Bug 454559
| Summary: | OCSP returns a nullpointer exception if the request is not provided as a parameter in the GET operation | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Matthew Harmsen <mharmsen> | ||||||
| Component: | OCSP Responder | Assignee: | Matthew Harmsen <mharmsen> | ||||||
| Status: | CLOSED EOL | QA Contact: | |||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.0 | CC: | dpal, nkinder | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2020-03-27 18:39:12 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 445047 | ||||||||
| Attachments: |
|
||||||||
|
Description
Matthew Harmsen
2008-07-08 23:38:03 UTC
Created attachment 311325 [details]
DOGTAG 1.0: pki-common-1.0.0-ocsp-null-get.patch
attachment (id=311325) +awnuk Checking into trunk: svn status M base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java svn commit base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java Sending base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java Transmitting file data . Committed revision 65. Created attachment 311332 [details]
Dogtag spec file changes for pki-common
attachment (id=311332) +awnuk Checking into trunk: svn status M linux/common/pki-common.spec svn commit linux/common/pki-common.spec Sending linux/common/pki-common.spec Transmitting file data . Committed revision 66. Bug already MODIFIED. setting target CS8.0 and marking screened+ -------------------------------- OCSP client [root@pkiserv export]# OCSPClient pkiserv.pnq.redhat.com 11180 /var/lib/pki-ca/alias/ 'caSigningCert cert-pki-ca' 15 /export/ocspbin 1 URI: /ocsp/ee/ocsp Data Length: 68 Data: MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD sA2M01FNxjpKfqWl74TldtECAQ8= CertID.serialNumber=15 CertStatus=Revoked Success: Output /export/ocspbin --------------------------------- I tried with the below url from the browser (am I going the right way here ) --------- http://OCSPClient pkiserv.pnq.redhat.com:11180/ocsp/ee/ocsp/MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD --------- Result: No response from the browser about the state of the certificate ocsp debug log says: [21/Jun/2009:18:29:06][http-11444-Processor25]: OCSPServlet: java.io.EOFException Note: ----- =>AIA extension is set to http://pkiserv.pnq.redhat.com:11180/ocsp/ee/ocsp =>When I manually verify the certificate from browser Edit ->Preferences->View Certificates->Your Certificates->"Select the revoked user certificate->View Certificate viewer says "Could not verify this certificate for unknown reasons" - which is successful behaviour fora a revoked cert. => =================================== [root@pkiserv ~]# tail -15 /var/log/pki-ocsp/debug [21/Jun/2009:18:29:06][http-11444-Processor25]: evaluating expressions: ipaddress=".*" [21/Jun/2009:18:29:06][http-11444-Processor25]: evaluated expression: ipaddress=".*" to be true [21/Jun/2009:18:29:06][http-11444-Processor25]: DirAclAuthz: authorization passed [21/Jun/2009:18:29:06][http-11444-Processor25]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$NonRoleUser$][Outcome=Success][aclResource=certServer.ee.request.ocsp][Op=submit] authorization success [21/Jun/2009:18:29:06][http-11444-Processor25]: getConn: mNumConns now 2 [21/Jun/2009:18:29:06][http-11444-Processor25]: returnConn: mNumConns now 3 [21/Jun/2009:18:29:06][http-11444-Processor25]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$NonRoleUser$][Outcome=Success][Role=<null>] assume privileged role [21/Jun/2009:18:29:06][http-11444-Processor25]: Servlet Path=/ee/ocsp [21/Jun/2009:18:29:06][http-11444-Processor25]: RequestURI=/ocsp/ee/ocsp/MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD [21/Jun/2009:18:29:06][http-11444-Processor25]: PathInfo=/MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD [21/Jun/2009:18:29:06][http-11444-Processor25]: Method=GET [21/Jun/2009:18:29:06][http-11444-Processor25]: OCSPServlet: java.io.EOFException [21/Jun/2009:18:29:06][http-11444-Processor25]: CMSServlet: curDate=Sun Jun 21 18:29:06 IST 2009 id=ocspOCSP time=5 [root@pkiserv ~]# ===================================================== Via Wget: Result: In debug log [21/Jun/2009:18:58:44][http-11180-Processor24]: OCSPServlet: java.io.EOFException [root@pkiserv ca]# wget --no-check-certificate http://OCSPClient pkiserv.pnq.redhat.com:11180/ocsp/ee/ocsp/MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD --18:58:44-- http://ocspclient/ Resolving ocspclient... failed: Temporary failure in name resolution. --18:58:44-- http://pkiserv.pnq.redhat.com:11180/ocsp/ee/ocsp/MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD Resolving pkiserv.pnq.redhat.com... 192.168.63.128 Connecting to pkiserv.pnq.redhat.com|192.168.63.128|:11180... connected. HTTP request sent, awaiting response... 200 OK Length: 0 Saving to: `MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD' [ <=> ] 0 --.-K/s in 0s 18:58:44 (0.00 B/s) - `MEIwQDA+MDwwOjAJBgUrDgMCGgUABBT3QwPzI+DgueSBg4zUV9RdwWgM0AQUp4UD' saved [0/0] ============================================= |