Bug 2237789 - voms-proxy-init fails on EL9 with CILogon client cert
Summary: voms-proxy-init fails on EL9 with CILogon client cert
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: voms
Version: epel9
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Mattias Ellert
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-06 23:06 UTC by Dave Dykstra
Modified: 2023-09-23 01:30 UTC (History)
2 users (show)

Fixed In Version: voms-2.1.0-0.31.rc3.fc39 voms-2.1.0-0.31.rc3.el9 voms-2.1.0-0.31.rc3.el8 voms-2.1.0-0.31.rc3.fc37 voms-2.1.0-0.31.rc3.el7 voms-2.1.0-0.31.rc3.fc38
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-09-23 00:16:57 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Dave Dykstra 2023-09-06 23:06:59 UTC
Description of problem:

On EL9 with a CILogon client cert, voms-proxy-init fails, without a helpful error message.

Version-Release number of selected component:

voms-clients-cpp-2.1.0-0.27.rc3.el9.x86_64

How reproducible:

Very, if you have a certificate registered with a voms that does not have a '509v3 Authority Key Identifier' extension.

Steps to Reproduce:
1. Get a CILogon certificate, or some other certificate that does not have the X509V3 extension '509v3 Authority Key Identifier'. 
2. voms-proxy-init --debug -cert usercred.crt.pem -key usercred.key.pem -out voms.proxy -voms yourvo:/yourvo (where yourvo is a VO that you are a member of where you have registered the certificate in usercred.crt.pem)

Actual results:

No proxy in voms.proxy, and ending messages like this:

Your proxy is valid until Thu Sep  7 11:01:52 2023
Error: verification failed.
Parameters unset!

Expected results:

A proxy in voms.proxy

Additional info:

Proposed fix has been submitted upstream at
https://github.com/italiangrid/voms/pull/120/files

I found the problem with gdb, started from the EPEL source rpm, added that patch, and it fixed the problem.

Comment 1 Dave Dykstra 2023-09-07 13:53:36 UTC
I learned that there had already been a pending PR https://github.com/italiangrid/voms/pull/113 that fixes the same problem.  Please use that one instead.

Comment 2 Fedora Update System 2023-09-14 21:19:23 UTC
FEDORA-2023-46bfc5b2b5 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-46bfc5b2b5

Comment 3 Fedora Update System 2023-09-14 21:19:25 UTC
FEDORA-EPEL-2023-2ba5671ec0 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2ba5671ec0

Comment 4 Fedora Update System 2023-09-14 21:19:26 UTC
FEDORA-2023-2788e05bf3 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-2788e05bf3

Comment 5 Fedora Update System 2023-09-14 21:19:26 UTC
FEDORA-EPEL-2023-812b5a7f61 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-812b5a7f61

Comment 6 Fedora Update System 2023-09-14 21:19:27 UTC
FEDORA-EPEL-2023-ddbc2dcc48 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ddbc2dcc48

Comment 7 Fedora Update System 2023-09-14 21:19:27 UTC
FEDORA-2023-157dcdc741 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-157dcdc741

Comment 8 Fedora Update System 2023-09-15 01:06:40 UTC
FEDORA-2023-2788e05bf3 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-2788e05bf3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-2788e05bf3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2023-09-15 02:00:48 UTC
FEDORA-2023-157dcdc741 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-157dcdc741`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-157dcdc741

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2023-09-15 02:28:45 UTC
FEDORA-2023-46bfc5b2b5 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-46bfc5b2b5`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-46bfc5b2b5

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2023-09-15 02:29:53 UTC
FEDORA-EPEL-2023-2ba5671ec0 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2ba5671ec0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 12 Fedora Update System 2023-09-15 02:31:39 UTC
FEDORA-EPEL-2023-812b5a7f61 has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-812b5a7f61

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 13 Fedora Update System 2023-09-15 02:34:39 UTC
FEDORA-EPEL-2023-ddbc2dcc48 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ddbc2dcc48

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 14 Fedora Update System 2023-09-23 00:16:57 UTC
FEDORA-2023-46bfc5b2b5 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 15 Fedora Update System 2023-09-23 00:41:48 UTC
FEDORA-EPEL-2023-812b5a7f61 has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 16 Fedora Update System 2023-09-23 00:59:32 UTC
FEDORA-EPEL-2023-2ba5671ec0 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 17 Fedora Update System 2023-09-23 01:11:44 UTC
FEDORA-2023-157dcdc741 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 18 Fedora Update System 2023-09-23 01:20:00 UTC
FEDORA-EPEL-2023-ddbc2dcc48 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 19 Fedora Update System 2023-09-23 01:30:30 UTC
FEDORA-2023-2788e05bf3 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.