Project

General

Profile

Bug #7988

jobsub commands do not work with proxies

Added by Parag Mhashilkar about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Parag Mhashilkar
Category:
-
Target version:
Start date:
03/01/2015
Due date:
% Done:

0%

Estimated time:
First Occurred:
Occurs In:
Stakeholders:
Duration:

Description

X509 credential you get from kx509 is not a proxy. It is a cert+key. Commands do not work with proxies.

Following needs to happen to get the commands working with proxies

  • In /etc/init.d/httpd: add following line before HTTPD_LANG=${HTTPD_LANG-"C"}
    export OPENSSL_ALLOW_PROXY_CERTS=1
  • Change jobsub_api.conf to export bunch of SSL variables
  • Handle the client subject v/s issuer subject in server side code to handle the difference between proxy and certs
  • On SL6 machines: set curl.CAINFO to proxy if it is a proxy

History

#1 Updated by Parag Mhashilkar about 6 years ago

  • Target version set to v1.1.1

#2 Updated by Parag Mhashilkar about 6 years ago

  • Status changed from New to Feedback
  • Assignee set to Dennis Box

Changes are in branch 7988-1. I have tested client on SL6 but not on SL5. Please review and test it on SL5 as well.

#3 Updated by Dennis Box about 6 years ago

  • Assignee changed from Dennis Box to Parag Mhashilkar

Tested with voms-proxy-init generated KCA proxies and grid-proxy-init generated Digicert proxies on SL5 and SL6. Everything seems to work as expected.

It is surprising to me that the nonsense values (puppet input strings) for the SSL variables in jobsub_api.conf have the desired effect. I did not experiment with taking them out to see which ones are really needed.

I am ok with merging this into master.

#4 Updated by Parag Mhashilkar about 6 years ago

  • Status changed from Feedback to Resolved

#5 Updated by Parag Mhashilkar almost 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF