Hi all,
[sorry for being late]
The CILogon CA was the only new one introduced in 1.38, so if the
VOMS is trying to be cleaver and insert only the new ones, only
CILogon would show up.
Strangely, though, this issue was not found by OSG when they tested the
new format, not in SR of EGI-version 1.37, which was also the new format.
Could some-one with a test voms server try a completely
fresh install (or clean the CA database) and then re-populate it on
the basis of the new-format distribution?
It then should show errors for *all* CAs, since each and every CA
trust anchor file (*.pem) now has two symlinks (*.0) pointing to it, just
like what OpenSSL's c_rehash has done all along...
If even with a blank database only CILogon has troubles, it's a CILogon
problem ...
I would be really interested in the result...
As for the legacy build: as long as there is a demand for it the
IGTF will keep producing it -- don't worry!
Other option: directly use c_rehash from your favourite OpenSSL version for
your platform, and use only one symlink.
DavidG.
On 2011-02-15 17:25, Maarten Litmaath wrote:
> Hi Dimitris, all,
>
>> It seems this tasks tries to add the same CA more than one time. After a
>> talk with my colleague Christos Triantiafillidis, this new CA release
>> contains 2 symlinks for every ca file, plus the actual file. In previous
>> CA releases, only one actual file per ca certicate was present. It seems
>> VOMS cannot handle the current CAs rpm. You can downgrade to 1.37 to
>> "solve" this problem if your VOMS stoppped working.
>
> Or use the "legacy" build of the 1.38 rpms:
>
> https://dist.eugridpma.org/distribution/igtf/current-old/
>
> They want to stop providing that format, but maybe we have a good
> argument for continuing it for a while...
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
|