Tahoe-LAFS

Bug #434411
Comment #4

Comment 4 for bug 434411

Revision history for this message

In Tahoe Trac #704, bewst (bewst-tahoe-trac) wrote on 2009-05-28:

Replying to [comment:2 warner]:
> Also, could you run the following steps to generate a new certificate and
> then examine it to see what the "Subject" names are?
<schnipp>

> On my OS-X system, I see "Subject: CN=newpb_thingy". Do you get the same? It
> might also help us if you could attach that dummy.pem file to this ticket
> (but of course don't use it for anything else).
>
> My current hunch is that the Foolscap-generated x509 certificates are either
> being created with corrupt (i.e. non-UTF-8) subject-name strings, or they're
> somehow being corrupted afterwards.

Looks like things are going wrong much earlier:
{{{
#!python
$ python2.5
Python 2.5.4 (r254:67916, May 6 2009, 18:40:46)
[GCC 4.0.1 (Apple Inc. build 5490)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from foolscap import Tub
>>> t = Tub(certFile="dummy.pem")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 222, in __init__
    self.setupEncryptionFile(certFile)
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 234, in setupEncryptionFile
    self.setupEncryption(certData)
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 249, in setupEncryption
    cert = self.createCertificate()
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 442, in createCertificate
    132)
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 539, in signCertificateRequest
    hlreq = CertificateRequest.load(requestData, requestFormat)
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 310, in load
    dn._copyFrom(req.get_subject())
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 64, in _copyFrom
    value = getattr(x509name, name, None)
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 0-5: unsupported Unicode code range
>>>
}}}

Replying to [comment:2 warner]:
> Also, could you run the following steps to generate a new certificate and
> then examine it to see what the "Subject" names are?
<schnipp>
 
> On my OS-X system, I see "Subject: CN=newpb_thingy". Do you get the same? It
> might also help us if you could attach that dummy.pem file to this ticket
> (but of course don't use it for anything else).
> 
> My current hunch is that the Foolscap-generated x509 certificates are either
> being created with corrupt (i.e. non-UTF-8) subject-name strings, or they're
> somehow being corrupted afterwards.

Looks like things are going wrong much earlier:
{{{
#!python
$ python2.5
Python 2.5.4 (r254:67916, May  6 2009, 18:40:46) 
[GCC 4.0.1 (Apple Inc. build 5490)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from foolscap import Tub
>>> t = Tub(certFile="dummy.pem")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 222, in __init__
    self.setupEncryptionFile(certFile)
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 234, in setupEncryptionFile
    self.setupEncryption(certData)
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 249, in setupEncryption
    cert = self.createCertificate()
  File "/opt/local/lib/python2.5/site-packages/foolscap-0.3.2-py2.5.egg/foolscap/pb.py", line 442, in createCertificate
    132)
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 539, in signCertificateRequest
    hlreq = CertificateRequest.load(requestData, requestFormat)
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 310, in load
    dn._copyFrom(req.get_subject())
  File "/opt/local/lib/python2.5/site-packages/twisted/internet/_sslverify.py", line 64, in _copyFrom
    value = getattr(x509name, name, None)
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 0-5: unsupported Unicode code range
>>> 
}}}