Bug #5893

CREAM Proxy Error at GridFTP connexion

Added by Schwarz Lionel almost 7 years ago. Updated almost 7 years ago.

Status:ResolvedStart date:01/22/2014
Priority:NormalDue date:
Assigned To:Schwarz Lionel% Done:

0%

Category:gLite adaptors
Target version:1.0.1

Description

At job submission, JSAGA tries to connect to the GridFTP server with the VOMS proxy used to connect to Cream.
[2014-01-21 14:42:24,422] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel sending: AUTH GSSAPI
[2014-01-21 14:42:24,432] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel received: 334 Using authentication type; ADAT must follow.
[2014-01-21 14:42:26,885] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel received: 530-globus_xio: Authentication Error
530-globus_gsi_gssapi: Error with GSI proxy
530-globus_gsi_proxy: Error with X509 structure: Couldn't convert X509 proxy cert from DER encoded to internal form
530-OpenSSL Error: asn1_lib.c:150: in library: asn1 encoding routines, function ASN1_get_object: header too long
530 End.

This happens with JDK 1.7.0_45 and later but not with 1.7.0_03

History

#7 Updated by Schwarz Lionel almost 7 years ago

  • Status changed from New to Suspended

#9 Updated by Schwarz Lionel almost 7 years ago

  • Status changed from Suspended to Resolved
  • Target version set to 1.0.1

Enables TLSv1.1 for SSL socket (avoid split of packets)

#10 Updated by Schwarz Lionel almost 7 years ago

  • Status changed from Resolved to In progress

Bug still reproducible on cream://sbgce2.in2p3.fr:8443

#11 Updated by Schwarz Lionel almost 7 years ago

  • Status changed from In progress to Resolved

"jsse.enableCBCProtection" must be set to "false" at startup (done in SagaFactoryImpl).

The default value for this SP seems to have been changed from "false" to "true" between jdk7u3 and next.

http://confessionsofalinuxpenguin.blogspot.fr/2013_05_01_archive.html
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/discussion/GeneralDiscussions/post/25/Java-6u29-bug-prevents-SSL-connection-to-SQL-Server-2008-R2

Also available in: Atom PDF