Just to follow up on this, I happened to be in a call with Mischa from
NIKHEF earlier today and we took some time after the call to discuss
this peculiar problem. Mischa says he can replicate the problem -
although he is not a member of a GridPP-hosted VO, he can contact the
VOMS server and trigger the error in the client.
It seems to be due to an ancient BouncyCastle library (1.46) on SL6, as
Steve also mentioned in the call this morning.
Unfortunately Mischa says it's not possible to backport a working BC
library because they make a lot of incompatible changes between releases.
Curiously, I just set up an SL6 (6.9) box in the cloud and I cannot
replicate the error. What am I missing? This is using Java 1.7.0 and UMD3.
[jj47@vm102 ~]$ rpm -qa|grep igtf
ca_policy_igtf-iota-1.88-1.noarch
ca_policy_igtf-slcs-1.88-1.noarch
ca_policy_igtf-classic-1.88-1.noarch
ca_policy_igtf-mics-1.88-1.noarch
[jj47@vm102 ~]$ rpm -qa|grep bouncy
bouncycastle-1.46-1.el6.noarch
bouncycastle-mail-1.46-2.el6.noarch
[jj47@vm102 ~]$ voms-proxy-destroy
[jj47@vm102 ~]$ voms-proxy-init3 -voms gridpp -vomses
/etc/vomses/gridpp-voms02.gridpp.ac.uk
Enter GRID pass phrase for this identity:
Contacting voms02.gridpp.ac.uk:15000
[/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk] "gridpp"...
Remote VOMS server contacted succesfully.
Created proxy in /tmp/x509up_u500.
Your proxy is valid until Thu Nov 30 04:24:25 GMT 2017
[jj47@vm102 ~]$ voms-proxy-destroy
[jj47@vm102 ~]$ voms-proxy-init3 -voms gridpp -vomses
/etc/vomses/gridpp-voms.gridpp.ac.uk
Enter GRID pass phrase for this identity:
Contacting voms.gridpp.ac.uk:15000
[/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk] "gridpp"...
Remote VOMS server contacted succesfully.
Created proxy in /tmp/x509up_u500.
Your proxy is valid until Thu Nov 30 04:24:52 GMT 2017
[jj47@vm102 ~]$ voms-proxy-destroy
[jj47@vm102 ~]$ voms-proxy-init3 -voms gridpp -vomses
/etc/vomses/gridpp-voms03.gridpp.ac.uk
Enter GRID pass phrase for this identity:
Contacting voms03.gridpp.ac.uk:15000
[/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk] "gridpp"...
Remote VOMS server contacted succesfully.
Created proxy in /tmp/x509up_u500.
Your proxy is valid until Thu Nov 30 04:29:27 GMT 2017
[jj47@vm102 ~]$ voms-proxy-info -all
subject : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=jens sha2 jensen/CN=198921768
issuer : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=jens sha2 jensen
identity : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=jens sha2 jensen
type : RFC3820 compliant impersonation proxy
strength : 1024
path : /tmp/x509up_u500
timeleft : 11:53:48
key usage : Digital Signature, Key Encipherment, Data Encipherment
=== VO gridpp extension information ===
VO : gridpp
subject : /C=UK/O=eScience/OU=CLRC/L=RAL/CN=jens sha2 jensen
issuer : /C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk
attribute : /gridpp/Role=NULL/Capability=NULL
timeleft : 11:53:48
uri : voms03.gridpp.ac.uk:15000
|