Bug 6528 – Add locking to openssl serial file in GridShibCA::OpenSSLCA.pm

Bug 6528 - Add locking to openssl serial file in GridShibCA::OpenSSLCA.pm

Summary:

Add locking to openssl serial file in GridShibCA::OpenSSLCA.pm

Status:	RESOLVED FIXED

Product:	GridShib
Component:	GridShib-CA
Version:	0.5.1
Platform:	All All

Importance:	P3 normal
Target Milestone:	---
Assigned To:	Von Welch

URL:
Keywords:

Depends on:
Blocks:	6808
	Show dependency tree / graph

Reported:	2008-11-06 11:54 by Von Welch
Modified:	2009-12-08 20:30 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Von Welch 2008-11-06 11:54:02

There currently is no locking on the openssl serial file in
GridShibCA::OpenSSLCA.pm. This could cause undefined behavior for concurrent
certificate generations. I suspect they would either reuse the same serial
number or fail outright depending on the exact semantics of perl and the
underlying OS.

------- Comment #1 From Von Welch 2009-12-08 20:30:32 -------

Committed to head of CVS. Slated for 2.0
Uses Fcntl::flock()
Added LockFile parameter to gridshib-ca.conf to specify file to use for
locking.