source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml @ 2884

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml@2884
Revision 2884, 1.4 KB checked in by pjkersha, 13 years ago (diff)

Explicitly setting of SSL timeout avoids hanging client for calls over https

ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • added ref to NDGSEC_INT_DEBUG environment variable -sets service to stop in debugger at the start of each SOAP call. Service must be restarted in order for variable to be picked up

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • running unit tests with https switched on to investigate timeout problems. SM calls to an AA over https currently fail with a HTTP bad status line error

ndg.security.common/ndg/security/common/AttAuthority/init.py: improve error reporting for getAttCert call.

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • added functionality to set read and write timeouts. M2Crypto default is 600s(!). Changed default to 3s
Line 
1<?xml version="1.0" encoding="utf-8"?>
2<AAprop>
3    <name>Site A</name>
4    <portNum>5000</portNum>
5    <useSSL>Yes</useSSL> <!-- leave blank to use http -->
6    <sslCertFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</sslCertFile>
7    <sslKeyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</sslKeyFile>
8    <sslKeyPwd></sslKeyPwd>
9    <useSignatureHandler>Yes</useSignatureHandler> <!-- leave blank for no signature -->
10    <certFile>$NDGSEC_AA_UNITTEST_DIR/aa-cert.pem</certFile>
11    <keyFile>$NDGSEC_AA_UNITTEST_DIR/aa-key.pem</keyFile>
12    <keyPwd></keyPwd>
13    <caCertFile>$NDGSEC_AA_UNITTEST_DIR/cacert.pem</caCertFile>
14    <!--
15    Set the certificate used to verify the signature of messages from the
16    client.  This can usually be left blank since the client is expected to
17    include the cert with the signature in the inbound SOAP message
18    -->
19    <clntCertFile></clntCertFile>   
20    <attCertLifetime>28800</attCertLifetime>
21    <attCertNotBeforeOff>0</attCertNotBeforeOff>
22    <attCertFilePfx>ac-</attCertFilePfx>
23    <attCertFileSfx>.xml</attCertFileSfx>
24    <mapConfigFile>$NDGSEC_AA_UNITTEST_DIR/siteAMapConfig.xml</mapConfigFile>
25    <attCertDir>$NDGSEC_AA_UNITTEST_DIR</attCertDir>
26    <dnSeparator>/</dnSeparator>
27    <userRolesModFilePath>$NDGSEC_AA_UNITTEST_DIR</userRolesModFilePath>
28    <userRolesModName>siteAUserRoles</userRolesModName>
29    <userRolesClassName>TestUserRoles</userRolesClassName>
30    <userRolesPropFile></userRolesPropFile>
31</AAprop>
Note: See TracBrowser for help on using the repository browser.