Import shouldn't fail when a pod certificate is invalid
Flaburgan opened this issue · 7 comments
DiasporaFederation::Discovery::DiscoveryError: Failed to fetch https://diaspora.eigenlab.org/.well-known/webfinger?resource=acct:vcuculo@diaspora.eigenlab.org for vcuculo@diaspora.eigenlab.org: Faraday::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)
See full stack trace:
https://gist.githubusercontent.com/Flaburgan/beb704a006ae1a299f4e1caf11bd70c2/raw/e1a7729bd002dbe42171172a0a830f279151fa91/Import%2520from%2520diasp.org
diaspora.eigenlab.org uses a self signed, expired certificate. So this should not be used. The diaspora service is down.
This is informative message and can be ignored.
Reopen, because it seems that migration stops if a pod is not fetchable. In this case, by SSL problem.
Should a rescue 'OpenSSL::SSL::SSLError' be added to the 'entity_importer.rb
?
No, OpenSSL::SSL::SSLError is way too low-level and shouldn't be handled there, the federation code always (or should if it doesn't already) either raises a DiscoveryError or NotFetchable if something goes wrong on a lower level (connection problem, 404, SSL-errors, or whatever). The import code shouldn't need to handle all these low-level problems.
And this is actually weird, in this case it's a DiasporaFederation::Federation::Fetcher::NotFetchable that causes the problem, which is already handled there, so it shouldn't fail anymore? Was this test done with old code without NotFetchable already being handled there?
(1ec0314 was merged 10 days ago, this issue is newer, but maybe the test was done before that or before updating with this fix included?)
That test has been done the 8th of September with the commits from #8274 at that time.
OK, as far as I can see that PR didn't contain that fix at this time, but it should be fixed now, so closing this.