Bug 1469 - org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate in the chain
: org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate i...
Status: RESOLVED FIXED
: CoG jglobus
security
: 1.1
: PC All
: P2 minor
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2003-12-16 14:35 by
Modified: 2005-12-05 17:10 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2003-12-16 14:35:51
The org.globus.gsi.GlobusCredential.getTimeLeft() method (used by grid-proxy-
info -timeleft) reports the remaining lifetime of the first certificate in the 
proxy chain, assuming it has the shortest lifetime of all certificates in the 
chain.  In rare cases (probably due to bugs in other software), users can get a 
proxy credential where this assumption does not hold, i.e., a certificate 
somewhere else in the chain has a shorter lifetime than the first certificate.  
It would help users to diagnose these cases if getTimeLeft() checked all 
certificates in the chain to get the true lifetime of the credential, i.e., the 
intersection of the valid lifetimes of all the certificates.