Bug 752414

Description of problem:
Generate CA certificate and then generate server/client certificates signed by CA ( Bug 746251 ).
Use those certificate for aviary SSL setup and condor_schedd ends with an exception.

11/09/11 13:58:12 (pid:3508) axis2_ssl_utils_initialize_ctx failed
11/09/11 13:58:12 (pid:3508) SSL/TLS requested but configuration failed
11/09/11 13:58:12 (pid:3508) ERROR "Unable to configure AviaryProvider. Exiting..." at line 57 in file /builddir/build/BUILD/condor-7.6.4/src/condor_contrib/aviary/src/AviaryScheddPlugin.cpp
Stack dump for process 3508 at timestamp 1320843492 (11 frames)
condor_schedd(dprintf_dump_stack+0x4a)[0x81a378a]
condor_schedd[0x81d8be6]
[0x2e3420]
/lib/libc.so.6(abort+0x221)[0x87e821]
condor_schedd(_EXCEPT_+0xa6)[0x81b32d6]
/usr/lib/condor/plugins/AviaryScheddPlugin-plugin.so(_ZN6aviary3job18AviaryScheddPlugin15earlyInitializeEv+0x25f)[0x59f76f]
condor_schedd(_ZN19ScheddPluginManager15EarlyInitializeEv+0x33)[0x80bdf73]
condor_schedd(_Z9main_initiPPc+0xb5)[0x8116185]
condor_schedd(main+0x1171)[0x8147971]
/lib/libc.so.6(__libc_start_main+0xdc)[0x869e9c]
condor_schedd[0x80bdb41]


Version-Release number of selected component (if applicable):
condor-7.6.5-0.6
condor-aviary-7.6.5-0.6

How reproducible:
100%

Steps to Reproduce:
[Generate certificates]
Use script from Bug 746251
~]# mrg_gen_ssl_certs.sh

[List all private keys]
~]# certutil -K -d ~/CA_db/

[Export certificates from database]
~]# cd ~/CA_db/
~/CA_db]# pk12util -d . -k passwordfile -o ca.p12     -n "NSS Certificate
DB:CAnick"
~/CA_db]# pk12util -d . -k passwordfile -o client.p12 -n "NSS Certificate
DB:client_..."
~/CA_db]# pk12util -d . -k passwordfile -o serv.p12   -n "NSS Certificate
DB:serv_..."

[Change certificate format]
~/CA_db]# openssl pkcs12 -in client.p12 -out client.pem -nodes
~/CA_db]# openssl pkcs12 -in serv.p12   -out serv.pem   -nodes
~/CA_db]# openssl pkcs12 -in ca.p12     -out ca.pem     -nodes

[Verify certificates]
~/CA_db]# mkdir /tmp/ssl
~/CA_db]# cp *.pem /tmp/ssl
~/CA_db]# cd /tmp/ssl
/tmp/ssl]# openssl verify -CAfile                    ./ca.pem serv.pem client.pem
/tmp/ssl]# openssl verify -purpose sslclient -CAfile ./ca.pem serv.pem client.pem
/tmp/ssl]# openssl verify -purpose sslserver -CAfile ./ca.pem serv.pem client.pem
/tmp/ssl]# openssl verify -purpose any       -CAfile ./ca.pem serv.pem client.pem

/tmp/ssl]# for i in *.pem ; do openssl x509 -noout -in $i -hash; done
5be5959f
5be5959f
5be5959f

/tmp/ssl]# grep CN= *
ca.pem:subject=/CN=CAcert
ca.pem:issuer=/CN=CAcert
client.pem:subject=/CN=CAcert
client.pem:issuer=/CN=CAcert
client.pem:subject=/CN=client_dhcp...
client.pem:issuer=/CN=CAcert
serv.pem:subject=/CN=CAcert
serv.pem:issuer=/CN=CAcert
serv.pem:subject=/CN=serv_dhcp...
serv.pem:issuer=/CN=CAcert

/tmp/ssl]# ls 
ca.pem  client.pem  serv.pem

/tmp/ssl]# condor_config_val -dump | grep SSL
QUERY_SERVER.AVIARY_SSL = True
QUERY_SERVER.AVIARY_SSL_CA_DIR = /tmp/ssl/
QUERY_SERVER.AVIARY_SSL_CA_FILE = /tmp/ssl/ca.pem
QUERY_SERVER.AVIARY_SSL_SERVER_CERT = /tmp/ssl/serv.pem
QUERY_SERVER.AVIARY_SSL_SERVER_KEY = /tmp/ssl/serv.pem
SCHEDD.AVIARY_SSL = True
SCHEDD.AVIARY_SSL_CA_DIR = /tmp/ssl/
SCHEDD.AVIARY_SSL_CA_FILE = /tmp/ssl/ca.pem
SCHEDD.AVIARY_SSL_SERVER_CERT = /tmp/ssl/serv.pem
SCHEDD.AVIARY_SSL_SERVER_KEY = /tmp/ssl/serv.pem

  
Actual results:
condor_schedd created exception

Expected results:
condor_schedd runs

Additional info: