Bug#851776: [www.debian.org] submit_vendor.pl fails when checking URLs with HTTPS (e.g. LetsEncrypt Certs)
Package: www.debian.org
Severity: normal
User: debian-www@lists.debian.org
Usertags: cgi.debian.org
Alexander Delanoe reported (in
https://lists.debian.org/debian-www/2017/01/msg00080.html )that submit
CD vendors using the form in the website fails for certain HTTPS URL.
The script fails with:
The following entries were submitted:
Submission-Type: new
Vendor: Test vendor
URL: https://france.debian.net
The specified web site (https://france.debian.net) cannot be accessed.
The error message returned was: 500 Can't connect to
france.debian.net:443 (certificate verify failed)
If you don't understand this error message, please contact us.
Entry not submitted!
Paul Wise pointed me to https://wiki.debian.org/ServicesSSL which
explains that the machines administered by DSA have a custom setup for
SSL verification, and shows a workaround for scripts using Perl.
I'm submitting also a patch for the submit_cdvendor.pl
I've mad a small script (attached) to test the relevant code, and it
seems to work as intended.
I'm not sure how to handle this bug. My understanding:
* Wait some days for other people to review, and then commit the patch
into git.debian.org/git/debwww/cgi.git
* After that, add the following tags:
User: debian-admin@lists.debian.org
Usertags: needed-by-DSA-Team ssl
And forward to DSA for deployment, I guess, but how? Creating an RT
ticket and pointing to this bug? or are the usertags enough?
* When the website is fixed, I'll edit
https://wiki.debian.org/ServicesSSL to add the script in the "users"
section.
Please correct me if there is a better way.
Thanks
--
Laura Arjona Reina
https://wiki.debian.org/LauraArjona
Reply to: