Changeset 1851


Ignore:
Timestamp:
11/12/06 16:44:09 (13 years ago)
Author:
pjkersha
Message:

Testing store method: if the cert/private key used for authentication has
a *different* OU to the server side then an error occurs:

SSLError: 'sslv3 alert unsupported certificate'

This happens with both pyOpenSSL (myProxyClient.py) and M2Crypto
(m2CryptoMyPxClnt.py) based code. When running myproxy-server in debug mode
it gives the corresponding message on the server side:

Error authenticating client: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gsi_gssapi: SSLv3 handshake problems
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Error with signing policy
globus_gsi_callback_module: Error in OLD GAA code: CA policy violation: <no reason given>

Exiting: authentication failed

Is this due to the globus-user-ssl.conf and globus-host-ssl.conf settings?

Location:
TI12-security/trunk/python/Tests/MyProxyClient
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/MyProxyClient/m2CryptoMyPxClnt.py

    r1849 r1851  
    228228        of the stored credentials.  Only the owner can later remove  
    229229        credentials with myproxy-destroy or the destroy method.  If not set, 
    230         this argument defaults to certFile 
     230        this argument defaults to $GLOBUS_LOCATION/etc/hostcert.pem or if this 
     231        is not set, certFile 
    231232        @param ownerKeyFile: corresponding private key file.  See explanation 
    232233        for ownerCertFile 
     
    251252                          keyfile=ownerKeyFile, 
    252253                          callback=lambda *ar, **kw: ownerPassphrase) 
     254#        context.load_cert('../hostcert.pem', 
     255#                          keyfile='../hostkey.pem', 
     256#                          callback=lambda *ar, **kw: ownerPassphrase) 
    253257     
    254258        # Disable for compatibility with myproxy server (er, globus) 
     
    437441                      default=None, 
    438442                      help="Private key to be stored") 
     443     
     444    parser.add_option("-w",  
     445                      "--keyfile-passphrase",  
     446                      dest="ownerPassphrase",  
     447                      default=None, 
     448                      help="Pass-phrase for Private key used for SSL client") 
    439449 
    440450    parser.add_option("-s",  
     
    546556if __name__ == '__main__': 
    547557    main() 
     558     
  • TI12-security/trunk/python/Tests/MyProxyClient/myProxyClient.py

    r1544 r1851  
    1 #!/bin/env python 
     1#!/usr/bin/env python 
    22# 
    33# myproxy client 
     
    131131    context.set_options(0x00000800L) 
    132132     
     133#    context.use_certificate_file(certFile) 
     134#    context.use_privatekey_file(keyFile)    
     135 
     136    context.use_certificate_file('../hostcert.pem') 
     137    context.use_privatekey_file('../hostkey.pem')    
     138      
    133139    # connect to myproxy server 
    134140    if debuglevel(1):    
     
    295301                       help="Certificate to be stored") 
    296302     
    297     parser.add_option("-k", "--store-key", dest="keyFile", default=None, 
     303    parser.add_option("-y", "--store-key", dest="keyFile", default=None, 
    298304                       help="Private key to be stored") 
    299305 
Note: See TracChangeset for help on using the changeset viewer.