Bug 695450

Summary: Retrace client - show meaningful message on failure
Product: [Fedora] Fedora Reporter: D.S. Ljungmark <spider>
Component: abrtAssignee: Michal Toman <mtoman>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: anton, bbenson, dvlasenk, iprikryl, jmoskovc, kklic, mtoman, npajkovs, pknirsch, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-06 09:42:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description D.S. Ljungmark 2011-04-11 19:07:54 UTC 
Certificate is signed by an untrusted issuer: 'E=mtoman,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'.
Unexpected HTTP response from server: 503
HTTP/1.1 503 Service Unavailable

Date: Mon, 11 Apr 2011 18:59:20 GMT

Server: Apache/2.2.15 (Red Hat)

Content-Length: 0

AppTime: D=8232448

AppServer: retrace01.fedoraproject.org

Connection: close

Content-Type: text/plain



And well, 503 isn't that tasty, no?
Comment 1 Michal Toman 2011-04-12 07:46:22 UTC 
Service unavailable means there are too many jobs running at the moment. The situation would be the same with other unexpected HTTP responses. Retrace client should display a meaningful error message depending on the returncode value.
Comment 2 Bruce O. Benson 2011-04-16 07:51:10 UTC 
I'd like to bifurcate this one:

1.  Enable the user to sort/worry/ignore the "Certificate is signed..." issue.  

1a. Provide more information in the message that enables the user to make a trust decision.  For example, the message doesn't explicitly say the problem is with a server cert (it may be obvious to lots of folks, but client side certs are getting common).  And was it an SSL cert?  Was the error during an attempt to submit something signed by abrt (which would've made it a client side cert)?

1b. Provide a dialog to allow user to take action about the Certificate, such as import, trust, regen cert, ignore, go import Fedora's CA as trusted, etc. 

1c. Fedora installations should ship with any CAs needed to trust a Fedora project server cert.

1d. Fedora installation should generate all client-side certs uniquely at install.

2.  Can abrt just skip the analysis after some timeout (or any http error) and submit the bug anyway when there's already some clear info that something crashed, like the good old days?

Thanks!
Comment 3 Michal Toman 2011-05-02 14:23:35 UTC 
Meaningful error messages have been added to both server and client side.

1. ABRT should deny any untrusted certificate because of security reasons. The only reason why we accept self-signed certificate is, that we don't have trusted Fedora-signed certificate yet. This should be available soon, definetly before F15 release. That means warnings are going to disappear.

2. If you want to skip analysis and just enter a text description of the problem, you can always create a bug manually.
Comment 4 Michal Toman 2011-05-06 09:42:19 UTC 
Fixed in upstream git.
Comment 5 Fedora Update System 2011-05-06 10:53:59 UTC 
abrt-2.0.2-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.2-1.fc15
Comment 6 Fedora Update System 2011-05-08 04:04:52 UTC 
abrt-2.0.2-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.2-3.fc15