New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
caml.inria.fr mantis login page is not SSL #7035
Comments
Comment author: @xavierleroy A TLS certificate is being ordered. Should be fixed soon. |
Comment author: dobenour Still not fixed. |
Comment author: @alainfrisch What's the reason for setting Target Version = 4.03, since this is unrelated to release code? |
Comment author: @damiendoligez Every bug must have a target version, and I'd like to fix this soon. |
Comment author: dobenour Any updates? If funding is a problem then Let's Encrypt provides free certs. |
Comment author: dobenour After this is fixed all logins should be invalidated and all passwords reset. Also, the entire caml.inria.fr site should be made HTTPS-only. |
Comment author: @damiendoligez OK, we've got a valid certificate and the whole mantis subsite is now https-only (with a nice redirect if you try to connect via http). Is it really necessary to reset all passwords? As far as making caml.inria.fr https-only, I don't see the point. Anyone who wants to use it under https can do so... except that I haven't figured out how to switch the search engine to https. |
Comment author: @damiendoligez I've figured out the search thing, so all browsers are now happy with https://caml.inria.fr/ . |
Comment author: @alainfrisch It would be useful to delete spam users (esp. to simplify searching for issuers submitted by a specific user), but I don't know how this can be automated. |
Comment author: @xavierleroy Let's agree the problem is fixed. |
Original bug ID: 7035
Reporter: kevinchen
Assigned to: @damiendoligez
Status: resolved (set by @xavierleroy on 2017-02-19T15:48:28Z)
Resolution: fixed
Priority: normal
Severity: major
Category: web site
Monitored by: chrismamo1 kevinchen
Bug description
The mantis login and password update pages are not forced to be accessed over SSL. In fact, it is not possible to load HTTPS versions of these pages.
File attachments
The text was updated successfully, but these errors were encountered: