code -5

Image
All of a sudden a CIFS mount point stopped working. Probably after a kernel update, according to sources. Syslog got this: $ grep cifs /var/log/syslog Dec 28 09:56:12 hostname kernel: [141586.846065] CIFS VFS: cifs_mount failed w/return code = -5 Not really helpful, could be few different things. Turns out Samba now defaults to version 3 of protocol but the old server I connect to doesn't support it. Just add  vers=2.1 to the options and it is back working. On the command line: sudo mount -v -t cifs //server/mount$ /dir/dir -o credentials=/etc/samba/credentials ,vers=2.1 In fstab: //server/mount$  /dir/dir  cifs uid=user,gid=user,credentials=/etc/samba/credentials ,vers=2.1    0  0 Reference .
Read more