Firefox redirects me when using https exception - c++

I'm testing a local HTTPS (in fact SSL) server with a fake test certificate and after adding an exception in Firefox 33.0 - Ubuntu (I can see the certificate is the test certificate I've created), every time I try to open the test url on my computer on port 4431, what happens is that Firefox redirects me to another url (http://www.kataweb.it).
I am completely clueless at this point, because from the logs of my application I can see Firefox forcefully closing the TCP/IP connection to localhost and then doing what it wants, even if I've got the right certificate exception.
Of course, other browsers such as Chromium, do behave as expected (those work just fine, they just display the strike-through https symbol).
What am I doing wrong? Or is Firefox wrong?
The local test server is written in C++ using openssl (Ubuntu 14.04 x64).
Cheers,

Apparently installing version 34.0 on Ubuntu fixed this problem.
At this point not sure if the cause was a poorly installed plug-in or not...

Related

Why is QSslSocket not emitting `readyRead()` signal when connecting from "BrowserStack" mobiles?

We are using QSslServer to accept https connections in form of QSslSockets and it's working for years in Windows, Mac, Ubuntu & Android's Chrome & Firefox.
To our surprise, the website connection is not happening if we use Browserstack's mobiles, which are supposedly not emulators. Our URL looks like: https://website.in: 2000; So it's not on port 443 or 80.
The web page doesn't open with Android 9, 10, 11, 12's Chromes.
No errors are seen with sslErrors(). Even calling ignoreSslErrors() didn't help.
After putting logs, we found that though the connection is happening, the QSslSocket::readyRead() is not emitted, which is called with our normal devices.
How to resolve this problem?
Following are creating the issues:
URL with non-standard port. We are using :2000 to host our website and that's not working for SSL authentication after initial connection. If we route our website through :443 then it starts working.
LetsEncrypt certificate. We had faced some issue in Mac in past, where the certificate generated using "LetsEncrypt.org" had to be explicitly accepted from Mac's certificate store. Here the similar issue is happening. After opening the website, certain images don't show up probably due to the same reasons.

Websockets not working with Powerpoint Add-in

I'm using a Microsoft add-in for Powerpoint called 'Web Viewer' (it's just an iframe, you insert a URL, it displays it in the slide).
I inserted a webpage that uses Socket.IO, and I'm seeing it is not able to connect to the server (even the long polling it's falling back on is not working).
Clearly this is not an issue with the add-in: Any ideas what is going on here?
I tested on Mac 10.13.4 (latest) / Powerpoint (16.12, Office 365 Home) (latest).
The same webpage works in an iframe in the latest Chrome, Firefox, Safari, IE11, so I'm thinking something wonky is going on with the embedded (Webkit) browser that Powerpoint is using on Mac.
The general request flow is:
Browser -> AWS ALB (with stickiness enabled) -> Nginx -> Node
UPDATE
Looked into this further, and having tested other pages that use Socket.IO, I think the only difference in their setups and here is the ALB.
Even with stickiness enabled, the load balancer is clearly seen (in the logs) passing traffic between all EC2s. This leads me to believe the cookie they use is either not being set or not being passed with the requests.
First of all, based on this github issue it should be possible to open a websocket.
There might be a problem with using the unsecure ws://. I know that officejs rejects all requests to http:// and forces you to use https:// with a secure certificate. So they might do the same with WebSockets and force you to use wss:// with a valid certificate.
You can test this more easily in Power Point Online with Chrome. The addin is the same but you get much better error logging in the Devtools Console (hit F12). If it's asecurity issue there should be an error message indicating it.
I had the same issue and S.Freederle is correct. Now I'm able to use socket.io via ngrok to create a secure tunnel (HttpS) to connect to my server and emit the data to my client side in office add-in.

Qt/OSX WebSocket opening handshake timed out

I just developed an Application in Qt that uses a WebSocket Server (QWebSocketServer). I did this under Linux and everything worked great, but when I ran the code on Mac OS I was unable to connect to the server from a webpage on Chrome.
The connection took ages, and I got WebSocket opening handshake timed out from Chrome after a few minutes.
In the end I went back to basics and tried Qt's example:
http://doc.qt.io/qt-5/qtwebsockets-sslechoserver-example.html
Exactly the same.
edit:
After removing SSL and using non-secure websockets it works, even on the same port.
Chrome on the Mac can access a secure Qt WebSocket server on a remote (non-Mac) computer, but Chrome on a remote computer times out while connecting to the Mac (securely) - so it would appear to be something wrong with the Qt QWebSocketServer example. It works fine on both Linux and Windows.
There is a connection being made (because the web browser fails instantly if the application isn't running or is closed), but for whatever reason it isn't completing.
Any idea what this might be, or how I can go about trying to track it down?
thanks!
As qt document(http://doc.qt.io/qt-5/qsslsocket.html) says:
Note: Secure Transport SSL backend on macOS may update the default keychain (the default is probably your login keychain) by importing your local certificates and keys. This can also result in system dialogs showing up and asking for permission when your application is using these private keys. If such behavior is undesired, set the QT_SSL_USE_TEMPORARY_KEYCHAIN environment variable to a non-zero value; this will prompt QSslSocket to use its own temporary keychain.
The issue here seems to be some interaction with MacOS's permissions system.
The first time you run the application and connect, the app will pop up a window asking for permissions to access your keychain (I guess to install the certificate).
If you close the dialog at that point, it won't come back, and it seems no QtWebSocketServer based programs will function from then on, until your reboot!

IE10 Page can't be displayed, other browsers can

I started with a problem connecting to a webservice on a remote server [internal] from a custom made program.
We tested the ws from Firefox and Chrome - both latest and it connects instantly. But in IE10 (latest version for windows 2012 not R2) we get a page can't be displayed error:
Make sure the web address https://remoteserver:9443 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.
Make sure TLS and SSL protocols are enabled. Go to Tools > Internet Options > Advanced > Settings > Security
I think that IE10 and our program are using the same system libraries, and thats the reason both cannot connect to the web service. If i solve the problem with IE i presume that i could connect to the ws from the program.
The url port is custom and OK as other browsers work. IE10 can open HTTPS connection to other remote servers.
I tried:
flushing DNS setting,
reinstalling the CA certificate. Certificate is valid in chrome.
enabling TLS1.0, TLS1.1, TLS1.2, SSLv3 and SSLv2
telnet to remote server on port 9443 works
Using developer tool in IE simulated IE 9, IE8, ...
ping to remote sever works
nslookup finds the remote server
What could be the cause of this issue?
A combination of hardening for PCI DSS(securing servers) and the webservice provider not announcing protocols that were enabled was causing the issue.
Moving the server out of PCIDSS policy made the webservice connection function normally.
The changes were displayed only after restarting the server, because of registry modification.
Thanks to #Steffen Ullrich for driving me in the right direction.

WebApp accessible via localhost but not 127.0.0.1

i'm running a webapp on Jetty with Maven on my machine (Win7 pro X64) and i'm experiencing some weird problems:
when i try to open it on my browser - it's accessible via localhost but not 127.0.0.1 or my local address (192.168.0.14).
when someone else from my local network tries to access the app he can do it via my computer name but not via my local address.
NOTE:
ping works for localhost and 127.0.0.1. also, i can access 127.0.0.1 (80) with telnet.
windows firewall is off (stopped the service)
nothing defined in hosts file
cleaning DNS and ARP chache didn't help
on other computers in the network the app works fine and i can access it via their ip. we all share the same pom.xml.
error says - "link appears to be
please help me find out what the hell can be the problem
thanks...
after a looong evening of trying pretty much everything i think i found the problem - Skype!
after running jetty successfully on 8080 i consulted a friend and he told me about the skype issue. after shutting down skype, jetty runs perfectly on port 80 as well :)
after a quick search i found this - http://www.mydigitallife.info/disable-skype-from-using-opening-and-listening-on-port-80-and-443-on-local-computer/
NOTE: for some reason Jetty isn't throwing an exception like a server should in this situation
If you are getting genuine 404 errors, then you are obviously connecting to the Jetty server, but Jetty is deciding not to serve up your application on that address.
It sounds like you've enable virtual hosting on the Jetty server, so that the application is bound only to specific host names, and is therefore not being served up on numeric IP addresses.
I'm not sure how you've wound up in that situation though.