Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] SSL authentication problem
- Date: Mon, 2 Jun 2008 12:00:04 +0100
- From: "Smith, Ian" <I.C.Smith@xxxxxxxxxxxxxxx>
- Subject: [Condor-users] SSL authentication problem
Hi,
After seeing the SSL tutorial on the Condor Week pages I thought I'd
give it another go. Things are fine under unix (solaris 9) but it
seems to fail completely under Windows XP. The Master log reports
this:
6/2 11:41:52 SECMAN: new session, doing initial authentication.
6/2 11:41:52 HANDSHAKE: in handshake(my_methods = 'SSL')
6/2 11:41:52 HANDSHAKE: handshake() - i am the server
6/2 11:41:52 HANDSHAKE: client sent (methods == 256)
6/2 11:41:52 HANDSHAKE: i picked (method == 256)
6/2 11:41:52 HANDSHAKE: client received (method == 256)
6/2 11:41:52 CADIR: 'c:\condor\ssl'
6/2 11:41:52 CERTFILE: 'c:\condor\ssl\host.crt'
6/2 11:41:52 KEYFILE: 'c:\condor\ssl\host.key'
6/2 11:41:52 CIPHERLIST: 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
6/2 11:41:52 Trying to accept.
6/2 11:41:52 Accept returned -1.
6/2 11:41:52 SSL: trying to continue reading.
6/2 11:41:52 Round 1.
6/2 11:41:52 Receive message.
6/2 11:41:52 Received message (2).
6/2 11:41:52 Status (c: 2, s: 2)
6/2 11:41:52 Trying to accept.
6/2 11:41:52 Accept returned -1.
6/2 11:41:52 SSL: trying to continue reading.
6/2 11:41:52 Round 2.
6/2 11:41:52 Send message (2).
6/2 11:41:52 Status (c: 2, s: 2)
6/2 11:41:52 Trying to accept.
6/2 11:41:52 Accept returned -1.
6/2 11:41:52 SSL: trying to continue reading.
6/2 11:41:52 Round 3.
6/2 11:41:52 Receive message.
6/2 11:41:52 Received message (3).
6/2 11:41:52 Status (c: 3, s: 2)
6/2 11:41:52 SSL Authentication failed
Any idea what is wrong ? I've got the DEBUG cranked up to full but is there
any way of getting more info about the problem that might be meaningful to
the openssl people ? I'm using the latest openssl binary distro and Condor
7.0.1. I'm sure that I've had the authentication working in the past but got
bogged down in the authorization details.
any help would be much appreciated,
regards,
-ian.
PS I'm still at loss to see what is stopping malicious users just copying
the host cert elsewhere. Unless it can be made readable only by the Condor
processes under Windows ??
-------------------------------------------
Dr. Ian C. Smith,
e-Science Team,
University of Liverpool
Computing Services Department.