[openlp-dev] Windows and SSL

Tomas Groth second at tgc.dk
Sat Feb 18 10:30:35 EST 2017


Hi all,

I think Chris' "lightbulb moment", is exactly what we want to do - use
WinInet to connect to the https sites we connect to, either in response to
the SSL error, or to prevent it. Note that is isn't just an issue in the
FTW. We also have this issue in the SongSelect integration, and potentially
also the webbibles.
I google'd a bit and behold, an example of how to do it:
https://github.com/saveenr/saveenr/blob/master/Demos/python/net_wininet_httpdownload.py
BTW, we should probably verify that using WinInet actually triggers a
download of the certificate.

Best regards,
Tomas


2017-02-18 11:28 GMT+01:00 Chris Hill <chris at minkus.me.uk>:

> I would be wary of the proposed solution to 2 – I suspect it will do
> different things depending on which web browser is set as default (recipe
> for weird bugs when people have Chrome / IE / Edge / FireFox / Opera / Lynx
> as their default browser).
>
>
>
> Is there any documentation regarding the issues with Python and SSL?
>
>
>
> If we need a call to trigger the certificate download before we do it ‘for
> real’, can we use WinInet or WinHTTP instead? (if necessary a small native
> Windows app that performs the call for us?)
>
>
>
> **lightbulb moment** Can we perform the call inside the OpenLP installer?
>
>
>
> Just some thoughts.
>
> --
>
>
>
> 'Therefore, if anyone is in Christ, he is a new creation;
>
> the old has gone, the new has come!' - 2 Corinthians 5v17
>
> chris at minkus.me.uk
>
>
>
>
>
>
>
> *From:* openlp-dev [mailto:openlp-dev-bounces at openlp.io] *On Behalf Of *Tim
> and Alison Bentley
> *Sent:* 18 February 2017 07:21
> *To:* OpenLP Developers <openlp-dev at openlp.io>
> *Subject:* Re: [openlp-dev] Windows and SSL
>
>
>
> My 2 Rand!
>
>
>
> 1) will be an endless set of changes trying to keep track of the root
> certificates and my give us different problems
>
>
>
> 2) it OpenLP has not run on a machine on windows issue a command to get
> the certificates. As you say it can be done in the background but could be
> done as a step in the FTW so it is obvious what is being done.
>
>
>
> process = subprocess.Popen("explore.exe https://get.openlp.io",
>
>                                shell=True,
>
>                                stdout=subprocess.PIPE,
>
>                                stderr=subprocess.PIPE)
>
>
>
> Tim
>
>
>
> On 18 February 2017 at 04:19, Raoul Snyman <raoul at snyman.info> wrote:
>
> Hello everyone,
>
> As some of you might know, we're having SSL issues on Windows. This is
> because Windows does not ship with all the root certificates and downloads
> them on the fly. Our current advice to people is to go to
> https://get.openlp.org/ in Internet Explorer or Edge and then try the
> First Time Wizard again (same applies to SongSelect).
>
> However, this is really tedious because we have to tell each and every
> person who visits the forums or IRC or e-mails the support system about it.
> There must be a better way. Sadly, Microsoft is not going to do anything
> about this, and unless Python changes the way they do things on Windows,
> we're probably going to be stuck with the problem.
>
> I see only 2 real options here.
>
> 1. Bundle all the root certs with OpenLP on Windows. We can tell Python
> where to find them.
>
> 2. When we want to access an https page, do some sort of pre-flight
> calling some internal Windows function to get the certs for us.
>
> Does anyone else have any ideas for how to solve this?
>
> In the mean time I'm going to write up a blog post and put a sticky post
> in the forums about this.
>
> --
> Raoul Snyman
> +1 (520) 490-9743
> raoul at snyman.info
> _______________________________________________
> openlp-dev mailing list
> openlp-dev at openlp.io
> https://lists.openlp.io/mailman/listinfo/openlp-dev
>
>
>
>
>
> --
>
> Tim and Alison Bentley
> Home at TRARBentley.net
>
> _______________________________________________
> openlp-dev mailing list
> openlp-dev at openlp.io
> https://lists.openlp.io/mailman/listinfo/openlp-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openlp.io/pipermail/openlp-dev/attachments/20170218/b4b501f4/attachment.html>


More information about the openlp-dev mailing list