Dear all,
The problem with edg-fetch-crl is known and in the process of being fixed.
Before releasing an updated RPM containing the script through official
channels, we would like to do some testing to make sure nothing is broken.
Nevertheless, if you need/want to update your edg-fetch-crl script
before then, I enclosed the current fix as a very small patch file. To
use it, make sure the file contains the real path to your edg-fetch-crl
script, and simply run "patch -p0 < patch_crl".
It is also possible to check if your CRLs are up-to-date with the
following command, which will reports CRLs older than a day:
find <PATH TO YOUR CERT DIRECTORY>/*.r0 -ctime +1 -exec ls -l {} \;
There is still a problem with the SWITCH CA, which is investigated.
Regards,
Romain.
Marcin Radecki wrote:
> Hi,
>
> This RB is used by SFT to submit jobs, but it seems the machine has some
> of CRLs expired (known bug in edg-fetch-crl script). In this case the RB
> is not able to submit a job to one of CE ROC sites. That causes
> CIC-on-duty raising tickets and an avalanche of escalation e-mails to
> ROC and the site. I suppose it affects more sites... Could someone take
> care of that RB?
>
> Thanks,
> Marcin
--
Romain Wartel [log in to unmask]
C.E.R.N. http://www.cern.ch/LCG
Information Technology Division +41 22 767 49 29
Bat.28-R-020
CH-1211 Geneva 23, Switzerland
--- /opt/edg/sbin/edg-fetch-crl 2005-10-19 10:37:30.000000000 +0200
+++ /opt/edg/sbin/edg-fetch-crl 2005-10-13 12:19:40.000000000 +0200
@@ -99,7 +99,7 @@
#
# ${lynx} -source ${url} > ${destinationFile}
#
+ ${wget} --ca-directory=${locationDirectory} -q -t 3 -T 30 -O ${destinationFile} ${url}
- ${wget} -q -t 3 -T 30 -O ${destinationFile} ${url}
return $?
}
|