PrinceXML with SSL

**andrewstr** · 11-24-2008 08:31 PM

Our Deki site is accessed via HTTPS exclusively. I just upgraded to 8.08.1a and have installed PrinceXML. I can produce PDF's just fine except no pictures are included. I followed the debugging tips to have PrinceXML write to a log. I first notice that is was issuing SSL certificate warnings so I corrected that as per the docs. However, my log says that PrinceXML is attempting to download all images via http and not https. A bug report seems to say that this issue has been resolved. Am I doing something wrong?

**PeteE** · 11-26-2008 06:34 PM

Originally Posted by andrewstr

Our Deki site is accessed via HTTPS exclusively. I just upgraded to 8.08.1a and have installed PrinceXML. I can produce PDF's just fine except no pictures are included. I followed the debugging tips to have PrinceXML write to a log. I first notice that is was issuing SSL certificate warnings so I corrected that as per the docs. However, my log says that PrinceXML is attempting to download all images via http and not https. A bug report seems to say that this issue has been resolved. Am I doing something wrong?

andrewstr - It would be helpful to see the HTML that is being passed into prince. Following the debug docs docs that crb put together, could you try changing the bash script to something like this:

Code:

#!/bin/sh
dd of=/tmp/prince.html 2>/dev/null
/usr/bin/prince -v --log /tmp/prince.log $*

that should put the input html in /tmp/prince.html.

Also, could you post your prince log file?

thanks,
pete

**andrewstr** · 11-26-2008 07:02 PM

Here is the prince.html file as requested:

Code:

prince.html 
<body><h1>Test</h1>
<ul> <li>1</li> <li>2</li> <li>3 <ul> <li>3.1</li> <li>3.2</li> </ul> </li> <li>4</li>
</ul>
<p>Picture here:</p>
<p><img src="/@api/deki/files/1184/=Picture%201.png?authtoken=4_633633260159211300_5a89d61d6041904bbed102a426cd3a2e" style="width: 86px; height: 29px;" alt="Picture 1.png" class="internal default" /></p></body>

Here is the prince.log file:

Code:

Wed Nov 26 11:58:46 2008: ---- begin
Wed Nov 26 11:58:52 2008: loading HTML input: -
Wed Nov 26 11:58:52 2008: loading style sheet: /tmp/tmp3ea24cb3.tmp
Wed Nov 26 11:58:52 2008: loading image: http://www.company.com/@api/deki/files/1184/=Picture%201.png?authtoken=4_633633263265358080_f32f4ba85a54087d3a85906276fa10e9
Wed Nov 26 11:58:52 2008: http://www.company.com/@api/deki/files/1184/=Picture%201.png?authtoken=4_633633263265358080_f32f4ba85a54087d3a85906276fa10e9: warning: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Nov 26 11:58:53 2008: used font: Pigiarniq, Bold
Wed Nov 26 11:58:53 2008: used font: Gentium Book Basic, Regular
Wed Nov 26 11:58:53 2008: warning: no glyphs for character U+25E6, fallback to '?'
Wed Nov 26 11:58:53 2008: warning: no glyphs for character U+25E6, fallback to '?'
Wed Nov 26 11:58:53 2008: warning: no glyphs for character U+25E6, fallback to '?'
Wed Nov 26 11:58:53 2008: warning: no glyphs for character U+25E6, fallback to '?'
Wed Nov 26 11:58:53 2008: ---- end

Note that I can remedy the CERT error as per the docs but it still attempts to download the file by HTTP which is not permitted on our server.

**PeteE** · 11-26-2008 07:55 PM

Thanks for the output. So it looks like the problem is that the --baseurl parameter that we're passing to prince is using http instead of https. This cause the relative links to be incorrect.

You could try forcing https by doing something like this in your shell script:

Code:

#!/bin/bash
ARGS=`echo $* | sed -e 's/http/https/'`
/usr/bin/prince -v --log /tmp/prince.log $ARGS

In the meantime I'll try to figure out why the C# code isn't detecting https and passing in the correct --baseurl

**andrewstr** · 11-26-2008 08:57 PM

Thanks for the tip! I modified your sed line a bit to ensure that images located on other http servers don't get messed up. Here is what is working for me:

Code:

#!/bin/sh
ARGS=`echo $* | sed -e 's@http://www.company.com@https://www.company.com@'`

/usr/local/bin/prince -v --log /tmp/prince.log --ssl-ca-cert=/etc/apache2/ssl/bundle.crt $ARGS

Now onto tackling the no glyphs for character U+25E6 error.

**PeteE** · 11-26-2008 09:09 PM

Originally Posted by andrewstr

Thanks for the tip! I modified your sed line a bit to ensure that images located on other http servers don't get messed up. Here is what is working for me:

Code:

#!/bin/sh
ARGS=`echo $* | sed -e 's@http://www.company.com@https://www.company.com@'`

/usr/local/bin/prince -v --log /tmp/prince.log --ssl-ca-cert=/etc/apache2/ssl/bundle.crt $ARGS

Now onto tackling the no glyphs for character U+25E6 error.

Excellent! Actually, that sed line is only operating on the commands that we send into prince (not the input data itself) so it's really only touching this line:

Code:

--input html -s /tmp/tmp4376a95a.tmp --baseurl=https://dekidev/ - -o -

Your sed will work fine though. One other tip, you might want to append your cert to the default prince cert bundle. Otherwise it might fail the SSL verification if you embed images from another https url. On debian, the prince ssl cert bundle is located at: /usr/lib/prince/ssl/curl-ca-bundle.crt

As far as that glyph error goes, you'll probably have to find a unicode font which contains a glyph for that character and define that font in:

/var/www/dekiwiki/skins/common/prince.css

That file already has a bunch of fallbacks but it's possible that you don't actually have all of those fonts installed. I'd recommend installing the msttcorefonts package (microsoft truetype fonts).

**andrewstr** · 11-26-2008 09:29 PM

Originally Posted by PeteE

One other tip, you might want to append your cert to the default prince cert bundle. Otherwise it might fail the SSL verification if you embed images from another https url. On debian, the prince ssl cert bundle is located at: /usr/lib/prince/ssl/curl-ca-bundle.crt

As far as that glyph error goes, you'll probably have to find a unicode font which contains a glyph for that character and define that font in:

/var/www/dekiwiki/skins/common/prince.css

That file already has a bunch of fallbacks but it's possible that you don't actually have all of those fonts installed. I'd recommend installing the msttcorefonts package (microsoft truetype fonts).

Adding the cert bundle worked great. Thanks!

I have the MS TT fonts already and the others recommended in the wiki. I guess I'll comb through the prince.css and see what I'm missing. Do you happen to have a list of all the font packages you have installed for Debian 4.0?

**andrewstr** · 12-01-2008 07:08 PM

I implemented the sed rewrite command for prince on my production server and the generated PDF's don't always contain the images. Sometimes I see this warning in the prince.log:

Code:

warning: Could not load PNG file

The link is good since I can use wget to download the file. Any idea on why it happening on some of the PNG's?

**andrewstr** · 12-02-2008 08:38 PM

I restored my complete wiki to a clean copy of the official VM running Deki Open Source Edition v.8.08.2. I still noticed that not all the PNG files were included when exporting to PDF.

Thread: PrinceXML with SSL

Thread Tools

Search Thread

Display

PrinceXML with SSL

tested on offical VM and the problem persists

Posting Permissions