Bug 531364 – Webdav sync not working when SSL cert is not accepted

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 531364 - Webdav sync not working when SSL cert is not accepted


Summary:	Webdav sync not working when SSL cert is not accepted


Status:	RESOLVED NOTGNOME

Product:	tomboy
Classification:	Applications
Component:	General
Version:	0.10.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	Future
Assigned To:	Tomboy Maintainers
QA Contact:	Tomboy Maintainers

URL:
Whiteboard:	gnome[moved-to-github]

Depends on:
Blocks:

Reported:	2008-05-04 12:07 UTC by Pieter Ennes
Modified:	2017-07-31 12:37 UTC

See Also:
GNOME target:	---
GNOME version:	2.21/2.22

Description Pieter Ennes 2008-05-04 12:07:49 UTC

Please describe the problem:
When trying to set the synchronisation service to webdav and the remote service is https with a self-signed or otherwise invalid cert, wdfs asks to accept the certificate, but Tomboy does not notice this. Instead, a time-out occurs in the UI, and the wdfs mounter is left running with full CPU.

A checkbox to allow a user to ignore the cert warning would be great (wdfs -ac option)

Steps to reproduce:
1. Select webdav sync service in preferences
2. Enter URL with https scheme and self-signed cert
3. Enter credentials
4. Press save


Actual results:
In UI:
"Error connecting :(
Timeout connecting to server"

and wdfs hogging cpu in background with:

"
WARNING: untrusted server certificate for '*.domain.com':
 certificate is valid from Fri, 28 Dec 2007 07:27:51 GMT to Wed, 25 Jun 2008 07:27:51 GMT
 issued to: *.domain.com
 issued by: http://www.cacert.org, Root CA
 do you wish to accept this certificate? (y/n)
"

Expected results:
Mount it :)

Does this happen every time?
Yup

Other information:

Comment 1 Sandy Armstrong 2008-05-17 13:35:21 UTC

Sounds like a good idea, thanks.

Comment 2 Sandy Armstrong 2008-09-13 14:35:05 UTC

Can't do any UI changes for 0.12.x now, so this can't be entirely solved until the next cycle.

Comment 3 Sandy Armstrong 2009-02-16 19:35:05 UTC

Dang, we're in UI freeze again.  I'm going to add a hidden gconf preference for this, and we'll add a bit to the UI next cycle.  Actually, I'm toying with making this the default...

Comment 4 Pieter Ennes 2009-02-16 19:56:02 UTC

Although it would make my live easier I would be reluctant to accept all certs by default, as a a cert should better be valid of course :)

And self-signedness is only one of the things you can accept, domain mismatches are another.

Comment 5 Sandy Armstrong 2009-02-16 20:28:29 UTC

Added hidden pref in r2347.  Just enable this boolean key:

/apps/tomboy/sync/wdfs/accept_sslcert

Will talk about UI changes next cycle.  Leaving bug open for this.

Comment 6 Felix Richter 2009-03-24 19:24:01 UTC

I found a quick hack for this issue.
Simply add the '-ac' parameter after the URL.
http://localhost/webdav/tomboy -ac

No hidden keys needed to enable it.

Comment 7 Frederic Crozat 2011-02-03 12:12:46 UTC

still valid in 1.2.1, UI doesn't expose the gconf key.

Comment 8 André Klapper 2017-07-31 12:37:36 UTC

The Tomboy team has moved from GNOME Bugzilla to GitHub for bug reports and feature requests: 
      https://github.com/tomboy-notes/tomboy/issues/
Closing this report as NOTGNOME as part of Bugzilla Housekeeping (bug 781054) to keep tasks in one place. Please feel free to transfer this task to GitHub if this task is still valid in a recent Tomboy version. 
We are sorry for the inconvenience.