You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
CRITICAL | This severity level implies that the process has been completely shut off and no further action can be taken. |
MAJOR | This is a significant flaw that causes the system to fail. However, certain parts of the system remain functional. |
MEDIUM | This flaw results in unfavorable behavior but the system remains functioning. |
LOW | This type of flaw won’t cause any major breakdown in the system. |
List of identified issues in this category (click on the title to show details)
NET-001: Incomplete SSL certificate chain
Description | A website with this SSL misconfiguration might work fine in the browser, but it won't work for clients that do not support AIA Fetching, e.g. in Python. The error can be reproduced with `curl`, it will return error: "curl: (60) SSL certificate problem: unable to get local issuer certificate". The website can be also tested on https://www.ssllabs.com/ssltest/index.html . |
|---|
Estimated severity | CRITICAL |
|---|
Examples | |
|---|
Suggested action | Test your website, configure properly your webserver |
|---|
How communicated | Monitoring system 11 HEIs (6 providers) in PROD, 9 HEIs (7 providers) in DEV |
|---|
NET-002: Expired SSL certificate
Description | Expired SSL certificate |
|---|
Estimated severity | CRITICAL |
|---|
Examples | |
|---|
Suggested action | The certificate needs to be renewed |
|---|
How communicated | Monitoring system At least 3 HEIs (2 providers) in PROD, 39 HEIs (9 providers) in DEV |
|---|
NET-003: Wrong answer to a CNR or GET as part of CNR
Description | According to specification “Once you receive a change notification, you respond with HTTP 200, and add the received identifiers to a queue. Later on, in the background, you will attempt to update your locally stored information on the received entities (e.g. by calling the get endpoints of the APIs which describe this entity). You SHOULD NOT try to refresh your data before sending your CNR API response. Refreshing the data (e.g. calling the get endpoint) is a separate operation, and the result of this operation MUST NOT influence the HTTP response of your CNR API” A number of partner send some error codes instead. |
|---|
Estimated severity | CRITICAL |
|---|
Examples | |
|---|
Suggested action | Enforce absolute compliance with the specification |
|---|
How communicated | Email correspondence with providers, testing sessions, GitHub This error was encountered in a number of mobility systems |
|---|