search

DIRACGrid / DIRAC

DIRAC Grid
http://diracgrid.org
GNU General Public License v3.0
112 stars 174 forks source link

Change level of message in SocketInfo.py #1310

Closed closier closed 11 years ago

closier commented 11 years ago

Would it be possible to change the level of the following message from gLogger.warn to gLogger.debug in order to do not pollute the LOG of services/agent.

line118 gLogger.warn( "Server is not who it's supposed to be", "Connecting to %s and it's %s" % ( self.infoDict[ 'hostname' ], hostnameCN ) )

line 331 gLogger.warn( "Server is not who it's supposed to be", "Connecting to %s and it's %s" % ( self.infoDict[ 'hostname' ], hostnameCN ) )

atsareg commented 11 years ago

Normally the server certificate must carry the name of the server, otherwise authorization should not be granted. We are just giving warning for the moment, but it will be an error in the future. Why in your case the host certificate does not correspond to the host itself ?

closier commented 11 years ago

YOu should ask the PIC people. it is the LHCB web machine at PIC. But it is filling all the log with this useless message since months..

Joel Closier PH-LBC, Physics Department CERN, CH-1211 Genève 23 LHCb Experiment, Core Computing & Software Group Office 2-R-001, Tel : +41 22 767 7172, Fax : +41 22 766 9978 GSM : +41 76 487 0381 mailto:Joel.Closier@cern.ch

Le 06/03/13 11:48, Andrei Tsaregorodtsev a écrit :

Normally the server certificate must carry the name of the server, otherwise authorization should not be granted. We are just giving warning for the moment, but it will be an error in the future. Why in your case the host certificate does not correspond to the host itself ?

— Reply to this email directly or view it on GitHub https://github.com/DIRACGrid/DIRAC/issues/1310#issuecomment-14493185.

atsareg commented 11 years ago

The code ( SocketInfo,py ) is actually dealing with this case but somehow failing with the PIC host. To debug this, intervention on the production Configuration Services would be needed, I think.

graciani commented 11 years ago

In fact there is a bug

  def __isSameHost( self, hostCN, hostConn ):
    """ Guess if it is the same host or not
    """
    hostCN_m = hostCN
    if '/' in hostCN:
      hostCN_m = hostCN.split( '/' )[1]
    if hostCN_m == hostConn:
      return True
    result = checkHostsMatch( hostCN_m, hostCN )
    ...

should rather be:

  def __isSameHost( self, hostCN, hostConn ):
    """ Guess if it is the same host or not
    """
    hostCN_m = hostCN
    if '/' in hostCN:
      hostCN_m = hostCN.split( '/' )[1]
    if hostCN_m == hostConn:
      return True
    result = checkHostsMatch( hostCN_m, hostConn )
    ...