Hi Eygene,
> OK, I had installed combined WMS/LB node from gLite 3.1,
> glite-WMS-3.1.2-0 and glite-LB-3.1.1-1.
>
> Still no luck with RFC and gt3 proxies.
>
> RFC proxy fails to be validated on the WMProxy daemon:
> -----
> $ glite-wms-job-submit -a gate-alice.jdl
>
> Connecting to the service https://octopus.grid.kiae.ru:7443/glite_wms_wmproxy_server
>
>
> Connection failed: SSL_ERROR_SSL
> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
> SSL connect failed in tcp_connect()
> Error code: SOAP-ENV:Client
>
>
>
> Error - Operation failed
> Unable to find any endpoint where to perform service request
>
>
> ========================================================================
>
> <WMProxy log>:
> [Thu Jul 31 12:33:13 2008] [debug] ssl_engine_kernel.c(1165): Certificate Verification: depth: 0, subject: /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE/CN=1465040036, issuer: /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE
> [Thu Jul 31 12:33:13 2008] [error] Certificate Verification: Error (34): unhandled critical extension
> [Thu Jul 31 12:33:13 2008] [debug] ssl_engine_kernel.c(1745): OpenSSL: Write: SSLv3 read client certificate B
> [Thu Jul 31 12:33:13 2008] [debug] ssl_engine_kernel.c(1764): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Thu Jul 31 12:33:13 2008] [debug] ssl_engine_kernel.c(1764): OpenSSL: Exit: error in SSLv3 read client certificate B
> [Thu Jul 31 12:33:13 2008] [info] SSL library error 1 in handshake (server octopus.grid.kiae.ru:443, client 144.206.66.14)
> [Thu Jul 31 12:33:13 2008] [info] SSL Library Error: 336105650 error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> [Thu Jul 31 12:33:13 2008] [info] Connection to child 0 closed with abortive shutdown(server octopus.grid.kiae.ru:443, client 144.206.66.14)
> -----
Please open a bug about that.
> GT3 proxy validates within WMProxy service, but LB fails to
> verify the certificate:
GT3 proxies are obsolete, so we should not spend time to make them work.
> [...]
>
> And a bit strange thing is that FastCGI backend
> /opt/glite/bin/glite_wms_wmproxy_server is started 11 times to serve
> one request. Is it normal?
That seems to be a byproduct of using GT3 proxies; I do not see that
using legacy proxies.
> > Note that also gLite 3.0 lcg-CE nodes (still in use at many sites) and
> > other gLite 3.0 services will not work with RFC proxies.
>
> But will gLite 3.1 lcg-CEs work with GT3/RFC proxies?
Both work.
|