[Swift-devel] Re: coasters and CAs
Mihael Hategan
hategan at mcs.anl.gov
Mon May 26 12:04:32 CDT 2008
On Sun, 2008-05-25 at 23:31 +0000, Ben Clifford wrote:
> In an attempt to get some automated testing of the coaster code, I made my
> own CA, generated a passwordless credential for it.
>
> I set X509_CERT_DIR to point to a directory with my new CA in it.
>
> I set X509_USER_CERT and X509_USER_KEY to point to those, but that
> credential didn't get picked up. (problem 1)
Those are only used by grid-proxy-*. The "client" tools only use the
proxy.
>
> So I did a grid-proxy-init (which doesn't need a password) and set
> X509_USER_PROXY to that.
>
> Running coaster to the local site (test/sites/coaster/coaster-local.xml)
> this runs OK if the CA cert is in the default CA directory
> (~benc/.globus/certificates in my case). However, it looks like if the CA
> is not in the default CA directory, it is not picked up by the coaster
> service from the setting of X509_CERT_DIR.
It's normal. Your local X509_CERT_DIR should not apply to the "remote"
site. If you want that to be set, stick it as remote env variable in
sites.xml or so.
>
> Running tests/misc/coaster.sh should demonstrate that it works with the CA
> files that are in tests/misc/coaster-security/ are put in the default CA
> directory, but not otherwise.
>
> This might be a problem for sites where CAs are stored in non-default
> locations - the service side should probably pick up the cert dir from the
> environment on the service side.
>
More information about the Swift-devel
mailing list