Opened 10 years ago

Closed 10 years ago

#1589 closed defect (fixed)

[with patch] jmol -- using via https is a pain in the butt

Reported by: was Owned by: robertwb
Priority: major Milestone: sage-2.9.2
Component: graphics Keywords:
Cc: Merged in:
Authors: Reviewers:
Report Upstream: Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Description

If you try to use jmol over https, every single time you display an image it displays the following dialog box:

"Client Authentication: The client is trying to ... Please select the certificate:"

Then there is a list with no certificates, and a button "Details" that when clicked does nothing.

This is really annoying.

Attachments (1)

1589-gnutls-cert.diff (1.0 KB) - added by robertwb 10 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 10 years ago by robertwb

This is a known issue with java and https. See http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6186280

However, to use http we might need to sign the applet, which would be a (different) dialog.

There may be something we can change on the twisted side of things so that it knows not to ask for a client certificate. This I think is our best bet, but I am very unfamiliar with the notebook authentication code (but would be willing to learn).

comment:2 Changed 10 years ago by robertwb

I have confirmed that this is a twisted authentication issue, one can serve applets over https (and have said applets request resources) without this annoying dialog.

I'm looking into our authentication code now.

Changed 10 years ago by robertwb

comment:3 Changed 10 years ago by robertwb

  • Summary changed from jmol -- using via https is a pain in the butt to [with patch] jmol -- using via https is a pain in the butt

GNUTLS provides two options for client-side certificates, CERT_REQUEST and CERT_REQUIRE, both of which request a certificate. I found the place in the source that uses these constants, and if one sets the value to 0 (unexposed via in the api) a certificate won't be requested.

The least intrusive change was to spoof CERT_REQUEST=0 in the notebook run script. This finally gets rid of that dialog that's been haunting me for almost a year now (was there with the other java 3d viewers as well).

comment:4 Changed 10 years ago by robertwb

  • Owner changed from was to robertwb
  • Status changed from new to assigned

comment:5 Changed 10 years ago by mabshoff

  • Resolution set to fixed
  • Status changed from assigned to closed

Merged in 2.9.2.

Note: See TracTickets for help on using tickets.