Opened 7 years ago

Closed 7 years ago

#1589 closed defect (fixed)

[with patch] jmol -- using via https is a pain in the butt

Reported by: was Owned by: robertwb
Priority: major Milestone: sage-2.9.2
Component: graphics Keywords:
Cc: Merged in:
Authors: Reviewers:
Report Upstream: Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

If you try to use jmol over https, every single time
you display an image it displays the following dialog box:

"Client Authentication: The client is trying to ... Please select
the certificate:"

Then there is a list with no certificates, and a button "Details"
that when clicked does nothing.

This is really annoying.

Attachments (1)

1589-gnutls-cert.diff (1.0 KB) - added by robertwb 7 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 7 years ago by robertwb

This is a known issue with java and https. See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6186280

However, to use http we might need to sign the applet, which would be a (different) dialog.

There may be something we can change on the twisted side of things so that it knows not to ask for a client certificate. This I think is our best bet, but I am very unfamiliar with the notebook authentication code (but would be willing to learn).

comment:2 Changed 7 years ago by robertwb

I have confirmed that this is a twisted authentication issue, one can serve applets over https (and have said applets request resources) without this annoying dialog.

I'm looking into our authentication code now.

Changed 7 years ago by robertwb

comment:3 Changed 7 years ago by robertwb

  • Summary changed from jmol -- using via https is a pain in the butt to [with patch] jmol -- using via https is a pain in the butt

GNUTLS provides two options for client-side certificates, CERT_REQUEST and CERT_REQUIRE, both of which request a certificate. I found the place in the source that uses these constants, and if one sets the value to 0 (unexposed via in the api) a certificate won't be requested.

The least intrusive change was to spoof CERT_REQUEST=0 in the notebook run script. This finally gets rid of that dialog that's been haunting me for almost a year now (was there with the other java 3d viewers as well).

comment:4 Changed 7 years ago by robertwb

  • Owner changed from was to robertwb
  • Status changed from new to assigned

comment:5 Changed 7 years ago by mabshoff

  • Resolution set to fixed
  • Status changed from assigned to closed

Merged in 2.9.2.

Note: See TracTickets for help on using tickets.