695450 – Retrace client - show meaningful message on failure

Bug 695450 - Retrace client - show meaningful message on failure

Summary: Retrace client - show meaningful message on failure

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	abrt
Sub Component:
Version:	15
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michal Toman
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-04-11 19:07 UTC by D.S. Ljungmark
Modified:	2015-03-23 00:41 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-06 09:42:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description D.S. Ljungmark 2011-04-11 19:07:54 UTC

Certificate is signed by an untrusted issuer: 'E=mtoman,CN=retrace01.fedoraproject.org,OU=BaseOS,O=Red Hat,L=Brno,C=CZ'.
Unexpected HTTP response from server: 503
HTTP/1.1 503 Service Unavailable

Date: Mon, 11 Apr 2011 18:59:20 GMT

Server: Apache/2.2.15 (Red Hat)

Content-Length: 0

AppTime: D=8232448

AppServer: retrace01.fedoraproject.org

Connection: close

Content-Type: text/plain



And well, 503 isn't that tasty, no?

Comment 1 Michal Toman 2011-04-12 07:46:22 UTC

Service unavailable means there are too many jobs running at the moment. The situation would be the same with other unexpected HTTP responses. Retrace client should display a meaningful error message depending on the returncode value.

Comment 2 Bruce O. Benson 2011-04-16 07:51:10 UTC

I'd like to bifurcate this one:

1.  Enable the user to sort/worry/ignore the "Certificate is signed..." issue.  

1a. Provide more information in the message that enables the user to make a trust decision.  For example, the message doesn't explicitly say the problem is with a server cert (it may be obvious to lots of folks, but client side certs are getting common).  And was it an SSL cert?  Was the error during an attempt to submit something signed by abrt (which would've made it a client side cert)?

1b. Provide a dialog to allow user to take action about the Certificate, such as import, trust, regen cert, ignore, go import Fedora's CA as trusted, etc. 

1c. Fedora installations should ship with any CAs needed to trust a Fedora project server cert.

1d. Fedora installation should generate all client-side certs uniquely at install.

2.  Can abrt just skip the analysis after some timeout (or any http error) and submit the bug anyway when there's already some clear info that something crashed, like the good old days?

Thanks!

Comment 3 Michal Toman 2011-05-02 14:23:35 UTC

Meaningful error messages have been added to both server and client side.

1. ABRT should deny any untrusted certificate because of security reasons. The only reason why we accept self-signed certificate is, that we don't have trusted Fedora-signed certificate yet. This should be available soon, definetly before F15 release. That means warnings are going to disappear.

2. If you want to skip analysis and just enter a text description of the problem, you can always create a bug manually.

Comment 4 Michal Toman 2011-05-06 09:42:19 UTC

Fixed in upstream git.

Comment 5 Fedora Update System 2011-05-06 10:53:59 UTC

abrt-2.0.2-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.2-1.fc15

Comment 6 Fedora Update System 2011-05-08 04:04:52 UTC

abrt-2.0.2-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/abrt-2.0.2-3.fc15

Note You need to log in before you can comment on or make changes to this bug.