Ignore:
Timestamp:
11/12/06 16:44:09 (14 years ago)
Author:
pjkersha
Message:

Testing store method: if the cert/private key used for authentication has
a *different* OU to the server side then an error occurs:

SSLError: 'sslv3 alert unsupported certificate'

This happens with both pyOpenSSL (myProxyClient.py) and M2Crypto
(m2CryptoMyPxClnt.py) based code. When running myproxy-server in debug mode
it gives the corresponding message on the server side:

Error authenticating client: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gsi_gssapi: SSLv3 handshake problems
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Error with signing policy
globus_gsi_callback_module: Error in OLD GAA code: CA policy violation: <no reason given>

Exiting: authentication failed

Is this due to the globus-user-ssl.conf and globus-host-ssl.conf settings?

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/MyProxyClient/myProxyClient.py

    r1544 r1851  
    1 #!/bin/env python 
     1#!/usr/bin/env python 
    22# 
    33# myproxy client 
     
    131131    context.set_options(0x00000800L) 
    132132     
     133#    context.use_certificate_file(certFile) 
     134#    context.use_privatekey_file(keyFile)    
     135 
     136    context.use_certificate_file('../hostcert.pem') 
     137    context.use_privatekey_file('../hostkey.pem')    
     138      
    133139    # connect to myproxy server 
    134140    if debuglevel(1):    
     
    295301                       help="Certificate to be stored") 
    296302     
    297     parser.add_option("-k", "--store-key", dest="keyFile", default=None, 
     303    parser.add_option("-y", "--store-key", dest="keyFile", default=None, 
    298304                       help="Private key to be stored") 
    299305 
Note: See TracChangeset for help on using the changeset viewer.