Bug #5893
closed
CREAM Proxy Error at GridFTP connexion
0%
Description
At job submission, JSAGA tries to connect to the GridFTP server with the VOMS proxy used to connect to Cream.
[2014-01-21 14:42:24,422] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel sending: AUTH GSSAPI
[2014-01-21 14:42:24,432] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel received: 334 Using authentication type; ADAT must follow.
[2014-01-21 14:42:26,885] DEBUG org.globus.ftp.vanilla.FTPControlChannel : Control channel received: 530-globus_xio: Authentication Error
530-globus_gsi_gssapi: Error with GSI proxy
530-globus_gsi_proxy: Error with X509 structure: Couldn't convert X509 proxy cert from DER encoded to internal form
530-OpenSSL Error: asn1_lib.c:150: in library: asn1 encoding routines, function ASN1_get_object: header too long
530 End.
This happens with JDK 1.7.0_45 and later but not with 1.7.0_03
Updated by Schwarz Lionel over 10 years ago
- Status changed from New to Suspended
Updated by Schwarz Lionel over 10 years ago
- Status changed from Suspended to Resolved
- Target version set to 1.0.1
Enables TLSv1.1 for SSL socket (avoid split of packets)
Updated by Schwarz Lionel over 10 years ago
- Status changed from Resolved to In progress
Bug still reproducible on cream://sbgce2.in2p3.fr:8443
Updated by Schwarz Lionel over 10 years ago
- Status changed from In progress to Resolved
"jsse.enableCBCProtection" must be set to "false" at startup (done in SagaFactoryImpl).
The default value for this SP seems to have been changed from "false" to "true" between jdk7u3 and next.
http://confessionsofalinuxpenguin.blogspot.fr/2013_05_01_archive.html
https://www.aquaclusters.com/app/home/project/public/aquadatastudio/discussion/GeneralDiscussions/post/25/Java-6u29-bug-prevents-SSL-connection-to-SQL-Server-2008-R2