Code for setting up of a temporary CA, is currently dependent on the output being formatted in a specify way, particularly the output of openssl x509 --subject; in version 1.1.1 of Openssl, the format of the output has changed, so the code needs to be made more robust, to ensure it doesn't break in the future.
When the signing_policy file contains the extra spaces in the CN, the error looks like this:
client: GSS Major Status: Authentication Failed GSS Minor Status Error Chain: globus_gsi_gssapi: SSL handshake problems globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: Error with signing policy globus_gsi_callback_module: Error in OLD GAA code: No policy definitions for CA "/O=ESGF/OU=ESGF.ORG/CN=esgf-dev1.llnl.gov-CA" in signing policy file /etc/grid-security/certificates/c6645765.signing_policy
pchengi
commented
5 years ago
Code for setting up of a temporary CA, is currently dependent on the output being formatted in a specify way, particularly the output of openssl x509 --subject; in version 1.1.1 of Openssl, the format of the output has changed, so the code needs to be made more robust, to ensure it doesn't break in the future. When the signing_policy file contains the extra spaces in the CN, the error looks like this:
client: GSS Major Status: Authentication Failed GSS Minor Status Error Chain: globus_gsi_gssapi: SSL handshake problems globus_gsi_callback_module: Could not verify credential globus_gsi_callback_module: Error with signing policy globus_gsi_callback_module: Error in OLD GAA code: No policy definitions for CA "/O=ESGF/OU=ESGF.ORG/CN=esgf-dev1.llnl.gov-CA" in signing policy file /etc/grid-security/certificates/c6645765.signing_policy