These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

JackKnife 2.0

First post
Author
qu1ckkkk
The Warp Core Stabilizers
#61 - 2012-10-18 16:13:38 UTC
In the light of CCP making the HTTPS moves on api.eveonline.com, I suspect API Calls are now broken for jackknife. I haven't had time to look into investigating it yet or checking the code to fix this, but take this as a FYI :)

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#62 - 2012-10-18 16:29:22 UTC
You are correct, for people using the SVN this has been updated.
A patch will be released shortly for everyone else
Alina Thano
Shadow Jumpers
#63 - 2012-10-18 18:39:35 UTC
With the updated patch i still got a nice list of error's

Notice: Trying to get property of non-object in /xxx/xxxxx/xxxxx/jackknife/index.php on line 152

Same for line's: 155,156,159,162

and

Call to a member function xpath() on a non-object in /xxxxx/xxxxx/public_html/jackknife/index.php on line 162

any one else with this issue?
Troy Aihaken
Quekz
#64 - 2012-10-18 19:17:15 UTC
Same here

NodeJS Developer | Frontend Development | Programming Enthusiast

qu1ckkkk
The Warp Core Stabilizers
#65 - 2012-10-19 05:27:14 UTC  |  Edited by: qu1ckkkk
Equto wrote:
You are correct, for people using the SVN this has been updated.
A patch will be released shortly for everyone else


The code is incorrect based on : http://code.google.com/p/eve-jackknife/source/detail?r=53

Line 27 of "eveApi/eveApiCaching.php" should say:

[...]
define("API_BASE_URL","https://api.eveonline.com");
[...]

That should fix it.

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#66 - 2012-10-19 14:06:13 UTC  |  Edited by: Equto
The problem for most is likely due to not having a ca-cert file with their curl install. I am currently packaging a new update that includes a generic version of this file to allow jackknife to work again.

will upload when googlecode stops being in read-only mode
Dragonaire
Here there be Dragons
#67 - 2012-10-19 15:50:05 UTC  |  Edited by: Dragonaire
Everyone might be interested in looking at my post on another thread about why it is important to properly making the change.

https://forums.eveonline.com/default.aspx?g=posts&m=2067392#post2067392

Finds camping stations from the inside much easier. Designer of Yapeal for the Eve API. Check out the Yapeal PHP API Library thread.

Equto
Imperium Technologies
Sigma Grindset
#68 - 2012-10-19 15:58:36 UTC
Dragonaire wrote:
Everyone might be interested in looking at my post on another thread about why it is important to properly making the change.

https://forums.eveonline.com/default.aspx?g=posts&m=2067392#post2067392

I am using a cert file by CAcert as its one I have on hand and have assured to work. I understand the importance of the https and will not "disable" it
qu1ckkkk
The Warp Core Stabilizers
#69 - 2012-10-19 17:12:11 UTC
Dragonaire wrote:
Everyone might be interested in looking at my post on another thread about why it is important to properly making the change.

https://forums.eveonline.com/default.aspx?g=posts&m=2067392#post2067392


Exactly this. Equto's code is incorrect by trying to use eve-online.com for API calls as there is not a valid cert on the domain, and hence CURL freaking out. NO, do not change it to "VALIDATE_PEER" : false.

Simply change the URL to eveonline.com ( no - ) as that domain has a valid wildcard cert. No need for "cert files"...

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#70 - 2012-10-19 17:24:37 UTC
qu1ckkkk wrote:
Dragonaire wrote:
Everyone might be interested in looking at my post on another thread about why it is important to properly making the change.

https://forums.eveonline.com/default.aspx?g=posts&m=2067392#post2067392


Exactly this. Equto's code is incorrect by trying to use eve-online.com for API calls as there is not a valid cert on the domain, and hence CURL freaking out. NO, do not change it to "VALIDATE_PEER" : false.

Simply change the URL to eveonline.com ( no - ) as that domain has a valid wildcard cert. No need for "cert files"...

Actually it still needs a cert file as its ssl and curl needs a cert file to validate the connection.
qu1ckkkk
The Warp Core Stabilizers
#71 - 2012-10-19 17:32:55 UTC
Equto wrote:

Actually it still needs a cert file as its ssl and curl needs a cert file to validate the connection.


That is not true. That would mean you need a "file" for every SSL enabled website on the internet. Lol... You only need to import it if it is signed by a untrusted CA or if there is some problem with the certificate validation and you want to explicitly use it anyways.

See command line curl at the following paste. http://pastebin.com/yfp6Wg8u No need to import anything whatsoever if you are using the correct domain...

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#72 - 2012-10-19 17:35:37 UTC  |  Edited by: Equto
qu1ckkkk wrote:
Equto wrote:

Actually it still needs a cert file as its ssl and curl needs a cert file to validate the connection.


That is not true. That would mean you need a "file" for every SSL enabled website on the internet. Lol... You only need to import it if it is signed by a untrusted CA or if there is some problem with the certificate validation and you want to explicitly use it anyways.

See command line curl at the following paste. http://pastebin.com/yfp6Wg8u No need to import anything whatsoever if you are using the correct domain...

The reason being almost all installs come with a valid CA cert file. You do not need a valid different file for every website on the internet however in this file ( which is shipped with firefox and chrome mind you) is a public key that allows one to validate the certificate on the website. So this file is used in the validation process of the certificate

edit: http://serverfault.com/questions/241046/what-is-the-cacert-pem-and-for-what-to-use-that explains why the file is needed
qu1ckkkk
The Warp Core Stabilizers
#73 - 2012-10-19 17:41:24 UTC  |  Edited by: qu1ckkkk
Equto wrote:

The reason being almost all installs come with a valid CA cert file. You do not need a valid different file for every website on the internet however in this file ( which is shipped with firefox and chrome mind you) is a public key that allows one to validate the certificate on the website. So this file is used in the validation process of the certificate

edit: http://serverfault.com/questions/241046/what-is-the-cacert-pem-and-for-what-to-use-that explains why the file is needed


If it fails, then you OS's cert bundle is out of date... cURL is using the system-default CA bundle as is usually stored in /etc/pki/tls/certs/ca-bundle.crt. Not something other software is supposed to hack to get working.

EDIT: Spelling :P

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#74 - 2012-10-19 17:43:34 UTC
qu1ckkkk wrote:
Equto wrote:

The reason being almost all installs come with a valid CA cert file. You do not need a valid different file for every website on the internet however in this file ( which is shipped with firefox and chrome mind you) is a public key that allows one to validate the certificate on the website. So this file is used in the validation process of the certificate

edit: http://serverfault.com/questions/241046/what-is-the-cacert-pem-and-for-what-to-use-that explains why the file is needed


If it fails, then you OS's cert bundle is out of date... cURL is using the system-default CA bundle as is uslauuly stored in /etc/pki/tls/certs/ca-bundle.crt. Not something other software is supposed to hack to get working.

To be honest is depends on the CURL install, almost all php cURL installs use libcurl and do not search for said file. In the 14 servers I have used https on none of the cURLS recognized a valid https url without that file. Regardless it works and you can check both the code and the file.
qu1ckkkk
The Warp Core Stabilizers
#75 - 2012-10-19 17:51:35 UTC
Cause https://api.eve-online.com does not have a valid cert. It will never validate unless you go the "import the CA" route. Which is wrong.

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#76 - 2012-10-19 17:54:19 UTC
qu1ckkkk wrote:
Cause https://api.eve-online.com does not have a valid cert. It will never validate unless you go the "import the CA" route. Which is wrong.

I have tested it on both eve-online and eveonline, eveonline replied an error 60 SSL certificate problem,verify that the CA cert is OK. So that file is nessicary
qu1ckkkk
The Warp Core Stabilizers
#77 - 2012-10-19 18:01:47 UTC
Equto wrote:
qu1ckkkk wrote:
Cause https://api.eve-online.com does not have a valid cert. It will never validate unless you go the "import the CA" route. Which is wrong.

I have tested it on both eve-online and eveonline, eveonline replied an error 60 SSL certificate problem,verify that the CA cert is OK. So that file is nessicary


How old is your cURL install? When last have you had a CA bundle updated?
I need to log for the night, but in the meantime I have tested this on 24 of the many servers I have. Not one has complained about the cert. And this is various diffident flavors of *nix, centos, ubuntu gentoo, archlinux and even freebsd :0

Honestly, I'd make 100% sure about this if I were you, before you ship a cert, *.eveonline.com gets a new cert signed by another CA, and you have to do this whole mess all over again :(

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

qu1ckkkk
The Warp Core Stabilizers
#78 - 2012-10-19 18:05:27 UTC
qu1ckkkk wrote:

How old is your cURL install? When last have you had a CA bundle updated?


In retrospect, some OS's will have this sorted with a update of the open-ssl install for it.

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat

Equto
Imperium Technologies
Sigma Grindset
#79 - 2012-10-19 18:06:47 UTC
qu1ckkkk wrote:
Equto wrote:
qu1ckkkk wrote:
Cause https://api.eve-online.com does not have a valid cert. It will never validate unless you go the "import the CA" route. Which is wrong.

I have tested it on both eve-online and eveonline, eveonline replied an error 60 SSL certificate problem,verify that the CA cert is OK. So that file is nessicary


How old is your cURL install? When last have you had a CA bundle updated?
I need to log for the night, but in the meantime I have tested this on 24 of the many servers I have. Not one has complained about the cert. And this is various diffident flavors of *nix, centos, ubuntu gentoo, archlinux and even freebsd :0

Honestly, I'd make 100% sure about this if I were you, before you ship a cert, *.eveonline.com gets a new cert signed by another CA, and you have to do this whole mess all over again :(


No, because this is the public keys from several signing agencies, so unless they do something crazy and sign their own keys without any authority then this will continue to work. Regardless once again this works, if you have a problem with me and other developers shipping necessary files for compatibility reasons then don't use the software.
qu1ckkkk
The Warp Core Stabilizers
#80 - 2012-10-19 18:27:25 UTC
Equto wrote:

No, because this is the public keys from several signing agencies, so unless they do something crazy and sign their own keys without any authority then this will continue to work. Regardless once again this works, if you have a problem with me and other developers shipping necessary files for compatibility reasons then don't use the software.


I know very well, infact, exactly how SSL Certs work. Straight Regardless of what you may believe, if a users cURL install (or anything using libcurl for that matter) cannot verify a GeoTrust cert, and you insist that eve-online.com is valid, then so be it. In such a case the user probably has many more problems to be concerned about than a mere cert, which will be invalidated at some point anyways, bundled in some software for compatibility reasons. Just take the advise. Cool

Your welcome to get another opinion here.
https://www.ssllabs.com/ssltest/analyze.html?d=api.eve-online.com
https://www.ssllabs.com/ssltest/analyze.html?d=api.eveonline.com

Do yourself another favor and cat your bundle grepping for geotrust. Is wget able to validate the cert? What is in CURL_CA_BUNDLE in you env? At least try and check how to update you os flavours CA bundle, or if you have to use a curl specific one, on the curl website, http://curl.haxx.se/ca/cacert.pem

Anyways. As you please. Ugh

Proud developer of SeAT! A Simple Eve API & Corporation Management Tool.

Project Page: https://github.com/eveseat/seat