[Product-Developers] PloneFlashUpload barfs on ssl

Alan Milligan alan at balclutha.org
Wed Jan 21 02:09:02 UTC 2009

Michael Dunstan wrote:
> On Wed, Jan 21, 2009 at 1:19 AM, Alan Milligan <alan at balclutha.org> wrote:
>> Hi,
>> Frustratingly the PloneFlashUpload issue tracker redirects to p4a.  I don't
>> know how many projects I'm expected to sign up to to actually log a ticket
>> against something in the collective so I'm just going to post here.
>> The aforementioned product, both version 1.1 and the new 1.2rc completely
>> fail to post to https urls.
>> They each work brilliantly in http postings, both directly to Zope and via
>> Apache.  However, no https uploads work.  This is rather unfortunate,
>> because unlike http, I cannot sniff the offending traffic.
>> If someone who knows more about Flash (or PloneFlashUpload) than I can share
>> any observations, that would be great.  I am more than willing to post logs
>> in excruciating detail to resolve this.
> The HTTP(S) transaction for the upload is performed by Flash rather
> than by the host browser of the plugin. It looks like Flash has its
> own interpretation (rather than matching the browsers interpretation)
> about what is a valid HTTPS certificate. For example self signed
> certificates are not valid. See
> http://swfupload.org/forum/generaldiscussion/347
Michael, thank you for that piece of wisdom - I'd suspected HTTP_REFERER 
or suchlike but not being able to disect swf hoped somebody would have 
some ideas.

Cheers, Alan

More information about the Product-Developers mailing list