Bug 4188 – trigger/container faisl on just expired proxy and can not recover

Bug 4188 - trigger/container faisl on just expired proxy and can not recover

Summary:

trigger/container faisl on just expired proxy and can not recover

Status:	RESOLVED FIXED

Product:	Java WS Core
Component:	globus_wsrf_core
Version:	4.0.1
Platform:	All All

Importance:	P3 major
Target Milestone:	---
Assigned To:	Jarek Gawor

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2006-02-01 16:25 by mei-hui su
Modified:	2006-02-15 15:01 (History)

Attachments
container log (33.31 KB, text/plain) 2006-02-01 16:57, mei-hui su	Details
container log with HEAD GT (73.50 KB, text/plain) 2006-02-02 14:51, mei-hui su	Details
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From mei-hui su 2006-02-01 16:25:18

Hi,
  I have a small monitoring setup for esg that runs on X509_USER_PROXY instead
of the default host container cert/key. That proxy is being refreshed everyday
at the same time. It seems if container with trigger hit that time exactly 
right that it detects invalid proxy but even with that proxy being refreshed,
container never recovers. I have seen this on solaris 10 box using stock GT4.0.1
and also on a linux box (Using HEAD).

mei

------- Comment #1 From mei-hui su 2006-02-01 16:57:01 -------

Created an attachment (id=836) [details]
container log

The proxy expired around 2006-01-24 16:12:09
replaced it with a long-live one around Jan 24 17:45

------- Comment #2 From mei-hui su 2006-02-02 14:51:55 -------

Created an attachment (id=839) [details]
container log with HEAD GT

the time when the proxy got renewed is:
Feb  2 12:35 x509_mei

------- Comment #3 From mei-hui su 2006-02-02 14:56:59 -------

Hi,
  I installed a similar setup with HEAD. It looks like the problem
is not there anymore. So, I think there is no need to track this and
I just have to wait for a new release of GT.

thanks.
mei

------- Comment #4 From Jarek Gawor 2006-02-02 15:46:57 -------

So you only see this problem with GT 4.0.1 but not HEAD? It needs to be fixed 
either way.

------- Comment #5 From mei-hui su 2006-02-02 15:55:59 -------

Yes. only on stock 4.0.1 release. On HEAD, there are some MDS warnings coming
out after the recovery . Mike will be looking at them to make sure they
are harmless.

thanks

mei

------- Comment #6 From Rachana Ananthakrishnan 2006-02-06 15:05:55 -------

I just committed a potential fix to the 4.0 branch code. Can you please retest 
and see if you still see this error ?

Thanks,
Rachana

------- Comment #7 From Jarek Gawor 2006-02-15 15:01:14 -------

This should be fixed now in trunk & globus_4_0_branch. The main reason for this 
bug was improper socket closing in case of expired credentials. This bug also 
uncovered a number of other issues in trunk & branch, all of them should be 
addressed now. 
The container code in branch was fixed to close the right socket in case of an 
credential error (trunk was ok). The JGlobus secure socket code was updated to 
automatically close the socket in case of error during authentication. 
Also, trunk & branch was made to behave in the same way when dealing with 
expired credentials and credential refresh. For example, if server has an 
expired credential, the client will now get a nice error message indicating so. 
Also the branch credential refresh code was improved to match trunk's.