On Tue, 19 Apr 2005, Rod Walker wrote:
> Hi,
> There is a problem with the in2p3 SE. CA crl blah blah. See below for my
> desktop error, but this also happens from LCG WN's.
>
> Cheers,
> Rod.
>
> [rwalker@p9420 rwalker]$ globus-url-copy
> gsiftp://cclcgseli02.in2p3.fr/hpss/in2p3.fr/grid/atlas/datafiles/rome/digit/rome.004854.digit.dc1_pyt_tth120_bblnujjbb/rome.004854.digit.dc1_pyt_tth120_bblnujjbb._00109.pool.root.1
> file:///tmp/pants
>
> error: globus_l_ftp_control_send_cmd_cb: gss_init_sec_context failed
>
> GSS failure:
> GSS Major Status: Authentication Failed
> GSS Minor Status Error Chain:
>
> init_sec_context.c:171: gss_init_sec_context: SSLv3 handshake problems
> globus_i_gsi_gss_utils.c:881: globus_i_gsi_gss_handshake: Unable to
> verify remote side's credentials
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Do you have the latest CA rpms on your desktop?
For me it works fine with version 0.28 (also with 0.27).
It is known that various sites have not upgraded their CA rpms yet.
> globus_i_gsi_gss_utils.c:854: globus_i_gsi_gss_handshake: SSLv3
> handshake problems: Couldn't do ssl handshake
> OpenSSL Error: s3_clnt.c:840: in library: SSL routines, function
> SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
> globus_gsi_callback.c:351: globus_i_gsi_callback_handshake_callback:
> Could not verify credential
> globus_gsi_callback.c:490: globus_i_gsi_callback_cred_verify: Could not
> verify credential
> globus_gsi_callback.c:850: globus_i_gsi_callback_check_signing_policy:
> Error with signing policy
> globus_gsi_callback.c:1058: globus_i_gsi_callback_check_gaa_auth: Error
> in OLD GAA code: CA policy violation: <no reason given>
>
>
|