Modify

Opened 2 years ago

Closed 7 weeks ago

#15748 closed defect (fixed)

Remote control HTTPS stays broken when keystore is unopenable

Reported by: midgard Owned by: Don-vip
Priority: normal Milestone: 19.10
Component: Core remotecontrol Version:
Keywords: template_report https certificate Cc: stoecker

Description

What steps will reproduce the problem?

  1. Remove preferences.xml (sometimes it gets corrupted and discarded, so this can occur naturally)
  2. remotecontrol/josm.keystore is now useless because the key for it is lost
  3. Open JOSM

What is the expected result?

JOSM discards the keystore, creates a new one.

What happens instead?

JOSM logs the messages below and does not start the remote control over HTTPS. It will never again start over HTTPS until you manually remove the file remotecontrol/josm.keystore.

INFO: RemoteControl::Accepting remote connections on /127.0.0.1:8111
INFO: RemoteControl::Accepting remote connections on /0:0:0:0:0:0:0:1:8111
FINE: java.io.IOException: Keystore was tampered with, or password was incorrect. Cause: java.security.UnrecoverableKeyException: Password verification failed
WARNING: Cannot start IPv4 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect
FINE: java.io.IOException: Keystore was tampered with, or password was incorrect. Cause: java.security.UnrecoverableKeyException: Password verification failed
WARNING: Cannot start IPv6 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect

Please provide any additional information below. Attach a screenshot if possible.

URL:http://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2017-12-31 03:09:43 +0100 (Sun, 31 Dec 2017)
Build-Date:2017-12-31 02:33:46
Revision:13265
Relative:URL: ^/trunk

Identification: JOSM/1.5 (13265) Linux
Memory Usage: 407 MB / 1749 MB (311 MB allocated, but free)
Java version: 1.8.0_144-b01, Oracle Corporation, OpenJDK 64-Bit Server VM
VM arguments: [-Djosm.restart=true, -Dawt.useSystemAAFontSettings=on]

Plugins:
+ Mapillary (v1.5.9)
+ apache-commons (33668)
+ apache-http (32699)
+ buildings_tools (33735)
+ ext_tools (33889)
+ reverter (33865)
+ tageditor (33806)
+ todo (30303)
+ turnlanes-tagging (260)
+ turnrestrictions (33780)
+ utilsplugin2 (33742)

Last errors/warnings:
- W: No configuration settings found.  Using hardcoded default values for all pools.
- W: Cannot start IPv4 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect
- W: Cannot start IPv6 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect

Attachments (0)

Change History (24)

comment:1 Changed 2 years ago by Don-vip

Keywords: https certificate added

See #10033 comments. We're discussing about geting rid of https completely or not.

comment:2 Changed 2 years ago by midgard

Okay, that's fine if it's just for localhost. Just make sure to coordinate with the osm-website guys. ;)

comment:3 Changed 2 years ago by Don-vip

Don't worry we won't remove anything before OSM website :)

comment:4 Changed 19 months ago by Don-vip

Milestone: 18.05

comment:5 Changed 19 months ago by Don-vip

Cc: stoecker added

This also needs to be fixed if https support is kept.

comment:6 Changed 19 months ago by stoecker

Hmm. As I'd prefer certs in X.509 this should be gone. Keystore all in memory. Much like the root cert loader.

comment:7 Changed 19 months ago by Don-vip

Milestone: 18.0518.06

comment:8 Changed 18 months ago by Don-vip

Owner: changed from team to stoecker

comment:9 Changed 18 months ago by Don-vip

Milestone: 18.0618.07

comment:10 Changed 17 months ago by Don-vip

Milestone: 18.0718.08

comment:11 Changed 16 months ago by Don-vip

Milestone: 18.0818.09

comment:12 Changed 15 months ago by Don-vip

Milestone: 18.0918.10

comment:13 Changed 14 months ago by Don-vip

Milestone: 18.1018.11

comment:14 Changed 13 months ago by Don-vip

Milestone: 18.1118.12

comment:15 Changed 11 months ago by Don-vip

Milestone: 18.1219.01

comment:16 Changed 11 months ago by Don-vip

Milestone: 19.0119.02

comment:17 Changed 10 months ago by Don-vip

Milestone: 19.0219.03

comment:18 Changed 8 months ago by Don-vip

Milestone: 19.0319.04

comment:19 Changed 7 months ago by Don-vip

Milestone: 19.0419.05

comment:20 Changed 7 months ago by Don-vip

Milestone: 19.05

comment:21 Changed 3 months ago by marc_marc

same issue ticket:10033#comment:87 same fix (don't forget to readd the certif for https://127.0.0.1:8112 into the nagivator for overpass turbo)

comment:22 Changed 3 months ago by midgard

That's not a fix, that's a workaround. In this issue's description, this workaround is already mentioned.

comment:23 Changed 7 weeks ago by Don-vip

Milestone: 19.10
Owner: changed from stoecker to Don-vip
Status: newassigned

comment:24 Changed 7 weeks ago by Don-vip

Resolution: fixed
Status: assignedclosed

In 15469/josm:

fix #10033, fix #15748, fix #17097 - drop remote control https support

Rationale: all modern browsers (including next version of Safari) allow mixed-content to localhost.

Cross-platform / cross-browser HTTPS support is a pain to maintain, was never completed, and is no longer needed.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Don-vip.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.