Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007035OCamlweb sitepublic2015-11-02 06:032017-02-19 16:48
Reporterkevinchen 
Assigned Todoligez 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0007035: caml.inria.fr mantis login page is not SSL
DescriptionThe mantis login and password update pages are not forced to be accessed over SSL. In fact, it is not possible to load HTTPS versions of these pages.
TagsNo tags attached.
Attached Filespng file icon ocaml mantis no ssl.png [^] (191,522 bytes) 2015-11-02 06:03

- Relationships

-  Notes
(0015084)
xleroy (administrator)
2015-12-09 15:49

A TLS certificate is being ordered. Should be fixed soon.
(0015283)
dobenour (reporter)
2016-01-28 04:48

Still not fixed.
(0015334)
frisch (developer)
2016-02-09 23:27

What's the reason for setting Target Version = 4.03, since this is unrelated to release code?
(0015399)
doligez (administrator)
2016-02-25 15:56
edited on: 2016-02-25 15:57

Every bug must have a target version, and I'd like to fix this soon.

(0015941)
dobenour (reporter)
2016-05-17 21:48

Any updates?

If funding is a problem then Let's Encrypt provides free certs.
(0015942)
dobenour (reporter)
2016-05-17 21:49
edited on: 2016-05-17 21:50

After this is fixed all logins should be invalidated and all passwords reset.

Also, the entire caml.inria.fr site should be made HTTPS-only.

(0016442)
doligez (administrator)
2016-10-21 14:48

OK, we've got a valid certificate and the whole mantis subsite is now https-only (with a nice redirect if you try to connect via http). Is it really necessary to reset all passwords?

As far as making caml.inria.fr https-only, I don't see the point. Anyone who wants to use it under https can do so... except that I haven't figured out how to switch the search engine to https.
(0016443)
doligez (administrator)
2016-10-21 15:38

I've figured out the search thing, so all browsers are now happy with https://caml.inria.fr/ [^] .
(0016444)
frisch (developer)
2016-10-21 16:48

It would be useful to delete spam users (esp. to simplify searching for issuers submitted by a specific user), but I don't know how this can be automated.
(0017343)
xleroy (administrator)
2017-02-19 16:48

Let's agree the problem is fixed.

- Issue History
Date Modified Username Field Change
2015-11-02 06:03 kevinchen New Issue
2015-11-02 06:03 kevinchen File Added: ocaml mantis no ssl.png
2015-12-09 15:49 xleroy Note Added: 0015084
2015-12-09 15:49 xleroy Assigned To => doligez
2015-12-09 15:49 xleroy Status new => assigned
2016-01-28 04:48 dobenour Note Added: 0015283
2016-02-08 18:08 doligez Target Version => 4.03.0+dev / +beta1
2016-02-09 23:27 frisch Note Added: 0015334
2016-02-25 15:56 doligez Note Added: 0015399
2016-02-25 15:57 doligez Note Edited: 0015399 View Revisions
2016-04-14 16:16 doligez Target Version 4.03.0+dev / +beta1 =>
2016-05-17 21:48 dobenour Note Added: 0015941
2016-05-17 21:49 dobenour Note Added: 0015942
2016-05-17 21:50 dobenour Note Edited: 0015942 View Revisions
2016-10-21 14:48 doligez Note Added: 0016442
2016-10-21 14:48 doligez Status assigned => feedback
2016-10-21 15:38 doligez Note Added: 0016443
2016-10-21 16:48 frisch Note Added: 0016444
2017-02-19 16:48 xleroy Note Added: 0017343
2017-02-19 16:48 xleroy Status feedback => resolved
2017-02-19 16:48 xleroy Resolution open => fixed
2017-02-23 16:44 doligez Category Caml web site => web site


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker