Weave's behavior during an SSL man-in-the-middle

[Mike Hanson]

While I was connected to a hotel WiFi network, but did not yet have a valid WiFi session, I observed this Weave log:

2009-10-14 15:42:13	Service.Main         DEBUG	Event: weave:service:sync:start

2009-10-14 15:42:13	Service.Main         DEBUG	Fetching global metadata record

2009-10-14 15:42:13	RecordMgr            TRACE	Importing record: https://sj-weave01.services.mozilla.com/0.5/michaelrhanson/storage/meta/global

2009-10-14 15:42:14	Service.CertListener DEBUG	Invalid HTTPS certificate encountered, ignoring!

2009-10-14 15:42:14	Net.Resource         DEBUG	GET request for https://sj-weave01.services.mozilla.com/0.5/michaelrhanson/storage/meta/global

2009-10-14 15:42:14	RecordMgr            DEBUG	Failed to import record: null JS Stack trace: Channel_onStopRequest([object XPCWrappedNative_NoHelper],null,2153394164)@resource.js:339 < Res__request(...)@resource.js:212 < Res_get()@resource.js:281 < RecordMgr_import("https://sj-weave01.services.mozilla.com/0.5/michaelrhanson/storage/meta/global")@wbo.js:133 < WeaveSvc__remoteSetup()@service.js:840 < ()@service.js:1110 < WrappedNotify()@util.js:115 < WrappedLock()@util.js:87 < WrappedCatch()@util.js:66 < sync(false)@service.js:1088 < ([object Object])@service.js:470 < notify([object XPCWrappedNative_NoHelper])@util.js:624

2009-10-14 15:42:14	Service.Main         DEBUG	Weave Version: 0.7 Compatible: 0.6pre3 Remote: 

2009-10-14 15:42:14	Service.Main         WARN	Unknown error while downloading metadata record. Aborting sync.

2009-10-14 15:42:14	Service.Main         DEBUG	Event: weave:service:sync:error

2009-10-14 15:42:14	Service.Main         DEBUG	Next sync in 86400 sec.

2009-10-14 15:42:14	Service.Main         DEBUG	Exception: aborting sync, remote setup failed No traceback available

The hotel network redirected SSL connections to a different endpoint and tried to handshake with me, which is really not the right thing to do. 

The observed result, however, is that now, a day later, I am not signed in to Weave.  Probably not a major problem, just noting the behavior.

m

[Mike Connor]

So, from that log, it looks like you'd already authenticated with
Weave previously, and this was an sync attempt that failed. The bad
interaction is that we implemented a behaviour for error handling that
just aborted the sync and tried again at the next sync interval.
Which was fine when we were syncing every five minutes, for all users.
Now that single-client users make that call once a day, it may not be
the best behaviour... can you file a bug on that?

-- Mike

[Mike Hanson]

After looking into a bit more, I think my exact breakage was due to a
bad interaction with another plugin (I had been fiddling around with
the People store).

Looking into the code, I think that an error during sync would in fact
drop into the backoff code; as far as I can tell we do not make a
distinction between an HTTP-level (503) and a network-level (bad SSL
handshake) error.

So in the normal case, we would simply treat this as we would a
backoff error, and try again after a reasonable interval. I don't
think there's a big problem there.

m