Bugzilla – Bug 1469
org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate in the chain
Last modified: 2005-12-05 17:10:43
You need to
before you can comment on or make changes to this bug.
The org.globus.gsi.GlobusCredential.getTimeLeft() method (used by grid-proxy-
info -timeleft) reports the remaining lifetime of the first certificate in the
proxy chain, assuming it has the shortest lifetime of all certificates in the
chain. In rare cases (probably due to bugs in other software), users can get a
proxy credential where this assumption does not hold, i.e., a certificate
somewhere else in the chain has a shorter lifetime than the first certificate.
It would help users to diagnose these cases if getTimeLeft() checked all
certificates in the chain to get the true lifetime of the credential, i.e., the
intersection of the valid lifetimes of all the certificates.