[foaf-protocols] openid4.me and foafssl.org on chromium

Henry Story henry.story at gmail.com
Fri Aug 13 12:31:58 CEST 2010


On 13 Aug 2010, at 11:59, Kingsley Idehen wrote:

> Henry Story wrote:
>> On 13 Aug 2010, at 01:06, Kingsley Idehen wrote:
>> 
>> 
>>> Henry Story wrote:
>>> 
>>>> Just noticed that with the latest chromium on Apple Mac OSS [1]
>>>> - that is todays' and the one I had just before that which I downloaded
>>>> a few weeks ago - has the same problem with the following sites:
>>>> 
>>>>  https://openid4.me/
>>>>  https://foaf.me/simpleLogin.php
>>>> 
>>>> When I go to one of those it will ask me for a certificate. Whatever certificate
>>>> I choose I get the following error
>>>> 
>>>> [[
>>>> SSL connection error.
>>>> 
>>>> Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
>>>> ]]
>>>> 
>>>> I don't get that error for Firefox or Opera on OSX.
>>>> 
>>>> Is this a bug in Chromium? Is it tracked? If so where can we vote it up?
>>>> 
>>>> 	Henry
>>>> 
>>>> 
>>>> [1] download chromium here
>>>> 
>>>> 
>>> Henry,
>>> 
>>> FWIW -- I used Chrome on Mac OS X against: <https://id.myopenlink.net/ods>, and it worked just fine. Mac OS X Keyring (Cert. Manger) presented me with my Certs, I picked the appropriate one for the <http://id.myopenlink.net/ods> dataspace and I was in :-)
>>> 
>> 
>> That is cool Kingsely. But that was not the issue.
>> 
>> I don't have any trouble with Chrome/ium logging into foaf+ssl enabled
>> sites. But I do have trouble logging into foaf.me and openid4.me.
>> 
> Isn't foaf.me a WebID protocol compliant site? While openid4.me a 
> WebID+OpenID compliant site?

yes on both counts. 
And it is the foaf+ssl part of the protocol that I was testing.


>> So there is something both those sites are doing that most other sites do not do.
>> Whetever they do that is different is something most other browsers don't seem to
>> care about. What they are doing may somehow be wrong and Chrome/ium may be correct 
>> to refuse the connection. But it is also quite likely that there is a bug in 
>> Chrome/ium. And we may as well fix that if we can.
>> 
> 
> Can't quite process the logic. You've somehow deemd these sites as 
> standards bearers for WebID (nee. FOAF+SSL) protocol and Browser 
> behaviour re. SSL/TLS connections? I am a little lost here, really.

This is how you duplicate the problem Kingsley.

for b a browser in ( Chromium Firefox Safari Opera ) {

  start $b

  println("Using Browser "+$b.getName()")

  make sure $b has a working foaf+ssl cert
  
  List urls = [ URL("https://foaf.me/simpleLogin.php")
                URL("https://openid4.me/")
                URL("https://foafss.org/srv/idp") 
                ...
              ]

  for u in urls {
     if $b.connectTo( $u )
        println("Success for "+ $u)
     else 
        println("Failure for "+ $u)
     end
  }
}


You will find that 
 - for all browsers except Chromium, you can successfully access https://foaf.me/simpleLogin.php and https://openid4.me/
 - all browsers including chromium can access
   https://foafssl.org/srv/idp

So the issue is now to understand what is it that Chromium is having
trouble with on the foaf.me and openid4.me sites.


> 
> What is the issue at hand here: WebID protocol and SSL/TLS compliant 
> user interaction compatibility or something else?

My guess is that it is the SSL/TLS part that is funky on openid4.me and foafssl.org . Funky enough to either trigger a Chromium bug or funky enough that Chromium reveals the SSL TLS bug on those sites. 

  Does that help?

> 
> 
> Kingsley
>> 
>> 
>> 
>> 
>> 
>>> Links:
>>> 
>>> 1. http://twitpic.com/2e49du/full
>>> 
>>> -- 
>>> 
>>> Regards,
>>> 
>>> Kingsley Idehen	      President & CEO OpenLink Software     Web: http://www.openlinksw.com
>>> Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca: kidehen 
>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	      
> President & CEO 
> OpenLink Software     
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen 
> 
> 
> 
> 
> 
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols



More information about the foaf-protocols mailing list