Bug 3020 – Non-readable, un-involved CA cert in trusted certs directory causes failure

Bug 3020 - Non-readable, un-involved CA cert in trusted certs directory causes failure

Summary:

Non-readable, un-involved CA cert in trusted certs directory causes failure

Status:	RESOLVED FIXED

Product:	GSI C
Component:	Credentials and Proxies
Version:	1.1.3
Platform:	Macintosh All

Importance:	P3 minor
Target Milestone:	---
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:	C/Java

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-03-27 22:27 by Von Welch
Modified:	2008-08-12 13:30 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Von Welch 2005-03-27 22:27:51

If any CA certificate, even one not involved in any way with the current
transaction (i.e. it issued neither client or server certificate), is
unreadable, GSI craps out: 

GSS Minor Status Error Chain:
globus_gsi_gssapi: Error with gss context
OpenSSL Error: bss_file.c:109: in library: BIO routines, function BIO_new_file:
system lib
OpenSSL Error: bss_file.c:104: in library: system library, function fopen:
Permission denied fopen('/etc/grid-security/certificates/4a6cd8b1.0','r')
OpenSSL Error: pem_lib.c:637: in library: PEM routines, function PEM_read_bio:
no start line Expecting: CERTIFICATE

------- Comment #1 From Sam Meder 2005-03-29 11:05:26 -------

Should be fixed now.

/Sam

------- Comment #2 From Sam Meder 2005-03-29 21:18:02 -------

I guess the same problem exists in Java land:

~/cvs/head/wsrf/install:21:14:19: ./bin/globus-start-container     
2005-03-29 21:15:28,004 ERROR gsi.TrustedCertificates [main,loadCert:189] Certif
icate /etc/grid-security/certificates/42864e48.0 failed to load.
java.io.FileNotFoundException: /etc/grid-security/certificates/42864e48.0 (Permi
ssion denied)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:91)
        at java.io.FileInputStream.<init>(FileInputStream.java:54)
        at java.io.FileReader.<init>(FileReader.java:33)
        at org.globus.gsi.CertUtil.loadCertificate(CertUtil.java:121)
        at org.globus.gsi.TrustedCertificates.loadCert(TrustedCertificates.java:
173)
        at org.globus.gsi.TrustedCertificates.reload(TrustedCertificates.java:12
8)
        at org.globus.gsi.TrustedCertificates.getDefault(TrustedCertificates.jav
a:228)
        at org.globus.gsi.ptls.PureTLSTrustedCertificates.getDefaultPureTLSTrust
edCertificates(PureTLSTrustedCertificates.java:72)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.setTrustedCertificates(Glo
busGSSContextImpl.java:729)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.init(GlobusGSSContextImpl.
java:621)
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSCo
ntextImpl.java:455)
        at org.globus.gsi.gssapi.net.GssSocket.authenticateClient(GssSocket.java
:98)
        at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:136
)
        at org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:15
6)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.ja
va:433)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:135)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2726)
        at org.apache.axis.client.Call.invoke(Call.java:2709)
        at org.apache.axis.client.Call.invoke(Call.java:2385)
        at org.apache.axis.client.Call.invoke(Call.java:2308)
        at org.apache.axis.client.Call.invoke(Call.java:1765)
        at org.oasis.wsrf.properties.GetResourcePropertySOAPBindingStub.getResou
rceProperty(GetResourcePropertySOAPBindingStub.java:397)
        at org.globus.wsrf.container.ServiceContainer.listServices(ServiceContai
ner.java:464)
        at org.globus.wsrf.container.ServiceContainer.main(ServiceContainer.java
:394)
        at java.lang.reflect.Method.invoke(Native Method)
        at org.globus.bootstrap.BootstrapBase.launch(BootstrapBase.java:92)
        at org.globus.bootstrap.Bootstrap.main(Bootstrap.java:34)

------- Comment #3 From Jarek Gawor 2005-03-30 00:15:41 -------

I fixed the Java code for CA cert and CRL loading.