Internal Processing Error in TR when domain constraint does not match
Bug #1464800 reported by
Stefan Paetow
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Moonshot Trust-Router |
Triaged
|
Low
|
Unassigned |
Bug Description
Today I made a spelling mistake when I set up a new trust router infrastructure. I misspelled the domain constraint for the down-stream trust router in the infrastructure, using 'l2tr.level1.
The consequence of this is that I saw an 'Internal Processing Error' during an initial TIDC request to check whether the infrastructure was set up correctly.
The log and config from the L1TR (upstream) and the config from the L2TR (down-stream) trust routers are attached.
The command used on the down-stream trust router was this:
tidc l2tr.level2.
Changed in moonshot-tr: | |
importance: | Undecided → Low |
status: | New → Triaged |
To post a comment you must log in.
The interesting output to see here would be the output from the ultimate tids. authorizations is empty for domain, so that function returns -1. It probably should print an error at that point.
Looking at the code, what's probably happening is that the intersected constraint set in handle_
In this instance we have an authorization problem. It's not clear we want to return a very helpful error to the client (or intermediate trust routers).
How reasonable would it be to return "unauthorized request" or similar in this situation? Or perhaps better "Responding TIDS declines authorization," to give someone a hint that what they really want to do is look at the tids logs.