Bug 4917 – GridShib-CA generates poor error message if MyProxy fails

Bug 4917 - GridShib-CA generates poor error message if MyProxy fails

Summary:

GridShib-CA generates poor error message if MyProxy fails

Status:	CLOSED FIXED

Product:	GridShib
Component:	GridShib-CA
Version:	0.3
Platform:	Macintosh All

Importance:	P3 normal
Target Milestone:	beta
Assigned To:	Von Welch

URL:
Keywords:

Depends on:
Blocks:	5823
	Show dependency tree / graph

Reported:	2006-12-16 14:31 by Von Welch
Modified:	2009-08-26 22:25 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Von Welch 2006-12-16 14:31:19

If MyProxy fails a poor error message is generated by the GridShib-CA:
ERROR: Error signing certificate request: Error getting credential from
MyProxy: Error reading credential: Error reading certificate #1

Full session logs:

Dec 15 08:17:58 computer GridShib-CA-myproxy (generateCred.cgi)[2020]:
Requesting lifetime of 43200
Dec 15 08:17:58 computer GridShib-CA-myproxy (generateCred.cgi)[2020]: MyProxy
request: username = XXXXXX@openidp.org lifetime = 43200
Dec 15 08:17:58 computer myproxy-server: <1672> Connection from 127.0.0.1
Dec 15 08:17:58 computer myproxy-server: <2023> Authenticated client
/C=US/O=NCSA-TEST/OU=User/CN=SP-Service
Dec 15 08:17:58 computer myproxy-server: <2023> trusted retrievers policy
matched
Dec 15 08:17:59 computer myproxy-server: <2023> Received GET request from
/C=US/O=NCSA-TEST/OU=User/CN=SP-Service
Dec 15 08:17:59 computer myproxy-server: <2023> issuing certificate for user
XXXXXX@openidp.org with DN "/C=US/O=NCSA-TEST/OU=User//CN=XXXXXX@openidp.org"
Dec 15 08:17:59 computer myproxy-server: <2023> Error opening certificate file
/usr/local/SP-CA/cert.pem Internal cert generation failed CA failed to generate
certificate
Dec 15 08:17:59 computer myproxy-server: <2023> No such file or directory
Dec 15 08:17:59 computer GridShib-CA-myproxy (generateCred.cgi)[2020]: ERROR:
Error signing certificate request: Error getting credential from MyProxy: Error
reading credential: Error reading certificate #1
Dec 15 08:17:59 computer myproxy-server: <2023> Client
/C=US/O=NCSA-TEST/OU=User/CN=SP-Service disconnected

------- Comment #1 From Von Welch 2006-12-16 14:32:18 -------

*** Bug 4916 has been marked as a duplicate of this bug. ***

------- Comment #2 From Von Welch 2007-02-26 22:37:26 -------

The issue here is that the MyProxy server is failing after the cient sends the
certificate request (when it tries to sign it). There is no defined method in
the current GSI delegation protocol to handle an error at this point. The
client is expecting a byte with the number of certificates at this point, and
MyProxy is returning some error message instead. Probably the right thing to do
would be to define a number of certificates == 0 as being an error, with an
application-specific error message to follow.

Until that (or something similar) is defined and implemented in the MyProxy
server, the GridShib client code can do no better than it is today.

------- Comment #3 From Jim Basney 2007-02-28 09:41:44 -------

The corresponding MyProxy bug is
<http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=359>.

------- Comment #4 From Von Welch 2009-04-19 08:15:46 -------

As of the MyProxy 4.6 release, this has been fixed in MyProxy. Should now
verify in GS-CA.

------- Comment #5 From Von Welch 2009-08-03 22:59:13 -------

Similar fixes applied to perl code as applied to C code. Here is a new example
error message:

Failure signing request: Error getting credential from MyProxy: Error from
MyProxy server (more details in srver log): Certificate generation failure.

Committed to 0.5 branch, slated for release in 1.0

------- Comment #6 From Von Welch 2009-08-26 22:25:35 -------

In 1.0.0 release.