Old Railo Tickets

[Jamie Salvatori]

I apologize if this has been asked and answered.

In regards to old Railo tickets: Should comments be made on JBoss on older tickets? Should they be brought over to Lucee somehow?

Here's the ticket I'm interested in:

https://issues.jboss.org/browse/RAILO-2308

What's the proper process going forward? Thanks!

[Sean Corfield]

On Apr 17, 2015, at 9:41 AM, Jamie Salvatori <ja...@vat19.com> wrote:
> I apologize if this has been asked and answered.

It was discussed fairly heavily amongst early adopters of Lucee (and I think Adam blogged about it?) but it hasn’t come up recently so it’s worth covering again.

> In regards to old Railo tickets: Should comments be made on JBoss on older tickets? Should they be brought over to Lucee somehow?

The consensus was that folks who had created tickets in Railo’s JIRA that still cared about those tickets should recreate them in Lucee’s BitBucket.

The rationale is:

A lot of the tickets in Railo’s JIRA are old and quite probably outdated — and don’t affect much real world code in general (if the bug was never fixed, folks likely did a workaround in their code and no longer "need" the bug fixed; if it was an enhancement that was never implemented, folks are not relying on it and maybe the requirement for it is no longer there, or it was a bad idea in the first place).

So we don’t want "all old tickets" moved across.

By putting the burden on the original ticket creator — or someone who truly cares about the bug/enhancement and still encounters it on Lucee — we can be reasonably assured that any tickets created in BitBucket are valid and worth at least looking at.

Consider it an opportunity for a big "spring clean".

As for your specific case, RAILO-2308, have you verified the problem still exists on Lucee 4.5.1 (and Lucee 5)? If so, then it’s worth creating a new issue in BitBucket (and link to the old issue).

Sean Corfield -- (904) 302-SEAN
An Architect's View -- http://corfield.org/

"Perfection is the enemy of the good."
-- Gustave Flaubert, French realist novelist (1821-1880)

[Jamie Salvatori]

Thanks Sean.

I just upgraded to Lucee 4.5.1 and yes, the bug still exists.

I think this is a major issue as it renders CFHTTP useless in connecting over SSL to any URL whose SSL cert is using SNI. I suppose the alternative is to dip down into Java to make the connection. But since I have verified that this works in ACF10+, I think it would be great to get it working in Lucee.

I will raise a ticket.

However, I'm now curious how I would go about sponsoring this fix in order to get it expedited. Could someone from LAS chime in or hit me up directly with how much it'll cost?

Thanks!

[Alex Skinner]

Hi Jamie,

This sort of engine level fix could be done by Rasia.

I've CCed them to this email you should definitetly get in touch with them.

I'd include the bit bucket reference number

Thanks

Alex

--
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/c43dac94-77e4-45aa-9544-aa7026b15775%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Alex Skinner
Managing Director

Pixl8 Interactive, 3 Tun Yard, Peardon Street, London SW8 3HT, United Kingdom T: +44 [0] 845 260 0726• W: www.pixl8.co.uk• E: in...@pixl8.co.uk

Follow us on: Facebook Twitter LinkedIn

CONFIDENTIAL AND PRIVILEGED - This e-mail and any attachment is intended solely for the addressee, is strictly confidential and may also be subject to legal, professional or other privilege or may be protected by work product immunity or other legal rules. If you are not the addressee please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email it back to the sender and then immediately permanently delete it. Pixl8 Interactive Ltd Registered in England. Registered number: 04336501. Registered office: 8 Spur Road, Cosham, Portsmouth, Hampshire, PO6 3EB

[Jamie Salvatori]

For anybody else potentially interested in this issue... I was not able to mitigate the issue by using Java to connect to the server directly. I'm using version 1.7 of JRE and the error, when using Java directly, is the following:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have manually added the cert to my Java certificate store and it had no beneficial effect.

Please note that using CFHTTP (as well as Java) in ACF 10+ works flawlessly.

[Ken Redler]

I had a similar problem, also tried to solve it in Java (in which this behavior, I discovered, is not considered a bug), and finally, in the interest of expediency, worked around it by setting up a proxy in apache.

 - Ken

[Jamie Salvatori]

ACF uses the same Java. It works there. I believe this is a Lucee issue. 

-Jamie

You received this message because you are subscribed to a topic in the Google Groups "Lucee" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/lucee/Sgv8pnvUTcU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to lucee+un...@googlegroups.com.

To post to this group, send email to lu...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/17878c7d-9a90-451e-be7f-2fd03285adf3%40googlegroups.com.

[Simon Hooker]

ACF may relax the security settings - I've worked around this same issue by using node and telling it to ignore that specific security issue, not ideal as solutions go though.

As far as I am aware, this is not actually an SNI issue.  This is due to a change with GoDaddy certificates ( at least in the example of the domain I was looking at this was the case ) - http://tozny.com/blog/godaddys-ssl-certs-dont-work-in-java-the-right-solution/

[Konstantinos Liakos]

It doen't have to do with certificates only. The problem exists in webservers where there are multiple certificates installed.

Look at my last comment here with a real test case: https://bitbucket.org/lucee/lucee/issue/300/cfhttp-fails-over-ssl-with-sni

[Simon Hooker]

This looks like 2 different but similar sounding issues.  I'll look at your test case once I'm done cleaning up another ticket, but I think that the issue Jamie Salvatori was talking about is the one I was talking about where as the SNI one, which this ticket was originally for, is a different issue.