info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Recent SSL issue when verifying assertion
47 views
Skip to first unread message
James Shore
Mar 7, 2016, 10:38:49 PM3/7/16
to dev-id...@lists.mozilla.org
My logins started failing today when I try to verify the Persona assertion: “unable to verify the first certificate.”
When I use the command-line `http` tool to do a HTTP GET https://verifier.login.persona.org <https://verifier.login.persona.org/>, I get the following error:
SSLError: EOF occurred in violation of protocol (_ssl.c:590)
But when I load the same URL in Firefox, everything works fine. What could be happening here? I haven’t deployed new code. Is there a server-side config change that’s affecting me in some way?
Thanks,
Jim
--
James Shore - The Art of Agile
recipient of Gordon Pask Award for Contributions to Agile Practice
co-author of The Art of Agile Development
voice: +1 503-267-5490
email: jsh...@jamesshore.com
blog: http://jamesshore.com
When I use the command-line `http` tool to do a HTTP GET https://verifier.login.persona.org <https://verifier.login.persona.org/>, I get the following error:
SSLError: EOF occurred in violation of protocol (_ssl.c:590)
But when I load the same URL in Firefox, everything works fine. What could be happening here? I haven’t deployed new code. Is there a server-side config change that’s affecting me in some way?
Thanks,
Jim
--
James Shore - The Art of Agile
recipient of Gordon Pask Award for Contributions to Agile Practice
co-author of The Art of Agile Development
voice: +1 503-267-5490
email: jsh...@jamesshore.com
blog: http://jamesshore.com
stephen...@gmail.com
Mar 7, 2016, 11:41:46 PM3/7/16
to
This is affecting MozTrap, One and Done, Mozillians, One and Done, and probably other sites, on dev, staging, and production.
When we use the "requests" library in Python to verify the cert, we throw:
SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
- Stephen
John Morrison
Mar 8, 2016, 12:23:44 AM3/8/16
to dev-id...@lists.mozilla.org
On 03/07/16 20:41, stephen...@gmail.com wrote:
Hi, we had a misconfiguration in a change on the backend. Should be
better now. How's it look to you?
John
> _______________________________________________
> dev-identity mailing list
> dev-id...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity
Hi, we had a misconfiguration in a change on the backend. Should be
better now. How's it look to you?
John
> dev-identity mailing list
> dev-id...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-identity
Daniel Thorn
Mar 8, 2016, 3:59:53 PM3/8/16
to stephen...@gmail.com, dev-id...@lists.mozilla.org
I updated the ssl certs today, it will be rolled back soon.
On Monday, March 7, 2016, <stephen...@gmail.com> wrote:
> On Monday, March 7, 2016 at 7:38:49 PM UTC-8, James Shore wrote:
> > My logins started failing today when I try to verify the Persona
> assertion: "unable to verify the first certificate."
> >
> > When I use the command-line `http` tool to do a HTTP GET
> https://verifier.login.persona.org <https://verifier.login.persona.org/>,
> I get the following error:
> >
> > SSLError: EOF occurred in violation of protocol (_ssl.c:590)
> >
> > But when I load the same URL in Firefox, everything works fine. What
> could be happening here? I haven't deployed new code. Is there a
> server-side config change that's affecting me in some way?
> >
> > Thanks,
> > Jim
> >
> > --
> > James Shore - The Art of Agile
> > recipient of Gordon Pask Award for Contributions to Agile Practice
> > co-author of The Art of Agile Development
> >
> > voice: +1 503-267-5490
> > email: jsh...@jamesshore.com <javascript:;>
> dev-identity mailing list
> dev-id...@lists.mozilla.org <javascript:;>
> https://lists.mozilla.org/listinfo/dev-identity
>
--
-Daniel Thorn
Mozilla Services Operations Engineer
On Monday, March 7, 2016, <stephen...@gmail.com> wrote:
> On Monday, March 7, 2016 at 7:38:49 PM UTC-8, James Shore wrote:
> > My logins started failing today when I try to verify the Persona
> assertion: "unable to verify the first certificate."
> >
> > When I use the command-line `http` tool to do a HTTP GET
> https://verifier.login.persona.org <https://verifier.login.persona.org/>,
> I get the following error:
> >
> > SSLError: EOF occurred in violation of protocol (_ssl.c:590)
> >
> > But when I load the same URL in Firefox, everything works fine. What
> could be happening here? I haven't deployed new code. Is there a
> server-side config change that's affecting me in some way?
> >
> > Thanks,
> > Jim
> >
> > --
> > James Shore - The Art of Agile
> > recipient of Gordon Pask Award for Contributions to Agile Practice
> > co-author of The Art of Agile Development
> >
> > voice: +1 503-267-5490
> > blog: http://jamesshore.com
>
> Sorry, Jim - I don't have a solution, but wanted to note that Mozilla
> sites are also affected by something, starting around 7:56p PDT (perhaps
> earlier).
>
> This is affecting MozTrap, One and Done, Mozillians, One and Done, and
> probably other sites, on dev, staging, and production.
>
> When we use the "requests" library in Python to verify the cert, we throw:
>
> SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> - Stephen
> _______________________________________________
>
> Sorry, Jim - I don't have a solution, but wanted to note that Mozilla
> sites are also affected by something, starting around 7:56p PDT (perhaps
> earlier).
>
> This is affecting MozTrap, One and Done, Mozillians, One and Done, and
> probably other sites, on dev, staging, and production.
>
> When we use the "requests" library in Python to verify the cert, we throw:
>
> SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> - Stephen
> dev-identity mailing list
> dev-id...@lists.mozilla.org <javascript:;>
> https://lists.mozilla.org/listinfo/dev-identity
>
--
-Daniel Thorn
Mozilla Services Operations Engineer
Stephen Donner
Mar 8, 2016, 5:22:25 PM3/8/16
to Daniel Thorn, dev-id...@lists.mozilla.org
Thanks, Daniel -
This indeed fixed it for us.
- Stephen
On 3/7/2016 9:16 PM, Daniel Thorn wrote:
> I updated the ssl certs today, it will be rolled back soon.
>
> On Monday, March 7, 2016, <stephen...@gmail.com
This indeed fixed it for us.
- Stephen
On 3/7/2016 9:16 PM, Daniel Thorn wrote:
> I updated the ssl certs today, it will be rolled back soon.
>
> On Monday, March 7, 2016, <stephen...@gmail.com
> <mailto:stephen...@gmail.com>> wrote:
>
> On Monday, March 7, 2016 at 7:38:49 PM UTC-8, James Shore wrote:
> > My logins started failing today when I try to verify the Persona
> assertion: "unable to verify the first certificate."
> >
> > When I use the command-line `http` tool to do a HTTP GET
> https://verifier.login.persona.org
> <https://verifier.login.persona.org/>, I get the following error:
> >
> > SSLError: EOF occurred in violation of protocol (_ssl.c:590)
> >
> > But when I load the same URL in Firefox, everything works fine.
> What could be happening here? I haven't deployed new code. Is
> there a server-side config change that's affecting me in some way?
> >
> > Thanks,
> > Jim
> >
> > --
> > James Shore - The Art of Agile
> > recipient of Gordon Pask Award for Contributions to Agile Practice
> > co-author of The Art of Agile Development
> >
> > voice: +1 503-267-5490
> > email: jsh...@jamesshore.com <javascript:;>
>
> On Monday, March 7, 2016 at 7:38:49 PM UTC-8, James Shore wrote:
> > My logins started failing today when I try to verify the Persona
> assertion: "unable to verify the first certificate."
> >
> > When I use the command-line `http` tool to do a HTTP GET
> https://verifier.login.persona.org
> <https://verifier.login.persona.org/>, I get the following error:
> >
> > SSLError: EOF occurred in violation of protocol (_ssl.c:590)
> >
> > But when I load the same URL in Firefox, everything works fine.
> What could be happening here? I haven't deployed new code. Is
> there a server-side config change that's affecting me in some way?
> >
> > Thanks,
> > Jim
> >
> > --
> > James Shore - The Art of Agile
> > recipient of Gordon Pask Award for Contributions to Agile Practice
> > co-author of The Art of Agile Development
> >
> > voice: +1 503-267-5490
> > blog: http://jamesshore.com
>
> Sorry, Jim - I don't have a solution, but wanted to note that
> Mozilla sites are also affected by something, starting around
> 7:56p PDT (perhaps earlier).
>
> This is affecting MozTrap, One and Done, Mozillians, One and Done,
> and probably other sites, on dev, staging, and production.
>
> When we use the "requests" library in Python to verify the cert,
> we throw:
>
> SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> - Stephen
>
> Sorry, Jim - I don't have a solution, but wanted to note that
> Mozilla sites are also affected by something, starting around
> 7:56p PDT (perhaps earlier).
>
> This is affecting MozTrap, One and Done, Mozillians, One and Done,
> and probably other sites, on dev, staging, and production.
>
> When we use the "requests" library in Python to verify the cert,
> we throw:
>
> SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> - Stephen
0 new messages