issues with trac secure content

[mrmist]

Since trac moved over to https we've always had a bit of fuss with the certificate not being valid. I could live with that. But lately I get warnings on every page about insecure content (namely the logo). Can this be fixed so that I can browse trac without endlessly clicking dialogue boxes?

[ryan]

It shouldn't be using https. It sometimes does for some reason. Attempts to fix haven't gotten very far. I'll check in to see where we're at.

[mrmist]

Ahh ok. It only seems to be the "login" link throwing it over to https. Since the link itself is not a https link I guess it is meant to just be switching to secure for the login credentials before redirecting back to non-secure. Except that the redirect back doesn't happen. So I guess that part is slightly broken.

[ryan]

I was just told that a new cert is in the works.

[peaceablewhale]

I think changing the logo path from "​http://wordpress.org/images/trac-logo.png" to "wordpress.org/images/trac-logo.png" will fix the mixed content issue.

[peaceablewhale]

Replying to mrmist:

Ahh ok. It only seems to be the "login" link throwing it over to https. Since the link itself is not a https link I guess it is meant to just be switching to secure for the login credentials before redirecting back to non-secure. Except that the redirect back doesn't happen. So I guess that part is slightly broken.

I think redirecting back to non-secure is not very useful becuase the cert. exception is returned and should have been accepted by the user when the credentials are passed to the HTTPS login page. The insecure logo path is the bigger problem I think.

[peaceablewhale]

@ryan: Do you know when the logo path will be fixed?

[peaceablewhale]

The mixed content warning is annoying... but I don't want to disable it in my browser... Please fix the trac site as soon as possible...

[chrishajer]

I am not certain if this is the same issue, but when logging in to trac today, I got an invalid certificate warning from Firefox 3.5.2.

core.trac.wordpress.org uses an invalid security certificate.

The certificate is only valid for the following names:
  *.wordpress.org , wordpress.org  

(Error code: ssl_error_bad_cert_domain)

This occcured only once after clicking the Login link, ​http://core.trac.wordpress.org/login

The rest of the session appeared to be fine since it was over http not https.

Could you just get a cert for core.trac.wordpress.org?

[barry]

No more SSL warnings should appear.

[peaceablewhale]

The WordPress logo, ​http://wordpress.org/images/trac-logo.png, remains HTTP and therefore the mixed content warning continues to appear.

[barry]

Fixed.