or: making your file uploads work over HTTPS when you are using a self-signed certificate or an authority Flash decides it doesn’t like.
Flash is a popular way to upload files to web sites. This is because you can have multiple files upload at once, give pretty progress bars, and can control the file upload UI. There are some alternatives that don’t appear to be cross-platform, but that seems self-defeating.
But there is a problem; if you are using a certificate that Flash doesn’t like, it doesn’t work at all. And you don’t get an error message. In Windows this is solved pretty well. If Internet Explorer trusts a certificate, so does Flash. But on Linux, flash only checks the system certificate store. And on Fedora, it doesn’t even do that.
To fix it until Adobe fixes the bug, run as root:
mkdir /etc/ssl && ln -sf /etc/pki/tls/certs /etc/ssl/certs
Come to think of it, is there a way to tell where the system certs should be found?
Peter Bowen | 11-Mar-10 at 6:18 am | Permalink
It sounds like Flash is just using the OpenSSL default location. Fedora does move this, but Flash is probably carrying around its only reference to /etc/ssl/certs.
As for the system default, things are complicated by the existence of multiple crypto libraries in most Linux distros. OpenSSL has a plain list (or directory) of CAs, while NSS uses a database format with additional info on each CA (email signer vs. SSL signer, etc).
Jonas Ådahl | 11-Mar-10 at 7:12 am | Permalink
> There are some alternatives that don’t appear to be cross-platform,
Using flash is LESS cross-platform than using Firefox, AND it relies on proprietary software/protocols.
Götz Waschk | 11-Mar-10 at 8:35 am | Permalink
Do you have a test case where the upload does not work without the symlink?
Jerome Haltom | 11-Mar-10 at 3:08 pm | Permalink
Sounds to me like Flash got this right, and the issue is that Fedora moved what seems to be a default location on most Unix systems.
The whole NSS debacle sucks, though.
admin | 11-Mar-10 at 4:40 pm | Permalink
Götz: Yes, I just filed a bug here: https://bugzilla.redhat.com/show_bug.cgi?id=572725
Jerome: I think you’re right. It looks like the origin is this bug: https://bugzilla.redhat.com/show_bug.cgi?id=143392
Jonas: I’ve seen stats that say 98% of web users have flash installed. (Obviously that’s changing now that more people are using mobile devices) Firefox users make up 20-50% web users depending on your audience. I’m not that interested in arguing about whether Flash is good or bad. Happily, I’m not a flash developer. I simply want the software I use to work.
Jonas Ådahl | 12-Mar-10 at 2:06 am | Permalink
I’m not arguing if Flash is good or bad, just that it is not in any way more cross platform than Firefox. Web users are not platforms, they are humans.
Car Hire Alicante Airport | 04-Nov-10 at 12:33 pm | Permalink
last week our class held a similar discussion about this topic and you show something we haven’t covered yet, appreciate that.
- Lora