Bug 819123
| Summary: | Requesting certificate on Android browser causes SIGSEGV on server | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Kenny Root <kenny> | ||||||
| Component: | EE/Agent/Admin Servlets | Assignee: | Dmitri Pal <dpal> | ||||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 9.0 | CC: | benl, jgalipea, jmagne, mharmsen, mniranja, nkinder | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | pki-common-8.1.4-1.el5pki redhat-pki-ca-ui-8.1.1-1.el5pki | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2014-08-29 01:42:19 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 760283 | ||||||||
| Attachments: |
|
||||||||
|
Description
Kenny Root
2012-05-04 22:40:39 UTC
Created attachment 582229 [details]
crash dump
Note that this JNI library appears to be removed in tip-of-tree dev branch. Kenny, Could you provide Dogtag version and Android browser name and version? and Android version too. Sorry, I somehow missed your request for information. I am using Dogtag from FC16 (e.g., pki-common-9.0.19-1.fc16.noarch) The Android browser is the built-in Browser from a Galaxy Nexus on ICS 4.0.4. Do you remember enrollment type that you have selected? Could try it again and attach piece of debug log related to this enrollment? I asked for fragment of file that is usually located in /var/lib/pki-ca/logs/debug showing enrollment that you have performed. You may edit this file to erase your private information. If there is anything interesting related to this enrollment in other log files please attach corresponding file fragments too. I also need enrollment type that you have selected from your browser and preferably data entered during this enrollment. I am not interested in your PKCS7 files. Created attachment 599880 [details]
patch eliminating CA crash
git push Counting objects: 43, done. Delta compression using up to 4 threads. Compressing objects: 100% (21/21), done. Writing objects: 100% (24/24), 3.08 KiB, done. Total 24 (delta 19), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/pki.git 6ff5c17..87c92d0 DOGTAG_9_BRANCH -> DOGTAG_9_BRANCH git push Counting objects: 43, done. Delta compression using up to 4 threads. Compressing objects: 100% (21/21), done. Writing objects: 100% (24/24), 3.04 KiB, done. Total 24 (delta 19), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/pki.git 4e1010b..7168edc master -> master git push Counting objects: 19, done. Delta compression using up to 4 threads. Compressing objects: 100% (8/8), done. Writing objects: 100% (10/10), 770 bytes, done. Total 10 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/pki.git a3af1af..6fa7797 DOGTAG_9_BRANCH -> DOGTAG_9_BRANCH #--------------------------------------------------------#
Versions:
Name : pki-ca Relocations: (not relocatable)
Version : 8.1.1 Vendor: Red Hat, Inc.
Release : 1.ecc.el5pki Build Date: Tue 12 Mar 2013 03:00:56 PM EDT
Install Date: Wed 13 Mar 2013 05:05:43 PM EDT Build Host: payday.dsdev.sjc.redhat.com
Group : System Environment/Daemons Source RPM: pki-ca-8.1.1-1.ecc.el5pki.src.rpm
Size : 924349 License: GPLv2 with exceptions
#--------------------------------------------------------#
Install and configure CA
[root@nocp4 pki-ca-feb8-inst1-nocp4]# /etc/init.d/pki-ca-feb8-inst1-nocp4 status
pki-ca-feb8-inst1-nocp4 (pid 2208) is running ...
Unsecure Port = http://nocp4.dsdev.sjc.redhat.com:9180/ca/ee/ca
Secure Agent Port = https://nocp4.dsdev.sjc.redhat.com:9443/ca/agent/ca
Secure EE Port = https://nocp4.dsdev.sjc.redhat.com:9444/ca/ee/ca
Secure Admin Port = https://nocp4.dsdev.sjc.redhat.com:9445/ca/services
EE Client Auth Port = https://nocp4.dsdev.sjc.redhat.com:9446/ca/eeca/ca
PKI Console Port = pkiconsole https://nocp4.dsdev.sjc.redhat.com:9445/ca
Tomcat Port = 9701 (for shutdown)
PKI Instance Name: pki-ca-feb8-inst1-nocp4
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
======================================================
Name: pki-ca-ecc-08022013-1
URL: https://nocp4.dsdev.sjc.redhat.com:9445
======================================================
#--------------------------------------------------------#
1. Download Android SDK from below link
https://developer.android.com/sdk/index.html
SDK: http://dl.google.com/android/android-sdk_r21.1-linux.tgz
#--------------------------------------------------------#
2. Extracted SDK on Red Hat Enterprise Linux Workstation release 6.3 (Santiago) 32 bit.
3. Install the below packages before starting to run android simulator:
yum install glibc.i686 ncurses-libs.i686 libstdc++.i686 libX11.i686 libXrandr.i686 SDL.i686
#--------------------------------------------------------#
4. Extract android-sdk_r21.1-linux.tgz
From /home/test/android-sdk-linux/tools installed below Tools:
Android SDK tools
Android SDK Platform tools
Android 4.1.2 (SDK platfrom)
#--------------------------------------------------------#
5. Create virtual device image:
cd /home/test/android-sdk-linux/tools/
./android create avd -n cs8.1.2 -t 4
Auto-selecting single ABI armeabi-v7a
Created AVD 'cs8.1.2' based on Google APIs (Google Inc.), ARM (armeabi-v7a) processor,
with the following hardware config:
hw.lcd.density=240
vm.heapSize=48
hw.ramSize=512
#--------------------------------------------------------#
6. Start the Emulator
$ cd /home/test/android-sdk-linux/tools/
$ ./emulator @cs8.1.2
#--------------------------------------------------------#
7. From the apps, select Browser and type the url " https://nocp4.dsdev.sjc.redhat.com:9444/ca/ee/ca"
#--------------------------------------------------------#
8. A security Warning will be displayed , selected "Continue"
#--------------------------------------------------------#
9. Select "SSL End User services"
#--------------------------------------------------------#
10. Select "Manual User Dual-Use Certificate Enrollment"
i) Key Gen Request type: "keygen"
ii)Key Generation Request: "High Grade"
iii)uid: android-1, email: android-1
iv) click on submit
#--------------------------------------------------------#
11. Request id:40000014 is returned
#--------------------------------------------------------#
12. Access " https://nocp4.dsdev.sjc.redhat.com:9443/ca/agent/ca" interface and approve the request id 40000014
#--------------------------------------------------------#
13. From the EE page on the android browser, Click on Request id: 4000014" the status is shown as "Complete" with Issued certificate serial Number:0x31b60a14,
#--------------------------------------------------------#
14. Access EE profile "Manual Dual-Use S/MIME Capabilities Certificate Enrollment" from the Android browser, , specify the details:
uid=android-2, email:android-2, click on submit,
#--------------------------------------------------------#
15. Request id:40000016 is returned
#--------------------------------------------------------#
16. Access " https://nocp4.dsdev.sjc.redhat.com:9443/ca/agent/ca" interface and approve the request id 40000016
#--------------------------------------------------------#
17. From the EE page on the android browser, Click on Request id: 4000016" the status is shown as "Complete" with Issued certificate serial Number:0x34c840e3
#--------------------------------------------------------#
Certificate issued sucessfully and No CA subsystem crash is seen.
#--------------------------------------------------------#
|