[OSM-talk-be] JOSM Remote control

Jo winfixit at gmail.com
Sat Feb 28 18:56:04 UTC 2015 

You are right André. So it remains a mystery why it doesn't work. At some
point I thought I had the same problem, but it was JOSM that hung for
another reason.

Cheers,

Jo

2015-02-28 19:41 GMT+01:00 André Pirard <A.Pirard.Papou at gmail.com>:

>  On 2015-02-28 17:58, Jo wrote :
>
>  It makes a connection to the website of openstreetmap and sends your
> password over it. If you do that over http, all the routers in the middle
> can simply see your password. Is that a big deal? Not in itself, until
> somebody starts to 'impersonate' you. Making uploads that weren't yours in
> your name.
>
>  Jo
>
>  I suppose you reply to me (1).
> The "HTTPS support in the Remote Control preferences" controls Remote
> Control which, usually, happens only inside the local computer, which is
> obvious if you use  local ports https://localhost:8112 (or
> http://localhost:8111) as in Glen's or Ruben's messages.
> I showed 8111 in a previous message and I show it again in more detail,
> just after a control:
> $ netstat -an | more
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State
> tcp6       0      0 127.0.0.1:8111          :::*
> LISTEN
> tcp6       0      0 127.0.0.1:8111          127.0.0.1:56769
> TIME_WAIT
> You see JOSM LISTENing for control connections and the TCP connection
> between JOSM 8111 and Firefox 56769 ports that has just been closed.
> Convinced now?
>
> Remote control could be to another computer as in wget
> http://anotherhost:8111/... but it's not what we are talking about here
> and I don't think Firefox can be configured for that anyway.
>
> The "connection to the website of openstreetmap" you speak of is
> controlled by Edit>Preferences>Connection...>OSM Server URL:
> If you use https://... there, you get SSL encryption between JOSM and
> OSM.org,
> if you use http://... you don't.
>
> Cheers
>
>   André.
> (1) and not to Glen or Ruben like in other messages.  If we replied inline
> on this mailing list we would know to whom and about what we're writing.
>
>
>  2015-02-28 17:51 GMT+01:00 André Pirard <A.Pirard.Papou at gmail.com>:
>
>>  On 2015-02-28 16:57, Ruben Maes wrote :
>>
>> Maybe you can circumvent the issue by doing this:
>>
>> Open JOSM and make sure you have Remote Control enabled. In Firefox,
>> go to this address: https://127.0.0.1:8112/
>> You should get a warning screen saying "This Connection is Untrusted".
>> Click "I Understand the Risks" and press the "Add Exception..."
>> button.
>> A window pops up. (You can press "View" and inspect the certificate if
>> you like. Close the details window if you have done so.) Make sure
>> "Permanently store this exception" is checked and click "Confirm
>> Security Exception".
>> Now you should see a Bad Request error page because you haven't asked
>> JOSM to do anything ;)
>>
>> This worked for me. The website still emits an alert that editing
>> failed, but JOSM loads the data.
>>
>> Ruben
>>
>>  That's only if HTTPS support is enabled in the Remote Control
>> preferences.
>> If it's not, my config, 8112 port -> unable to connect.
>> And I conclude that the alert I receive too may be because of trying to
>> use
>> closed port 8112 before using port 8111.
>>
>> And my question is: why enable HTTPS if it causes problems?
>> It encrypts information that's stays in your computer, doesn't it?
>> Fearing that NSA would learn the locations you load via remote control?
>>
>> Cheers
>>
>>   André.
>>
>>  2015-02-27 9:20 GMT+01:00 Glenn Plas <glenn at byte-consult.be> <glenn at byte-consult.be>:
>>
>>  StartSSL is a free certificate provider, and most probably firefox
>> doesn't have the intermediate certificate chain on board which means it
>> cannot verify.
>>
>> That is probably the reason, although I do not see startSSL as the
>> certificate writer,  I see rapidSSL instead.  startSSL is not really a
>> great one to use actually for a site like this.
>>
>> Apple products have the same problem with the latest GoDaddy certificates.
>> https://www.sslshopper.com/cheapest-ssl-certificates.html
>>
>> You might want to try this in firefox:https://127.0.0.1:8112/
>> https://www.sslshopper.com/ssl-checker.html#hostname=https://www.openstreetmap.org
>>
>> And see if it gives you a chain error or not.  It will work in chrome,
>> but it depends on the browser.
>>
>> If you don't get the all-green in firefox, you just need to assemble a
>> chain file with the missing intermediate certificates so the browser can
>> validate.
>>
>> Note, this heavily depends on firefox (/browser) version, I see in my FF
>> that it loads the intermediates fine:
>>
>>         Common name: RapidSSL CA
>> Organization: GeoTrust, Inc.
>> Location: US
>> Valid from February 19, 2010 to February 18, 2020
>> Serial Number: 145105 (0x236d1)
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: GeoTrust Global CA
>>
>>         Common name: GeoTrust Global CA
>> Organization: GeoTrust Inc.
>> Location: US
>> Valid from May 20, 2002 to August 20, 2018
>> Serial Number: 1227750 (0x12bbe6)
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: Equifax
>>
>> Glenn
>>
>>
>>
>
> _______________________________________________
> Talk-be mailing list
> Talk-be at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/talk-be
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk-be/attachments/20150228/f4ae4e1d/attachment.htm>

More information about the Talk-be mailing list