Originally this problem depends on this bug: https://bugs.documentfoundation.org/show_bug.cgi?id=72277 It is impossible to connect via LibreOffice 4.4 on Debian (.deb) to a https (http work!) CMIS server, after apply the login credentials nothing happens. You can try this: [fail] https://cmis.alfresco.com/cmisatom [work] http://cmis.alfresco.com/cmisatom username: admin password: admin strace debug: [...] [pid 10811] stat("/home/samuel/.mozilla/firefox/lw5s3dll.default/cert8.db", {st_mode=S_IFREG|0600, st_size=704512, ...}) = 0 [pid 10811] open("/home/samuel/.mozilla/firefox/lw5s3dll.default/cert8.db", O_RDWR) = 33 [pid 10811] fcntl(33, F_SETFD, FD_CLOEXEC) = 0 [pid 10811] read(33, "\0\6\25a\0\0\0\2\0\0\4\322\0\0@\0\0\0\0\16\0\0\1\0\0\0\1\0\0\0\0\10"..., 260) = 260 [pid 10811] lseek(33, 180224, SEEK_SET) = 180224 [pid 10811] read(33, "&\0\367?\364?7?\254:\3409\2135&5\226010\251/\210/\5/\236.T*,*"..., 16384) = 16384 [pid 10811] stat("/home/samuel/.mozilla/firefox/lw5s3dll.default/key3.db", {st_mode=S_IFREG|0600, st_size=32768, ...}) = 0 [pid 10811] open("/home/samuel/.mozilla/firefox/lw5s3dll.default/key3.db", O_RDWR) = 34 [pid 10811] fcntl(34, F_SETFD, FD_CLOEXEC) = 0 [pid 10811] read(34, "\0\6\25a\0\0\0\2\0\0\4\322\0\0 \0\0\0\0\r\0\0\1\0\0\0\1\0\0\0\0\10"..., 260) = 260 [pid 10811] lseek(34, 8192, SEEK_SET) = 8192 [pid 10811] read(34, "\6\0\371\37\370\37\352\37\266\37\253\37\227\37\205\37\227\37\377\377\377\377\377\377\377\377\377\377\377\377\377\377"..., 8192) = 8192 [pid 10811] open("/home/samuel/.mozilla/firefox/lw5s3dll.default/libnssckbi.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 10811] brk(0x2b06000) = 0x2b06000 [pid 10811] open("/opt/libreoffice4.4/program/../program/libnssckbi.so", O_RDONLY|O_CLOEXEC) = 35 [pid 10811] read(35, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20 \2\0\0\0\0\0"..., 832) = 832 [pid 10811] fstat(35, {st_mode=S_IFREG|0775, st_size=1101111, ...}) = 0 [...] [pid 10811] recvmsg(13, 0x7fffd991df50, 0) = -1 EAGAIN (Resource temporarily unavailable) [...]
Works in Windows as expected: https://cmis.alfresco.com/cmisatom Maybe only a problem with the TDF .deb build process?
I must recognize that even if I'm on Debian (testing), I never use .deb, only LO package from Debian repo (4.3.3.2 for the moment) + build master sources. Rene/Christian: Thought you might be interested in this one. (packaging/Debian env problem?)
Version: 5.0.1.2 same problem. Is there any way to get this working with the TDF .debs? LibreOffice do not use the CAs of Firefox, path is set. Is there a way to install the CA direct in LibreOffice?
distro-specific problem. No prob on Mageia 5 with tdf-provided build of 5.0.0(.5) and also no problem in tdf provided 4.4.5(.2). Mageia uses rpm, but the packaged files are the same. So need more details on actual source of the problem, or even better a patch :-) ####### NEEDINFO ######## * other affected distros/components causing it (what version of the distro?) * does it work with distro-provided version of LO?
Szymon: noticing your work on CMIS, are you on Debian by any chance and/or have some leads about this one?
(In reply to Christian Lohmaier from comment #4) > distro-specific problem. See original thread: https://bugs.documentfoundation.org/show_bug.cgi?id=72277#c85 It is only a problem with the .deb build of the TDF, .rpm works as expected.
(In reply to Samuel Wolf from comment #6) > > https://bugs.documentfoundation.org/show_bug.cgi?id=72277#c85 > > It is only a problem with the .deb build of the TDF, .rpm works as expected. No, that comment just states that it works on a different Distro (CentOS) that happens to use rpm as package format. So far it is only clear that an unstated version of Debian suffers the problem. But no indication that it is a problem with the deb-packaging.
Summary: ======== * self sign cert with _own_ CA * CA in Firefox and system wide installed (curl works without an https error) Works: ========= LibreOffice installed from the Debian repository LibreOffice on CentOS with .rpm from TDF Don't work: =========== LibreOffice on Debian 7/8 with .deb from TDF For some reason the .deb build from TDF LibreOffice neither use the system CAs nor the CAs which installed in Firefox. (In reply to Christian Lohmaier from comment #7) > So far it is only clear that an unstated version of Debian suffers the > problem. But no indication that it is a problem with the deb-packaging. https://bugs.documentfoundation.org/show_bug.cgi?id=72277#c77 Quote: "That's just "magic", it's just using the system curl that is built with openSSL support and get access to openssl system CA database. Normally the official TDF deb packages are built with internal curl, handling SSL with NSS. Thus it needs libnsspem to be able to read the certs from mozilla profile... which is now working with the .rpm and windows builds." I guess it is a problem of the TDF .debs
@ Cédric, I add you to the CC List since you work on the bugfix. http://bosdonnat.fr/libreoffice-reaches-cmis-https.html
(In reply to Samuel Wolf from comment #8) > Summary: > ======== > > * self sign cert with _own_ CA Sorry this info was wrong "https://cmis.alfresco.com" does not work, _all_ CAs are affected. In this case https:// is impossible with the TDF .deb builds.
Try it today with LibreOffice 5.1.0.2, same problem with https and the .deb packages from TDF. Any chance to fix this issue? Sponsoring?
Checked on Ubuntu with a CentOS build I created to test my fix for bug 98416. Apparently solves this issue as well, for TDF build structure (e.g. build on CentOS 6.x for LO 5.1). For LO installed from the distro repository it will depend on the way the package maintainer would configure ssl protocol for libcurl.
(In reply to Giuseppe Castagno (aka beppec56) from comment #12) > Checked on Ubuntu with a CentOS build I created to test my fix for bug 98416. You install/convert the .rpm and in Ubuntu? > Apparently solves this issue as well, for TDF build structure (e.g. build on > CentOS 6.x for LO 5.1). You guess this fix the issue with the TDF .deb as well? That would be really good news! > For LO installed from the distro repository it will depend on the way the > package maintainer would configure ssl protocol for libcurl. LO from the Debian distro repository work all the time with https.
(In reply to Samuel Wolf from comment #13) > You guess this fix the issue with the TDF .deb as well? > That would be really good news! Can you please download this: <http://dev-builds.libreoffice.org/daily/master/Linux-rpm_deb-x86_64@70-TDF/gdrivetest2/LibreOfficeDev_5.2.0.0.alpha0_Linux_x86-64_deb.tar.gz> ? It' a special version of master build specifally crested to check for bug 98416. For me it solved this as well. A comfirmation will be appreciated. Thanks.
(rpms also provided at the gdrivetest2 url http://dev-builds.libreoffice.org/daily/master/Linux-rpm_deb-x86_64@70-TDF/gdrivetest2/ - the package format doesn't matter for this bug) Note that there's still bug#87938 (two-factor auth for gdrive not working) - so if you want to test, you have to disable two-factor authentication temporarily.
Google Drive should now work again starting with this TDF version (not 2FA enabled): Version: 5.1.3.2 Build ID: 644e4637d1d8544fd9f56425bd6cec110e49301b CPU Threads: 8; OS Version: Linux 3.13; UI Render: default; Locale: en-US (en_US.UTF-8) Explanation of the reason as reported on bug 98416, comment 33.
Work with my self sign cert on Debian (TDF .deb) as well, thank you!
Thank you for your feedback Samuel, let's put this one to WFM then.