[Swift-devel] coasters and CAs

[Ben Clifford]

In an attempt to get some automated testing of the coaster code, I made my 
own CA, generated a passwordless credential for it.

I set X509_CERT_DIR to point to a directory with my new CA in it.

I set X509_USER_CERT and X509_USER_KEY to point to those, but that 
credential didn't get picked up. (problem 1)

So I did a grid-proxy-init (which doesn't need a password) and set 
X509_USER_PROXY to that.

Running coaster to the local site (test/sites/coaster/coaster-local.xml) 
this runs OK if the CA cert is in the default CA directory 
(~benc/.globus/certificates in my case). However, it looks like if the CA 
is not in the default CA directory, it is not picked up by the coaster 
service from the setting of X509_CERT_DIR.

Running tests/misc/coaster.sh should demonstrate that it works with the CA 
files that are in tests/misc/coaster-security/ are put in the default CA 
directory, but not otherwise.

This might be a problem for sites where CAs are stored in non-default 
locations - the service side should probably pick up the cert dir from the 
environment on the service side.

--