Bug 3020 - Non-readable, un-involved CA cert in trusted certs directory causes failure
: Non-readable, un-involved CA cert in trusted certs directory causes failure
Status: RESOLVED FIXED
: GSI C
Credentials and Proxies
: 1.1.3
: Macintosh All
: P3 minor
: ---
Assigned To:
:
: C/Java
:
:
  Show dependency treegraph
 
Reported: 2005-03-27 22:27 by
Modified: 2008-08-12 13:30 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-03-27 22:27:51
If any CA certificate, even one not involved in any way with the current
transaction (i.e. it issued neither client or server certificate), is
unreadable, GSI craps out: 

GSS Minor Status Error Chain:
globus_gsi_gssapi: Error with gss context
OpenSSL Error: bss_file.c:109: in library: BIO routines, function BIO_new_file:
system lib
OpenSSL Error: bss_file.c:104: in library: system library, function fopen:
Permission denied fopen('/etc/grid-security/certificates/4a6cd8b1.0','r')
OpenSSL Error: pem_lib.c:637: in library: PEM routines, function PEM_read_bio:
no start line Expecting: CERTIFICATE
------- Comment #1 From 2005-03-29 11:05:26 -------
Should be fixed now.

/Sam
------- Comment #2 From 2005-03-29 21:18:02 -------
I guess the same problem exists in Java land:

~/cvs/head/wsrf/install:21:14:19: ./bin/globus-start-container     
2005-03-29 21:15:28,004 ERROR gsi.TrustedCertificates [main,loadCert:189] Certif
icate /etc/grid-security/certificates/42864e48.0 failed to load.
java.io.FileNotFoundException: /etc/grid-security/certificates/42864e48.0 (Permi
ssion denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:91)
        at java.io.FileInputStream.<init>(FileInputStream.java:54)
        at java.io.FileReader.<init>(FileReader.java:33)
        at org.globus.gsi.CertUtil.loadCertificate(CertUtil.java:121)
        at org.globus.gsi.TrustedCertificates.loadCert(TrustedCertificates.java:
173)
        at org.globus.gsi.TrustedCertificates.reload(TrustedCertificates.java:12
8)
        at org.globus.gsi.TrustedCertificates.getDefault(TrustedCertificates.jav
a:228)
        at org.globus.gsi.ptls.PureTLSTrustedCertificates.getDefaultPureTLSTrust
edCertificates(PureTLSTrustedCertificates.java:72)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.setTrustedCertificates(Glo
busGSSContextImpl.java:729)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.init(GlobusGSSContextImpl.
java:621)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSCo
ntextImpl.java:455)
        at org.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java
:98)
        at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:136
)
        at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:15
6)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja
va:433)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2726)
        at org.apache.axis.client.Call.invoke(Call.java:2709)
        at org.apache.axis.client.Call.invoke(Call.java:2385)
        at org.apache.axis.client.Call.invoke(Call.java:2308)
        at org.apache.axis.client.Call.invoke(Call.java:1765)
        at org.oasis.wsrf.properties.GetResourcePropertySOAPBindingStub.getResou
rceProperty(GetResourcePropertySOAPBindingStub.java:397)
        at org.globus.wsrf.container.ServiceContainer.listServices(ServiceContai
ner.java:464)
        at org.globus.wsrf.container.ServiceContainer.main(ServiceContainer.java
:394)
        at java.lang.reflect.Method.invoke(Native Method)
        at org.globus.bootstrap.BootstrapBase.launch(BootstrapBase.java:92)
        at org.globus.bootstrap.Bootstrap.main(Bootstrap.java:34)
------- Comment #3 From 2005-03-30 00:15:41 -------
I fixed the Java code for CA cert and CRL loading.