globus openssl trouble: please upgrade to gt5.0.2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
globus-gssapi-gsi (Ubuntu) |
Fix Released
|
Undecided
|
Mattias Ellert | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libglobus-
The current Globus version is 5.0.1, using the system openssl 0.9.8o. But since openssl 0.9.8m old-style proxy certificates don't work anymore. This has been solved in Globus 5.0.2, see http://
It would be great to see a Globus upgrade to version 5.0.2, or else have this patch backported, since the current packages are unusable for me.
$ globus-version -full
Globus Toolkit 5.0.1
$ openssl version
OpenSSL 0.9.8o 01 Jun 2010
$ globus-url-copy gsiftp:
error: globus_ftp_client: the server responded with an error
530 530-globus_xio: Authentication Error
530-OpenSSL Error: s3_srvr.c:2516: in library: SSL routines, function SSL3_GET_
530-globus_
530-globus_
530 End.
$ /tmp/prefix-
-rw-r--r-- 1 wvengen wvengen 219 2011-01-17 12:18 /tmp/q
Changed in globus-gssapi-gsi (Ubuntu): | |
assignee: | nobody → Mattias Ellert (mattias-ellert-fysast) |
Changed in globus-gssapi-gsi (Ubuntu): | |
status: | Invalid → Confirmed |
Changed in globus-gssapi-gsi (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in globus-gssapi-gsi (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in globus-gssapi-gsi (Ubuntu Natty): | |
status: | New → Confirmed |
tags: |
added: verification-done removed: verification-needed |
I have been trying to investigate the reported issue and I can't figure out for which Ubuntu releases the bug is relevant.
For Ubuntu 10.04 LTS (lucid) the version of globus-gssapi-gsi is 5.9-4. Version 5.9 is the version found in Globus Toolkit 4.2.1. This is an old version that doesn't have the fix for openssl 0.9.8m or later, but lucid is using openssl 0.9.8k so using this of globus-gssapi.-gsi with the version of openssl on lucid is OK.
For Ubuntu 10.10 (maverick) and 11.04 (natty) the version of globus-gssapi-gsi is 7.5-2. Version 7.5 is the version found in Globus Toolkit 5.0.1 and 5.0.2. The code in the source package is extracted from 5.0.1 but updating to the code from 5.0.2 is pointless since it is the same version. When there is a new Globus Toolkit release only those packages that actually changed from the previous release is updated. Version 5.2 of globus-gssapi-gsi contains CVS revision 1.55.2.5 of the file globus_ i_gsi_gss_ utils.c. The change mentioned in the bug report was introduced in the 5.0 branch in CVS revision 1.55.2.2 and is therefore already part of the version of globus-gssapi-gsi that is in maverick and natty. So the bug report doesn't seem to relevant for these either.
For Ubuntu 11.11 (oneiric) the version is even newer, 7.8, found in Globus Toolkit 5.0.4.
I also don't think that the error message mentioned in the report: "Can't get the local trusted CA certificate: Cannot find trusted CA certificate with hash cab33b4a in /etc/grid- security/ certificates/ " is relevant for this issue. If the openssl compatibility was a problem you would get some internal openssl error. This seems to be just a missing CA cert in your installation.