Bug 6552 - auto container CA will not work with GridFTP
: auto container CA will not work with GridFTP
Status: RESOLVED FIXED
: Nimbus
AutoContainer
: TP2.1
: PC Linux
: P3 normal
: TP2.1
Assigned To:
:
:
:
: 6981
  Show dependency treegraph
 
Reported: 2008-11-24 13:10 by
Modified: 2010-03-25 20:37 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-11-24 13:10:00
GridFTP will not serve client certificates created with the embedded auto
container CA.  Here is the error:

530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Invalid CRL: Couldn't verify that the available
CRL is valid
530-OpenSSL Error: tasn_dec.c:710: in library: asn1 encoding routines, function
ASN1_TEMPLATE_NOEXP_D2I: nested asn1 error Field=issuer, Type=AUTHORITY_KEYID


I think the solution for this is to add this missing authority keyid field. 
Bug should only be closed when GridFTP is working end to end with this type of
CA (so that we can provide some easy steps to get not just Nimbus going quickly
but the whole cloud configuration).
------- Comment #1 From 2010-03-12 10:53:54 -------
Let's try to solve this one.  Having an admin be able to take the new installer
and arrive at a full cloud-config much more easily (not necessarily *just*
using the installer this time around) is something we should really shoot for. 
I can deal with the parts in Java where the CA is created to try and fix the
issue but hoping to get a little QA help on testing end to end install that
includes a GridFTP installation.
------- Comment #2 From 2010-03-25 20:36:29 -------
Fix merged to master

http://github.com/nimbusproject/nimbus/commit/dd7d66495ad4569d2fed0e74c0875ea245da1686

EzPz CA can now write out a valid .r0 file which GridFTP 
accepts.  And web autoca.py now makes this happen during install.
------- Comment #3 From 2010-03-25 20:37:11 -------
Sorry, should have recorded: master for Nimbus 2.4