1469 2003-12-16 14:35 org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate in the chain 2005-12-05 17:10:43 1 1 1 Unclassified CoG jglobus security 1.1 PC All RESOLVED FIXED P2 minor --- 1 jbasney@ncsa.uiuc.edu gawor@mcs.anl.gov gregor@mcs.anl.gov jbasney@ncsa.uiuc.edu 2003-12-16 14:35:51 The org.globus.gsi.GlobusCredential.getTimeLeft() method (used by grid-proxy- info -timeleft) reports the remaining lifetime of the first certificate in the proxy chain, assuming it has the shortest lifetime of all certificates in the chain. In rare cases (probably due to bugs in other software), users can get a proxy credential where this assumption does not hold, i.e., a certificate somewhere else in the chain has a shorter lifetime than the first certificate. It would help users to diagnose these cases if getTimeLeft() checked all certificates in the chain to get the true lifetime of the credential, i.e., the intersection of the valid lifetimes of all the certificates.