Page 1 of 2 1 2 LastLast
Results 1 to 10 of 20

Thread: KoLmafia Version Check via SourceForge disabled,

  1. #1
    Developer fronobulax's Avatar
    Join Date
    Feb 2009
    Location
    D.C. suburbs of Virginia, USA
    Posts
    3,800

    Default KoLmafia Version Check via SourceForge disabled,

    As of r18250 the call to visit https://sourceforge.net/p/kolmafia/c...Constants.java to get version information (to check point releases) has been commented out. It was failing (handshake failure, suggesting an untrusted certificate) and a side effect of the failure was that the fix to allow file_to_map to handle https:// did not work. (Note that is is possible the point release update check has not worked since 2013 since that is when the change was made from http:// to https://).

    See http://kolmafia.us/showthread.php?22...https-handling for additional discussion.

    I was unable to figure out why this failure had side effects that effected file_to_map. I did not want to disable security checking or distribute a certificate with KoLmafia (the only suggestions I could find to deal with the handshake error) without input from others. It could also be argued that point release checking could be declared obsolete, but again, that is not a decision I feel like making unilaterally. Hence this report.
    You just vehemently agreed with me
    Originally Posted by Veracity View Post
    I agree with frono.
    Originally Posted by Veracity View Post
    There are 69 players more powerful than you.
    Originally Posted by Statistics Leaderboards

  2. #2
    Developer
    Join Date
    Aug 2009
    Posts
    2,700

    Default

    Have you tried the svn.code.sf.net url instead? http://svn.code.sf.net/p/kolmafia/co...Constants.java

    It's a known issue that Sourceforge stopped using exportable security for its main website; last I heard, we were still happily using their svn mirror instead, since that still advertises some exportable encryption ciphers.

  3. #3
    Developer fronobulax's Avatar
    Join Date
    Feb 2009
    Location
    D.C. suburbs of Virginia, USA
    Posts
    3,800

    Default

    Have you tried the svn.code.sf.net url instead? http://svn.code.sf.net/p/kolmafia/co...Constants.java

    It's a known issue that Sourceforge stopped using exportable security for its main website; last I heard, we were still happily using their svn mirror instead, since that still advertises some exportable encryption ciphers.
    Originally Posted by heeheehee View Post
    Have not but that is an easy check. I'll report back later. Thank you.
    You just vehemently agreed with me
    Originally Posted by Veracity View Post
    I agree with frono.
    Originally Posted by Veracity View Post
    There are 69 players more powerful than you.
    Originally Posted by Statistics Leaderboards

  4. #4
    Developer fronobulax's Avatar
    Join Date
    Feb 2009
    Location
    D.C. suburbs of Virginia, USA
    Posts
    3,800

    Default

    The good news is that the revised URL does work, in that KoLmafia successfully fetches the file and checks the version.

    The bad news is when I restore the check using the revised URL, the price update fails with a 403.
    You just vehemently agreed with me
    Originally Posted by Veracity View Post
    I agree with frono.
    Originally Posted by Veracity View Post
    There are 69 players more powerful than you.
    Originally Posted by Statistics Leaderboards

  5. #5
    Senior Member
    Join Date
    Apr 2009
    Posts
    1,750

    Default

    What the kanz is happening there ....

  6. #6
    Developer
    Join Date
    Aug 2009
    Posts
    2,700

    Default

    Well, that's interesting.

    GET /scripts/updateprices.php?action=getmap HTTP/1.1
    Connection: close
    User-Agent: Java/1.8.0_144
    Host: kolmafia.us
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Originally Posted by 403'd result
    GET /scripts/updateprices.php?action=getmap HTTP/1.1
    Connection: close
    User-Agent: KoLmafia v17.6 Java/1.8.0_144
    Host: kolmafia.us
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Originally Posted by 200'd result
    You'll note that the user agent strings differ. I wonder what's screwing with the UA string.

  7. #7
    Developer
    Join Date
    Aug 2009
    Posts
    2,700

    Default

    And by screwing with the UA, I mean causing it to not be set (indirectly) via GenericRequest.reset() in the case where it's erroring. Maybe some class is caching the value of the environment variable?

    Also worth noting: this doesn't seem reproducible under --CLI conditions. Possibly the invocation of DEFAULT_SHELL.attemptLogin("")?

    Adding GenericRequest.setUserAgent() right before the UpdateCheckRunnable invocation seems to do the trick, although that feels like a workaround for the buggy behavior.

    Aha.

    http://hg.openjdk.java.net/jdk8/jdk8...tion.java#l210

    It's initialized in a static block, which means it won't be executed until the class is loaded. Which I guess happens the first time we do any sort of HTTP(S) request

  8. #8
    Developer
    Join Date
    Aug 2009
    Posts
    2,700

    Default

    To prevent similar issues from cropping up in the future, I recommend putting the GenericRequest.setUserAgent() invocation as early in main() as possible.

  9. #9
    Senior Member zarqon's Avatar
    Join Date
    Nov 2007
    Location
    Seoul, Korea
    Posts
    3,490

    Default

    I seem to recall adding code to the price update script that checks that the user-agent is KoLmafia. Some of my other mafia-interactive server-side scripts do that.
    Sig by JakAtk
    My scripts: Prefref Plus | One-Click Wossname | Om******t (??) | Psychose-a-Matic | RandBot
    Combat suite: Best Between Battle | Mer********d (?!) | SmartStasis | BatMan | BatMan RE
    For script authors: ASH Wiki | ZLib | BatBrain | CLI Links | CanAdv | Script Registry | Map Manager | About Bats
    If you appreciate my work, help me become BAT KING OF THE WORLD! Thanks to all donators!

  10. #10
    Developer fronobulax's Avatar
    Join Date
    Feb 2009
    Location
    D.C. suburbs of Virginia, USA
    Posts
    3,800

    Default

    r18259.

    I set the user agent and restored version checking and everything seems behaved. The code to only version check once a day was incomplete, so I finished it. Lightly tested.

    If the price checking script cares about the user agent than an alternative fix would have been to tell the script not to do so. Catch me in a cranky mood and I'd argue that should have been done, but this works too.

    heeheehee - what did you do to capture the packets? My tool caught a size difference but your display made it clear User Agent was the difference?

    I'll mark this and the related file_to_map issue as fixed since sometimes optimism is justified.
    You just vehemently agreed with me
    Originally Posted by Veracity View Post
    I agree with frono.
    Originally Posted by Veracity View Post
    There are 69 players more powerful than you.
    Originally Posted by Statistics Leaderboards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •