jirik
commented
1 year ago Successor of #755
Open jirik opened 1 year ago
jirik
commented
1 year ago Successor of #755
jirik
commented
1 year ago jirik
commented
11 months ago It can be probably fixed by enabling not-so-secure SSL communication (UnsafeLegacyRenegotiation), see #966.
We can e.g. add /code/unsafe_openssl.cnf file to Timgen container and activate it by NODE_OPTIONS in test environment and optionally in other environments.
There is PR https://github.com/LayerManager/layman/pull/756 (currently branch https://github.com/LayerManager/layman/tree/preserve--map-timgen-fails2) that tries to use Node.js v18 for Timgen. It works on desktop, but not on GitHub Actions. Not sure why.
Some maps contain WMS layer that is running on domain without TLS1.3 support (e.g. https://geoportal.kraj-lbc.cz/ ). Node.js since v17 uses OpenSSL 3 that does not communicate with https://geoportal.kraj-lbc.cz/ well by default. See
Solution is to enable SSL_OP_LEGACY_SERVER_CONNECT that is disabled by default. It works on local desktop, but not on GitHub Actions
How to enable it for curl: https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467