RSS-Feeds w/o certificate


#1

This forum offers two RSS-Feeds, both of them have trouble with the certificate.


#3

Yes, of course you can see them. They’re public.


#4

I see it’s working again.

Thanks to the unknown soldier!


#5

Uhhh, it strikes again, it was OK in between.
Screenshot%20from%202018-09-09%2020-44-03


#6

Hey,

i don’t get any of such certification warnings for the feeds. The “Website Identity” screenshot looks completely normal to me and i’m getting the same here.


#7

No, it isn’t completely normal.

It’s somewhat strange, the forum https://central.owncloud.org/ has a valid cert, but the RSS-Feed https://central.owncloud.org/posts.rss hasn’t. Thus, my reader refused to fetch.

Screenshot%20from%202018-09-11%2017-11-25


#8

Hey,

could it be possible that your reader is trying to automatically fetch embedded content within that .rss pointing to external resources with an invalid certificate?

This would at least explain that you’re seeing this only from time to time.


#9

No, the cert is checked first, before downloading any content.


#10

Hey,

what i’m trying to say is that users are posting links to e.g. their own ownCloud installations which might have invalid certs.

Such posts are probably also ending up in the “Latest posts” feed. And if your feed reader tries to follow those links for some reason you might get such invalid cert warnings for these external links with invalid certs.


#11

I know that, I fully understand what you mean.

But if this were the case, the message would look like this.
Screenshot%20from%202018-09-16%2011-54-31


#12

Hey,

but that looks like an screenshot of your browser and the other one was of your feed reader? Maybe you can ask some one knowing your feed reader (maybe they have a support forums?) how to debug such issues?

Generally i don’t think that is is possible that a URL like https://central.owncloud.org is always providing a valid cert where a sub-URL like https://central.owncloud.org/posts.rss isn’t. Especially as the post.rss seems to be provided by Discourse as well.


#13

Obviously it’s a “feature” of the used php/curl library, unable to verify certs. We’ll see.