Bug 791197

Description of problem:
I've got 2 certificates(client.cert, server.cert) signed by one self-signed certificate(ca.crt). I've set them to aviary, but scheduler plugin didn't load them nor query server did.
I see this error in SchedLog:
2/16/12 07:42:40 (fd:11) (pid:25733) AXIS2_READ_TIMEOUT is undefined, using default value of 60000
02/16/12 07:42:40 (fd:18) (pid:25733) axis2_ssl_utils_initialize_ctx failed
02/16/12 07:42:40 (fd:17) (pid:25733) SSL/TLS requested but configuration failed
02/16/12 07:42:40 (fd:2) (pid:25733) ERROR "Unable to configure AviaryProvider. Exiting..." at line 57 in file /builddir/build/BUILD/condor-7.6.4/src/condor_contrib/aviary/src/AviaryScheddPlugin.cpp
Stack dump for process 25733 at timestamp 1329396160 (11 frames)
condor_schedd(dprintf_dump_stack+0x4a)[0x81cd9ca]
condor_schedd[0x81afb56]
[0x868420]
/lib/libc.so.6(abort+0x221)[0x445831]
condor_schedd(_EXCEPT_+0xa6)[0x81e6db6]
/usr/lib/condor/plugins/AviaryScheddPlugin-plugin.so(_ZN6aviary3job18AviaryScheddPlugin15earlyInitializeEv+0x25f)[0x3b464f]
condor_schedd(_ZN19ScheddPluginManager15EarlyInitializeEv+0x33)[0x811cef3]
condor_schedd(_Z9main_initiPPc+0xb5)[0x811a625]
condor_schedd(main+0x11e1)[0x8146a51]
/lib/libc.so.6(__libc_start_main+0xdc)[0x430eac]
condor_schedd[0x80bde01]

Certificates are in valid form and verification is OK too.
$ openssl verify -CAfile ca.crt ca.crt
ca.crt: OK
$ openssl verify -CAfile ca.crt server.crt 
server.crt: OK
$ openssl verify -CAfile ca.crt client.crt 
client.crt: OK

Every certificate has this form:
$ cat client.crt
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            ...
        Signature Algorithm: NULL
        Issuer: CN=...
        Validity
            Not Before: Feb 15 10:26:27 2012 GMT
            Not After : Mar 16 10:26:27 2012 GMT
        Subject: CN=....
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    ...
                Exponent: ... (...)
    Signature Algorithm: NULL
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

So they are in valid OpenSSL form.

I've found similar issue in https://bugzilla.redhat.com/show_bug.cgi?id=752414 I think nobody will edit ssl certificates. 

Version-Release number of selected component (if applicable):
condor-aviary-7.6.5-0.12
python-ssl-1.15-3.el5
openssl-0.9.8e-20.el5_7.1

How reproducible:
100%

Steps to Reproduce:
1. install condor
2. setup aviary(scheduler plugin+queryserver) with ssl with valid OpenSSL certifactes
3. start condor and watch SchedLog and QueryServerLog
  
Actual results:
Aviary doesn't work with valid certificates.

Expected results:
Aviary will work with every type of valid OpenSSL certificate in PEM format.

Additional info:

Another type of verification:
$ for i in sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper; do openssl verify -CAfile ca.crt -purpose $i server.crt; done
server.crt: OK
server.crt: OK
server.crt: OK
server.crt: OK
server.crt: OK
server.crt: OK
server.crt: OK
server.crt: OK
$ for i in sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper; do openssl verify -CAfile ca.crt -purpose $i client.crt; done
client.crt: OK
client.crt: OK
client.crt: OK
client.crt: OK
client.crt: OK
client.crt: OK
client.crt: OK
client.crt: OK
$ for i in sslclient sslserver nssslserver smimesign smimeencrypt crlsign any ocsphelper; do openssl verify -CAfile ca.crt -purpose $i ca.crt; done
ca.crt: OK
ca.crt: OK
ca.crt: OK
ca.crt: OK
ca.crt: OK
ca.crt: OK
ca.crt: OK
ca.crt: OK