507746 – Configure TPS/RA to listen on Ipv4 and Ipv6

Bug 507746 - Configure TPS/RA to listen on Ipv4 and Ipv6

Summary: Configure TPS/RA to listen on Ipv4 and Ipv6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	TPS
Sub Component:
Version:	1.1
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Matthew Harmsen
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	443788
TreeView+	depends on / blocked

Reported:	2009-06-24 00:12 UTC by Jack Magne
Modified:	2015-01-06 01:19 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-07-22 23:36:44 UTC
Embargoed:

Attachments	(Terms of Use)
IPv6 changes for RA/TPS/native-tools (24.66 KB, patch) 2009-06-24 23:40 UTC, Matthew Harmsen	no flags	Details \| Diff
IPv6 changes for RA/TPS/native-tools (dogtag) (3.14 KB, patch) 2009-06-24 23:41 UTC, Matthew Harmsen	no flags	Details \| Diff
View All

Description Jack Magne 2009-06-24 00:12:34 UTC

Description of problem:


There is a very simple change we need for the RA and TPS "nss.conf" , Apache config files to get the servers to listen on both Ipv4 and Ipv6.

It involves changing the "Listen" directives to something like this:

Listen 7890


To date, we have been using Ipv4 specific form of this directive.

Comment 1 Matthew Harmsen 2009-06-24 00:20:55 UTC

Reminder:  Also make this change to the "httpd.conf" file for the unsecure port.

Comment 2 Matthew Harmsen 2009-06-24 23:07:23 UTC

This bug will also required changing ALL "ldap_init(host,port)" calls to IPv6-aware "prldap_init(host,port,1)" calls.

Additionally, several native-tools were changed to be IPv6-aware.

Comment 3 Matthew Harmsen 2009-06-24 23:40:44 UTC

Created attachment 349317 [details]
IPv6 changes for RA/TPS/native-tools

Comment 4 Matthew Harmsen 2009-06-24 23:41:11 UTC

Created attachment 349318 [details]
IPv6 changes for RA/TPS/native-tools (dogtag)

Comment 5 Jack Magne 2009-06-24 23:49:50 UTC

Attachments (id=49317) (id=349318) +jmagne.

Comment 6 Matthew Harmsen 2009-06-24 23:57:04 UTC

cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      native-tools/src/sslget/sslget.c
M      native-tools/src/setpin/setpin.c
M      native-tools/src/bulkissuance/bulkissuance.c
M      native-tools/src/revoker/revoker.c
M      ra/apache/conf/httpd.conf
M      ra/apache/conf/nss.conf
M      ra/etc/init.d/httpd
M      tps/src/authentication/LDAP_Authentication.cpp
M      tps/src/include/tus/tus_db.h
M      tps/src/tus/tus_db.c
M      tps/tools/tus/test.c
M      tps/apache/conf/httpd.conf
M      tps/apache/conf/nss.conf
M      tps/etc/init.d/httpd

% svn commit
Sending        base/native-tools/src/bulkissuance/bulkissuance.c
Sending        base/native-tools/src/revoker/revoker.c
Sending        base/native-tools/src/setpin/setpin.c
Sending        base/native-tools/src/sslget/sslget.c
Sending        base/ra/apache/conf/httpd.conf
Sending        base/ra/apache/conf/nss.conf
Sending        base/ra/etc/init.d/httpd
Sending        base/tps/apache/conf/httpd.conf
Sending        base/tps/apache/conf/nss.conf
Sending        base/tps/etc/init.d/httpd
Sending        base/tps/src/authentication/LDAP_Authentication.cpp
Sending        base/tps/src/include/tus/tus_db.h
Sending        base/tps/src/tus/tus_db.c
Sending        base/tps/tools/tus/test.c
Transmitting file data ..............
Committed revision 653.


cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      native-tools/pki-native-tools.spec
M      ra/pki-ra.spec
M      tps/pki-tps.spec

% svn commit
Sending        dogtag/native-tools/pki-native-tools.spec
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/tps/pki-tps.spec
Transmitting file data ...
Committed revision 654.

Comment 8 Kashyap Chamarthy 2009-07-05 15:31:39 UTC

RA works fine with both IPv4 & IPv6 urls in the browser....

But TPS fails at the "Authentication Directory" panel(just like on the bane machine..)



=============================================
[root@neo logs]# tail -50 /var/lib/pki-tps/error_log 
[Sun Jul 05 08:24:49 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:00 2009] [info] Subsequent (No.9) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.9) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.11) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.14) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.10) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.12) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:02 2009] [info] Subsequent (No.15) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:02 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:10 2009] [info] Subsequent (No.11) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.11) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.13) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.16) HTTPS request received for child 13 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 15 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 18 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 17 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.12) HTTPS request received for child 16 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:11 2009] [info] Subsequent (No.14) HTTPS request received for child 14 (server neo.dsdev.sjc.redhat.com:7890)
[Sun Jul 05 08:25:11 2009] [error] [client 10.14.1.24] File does not exist: /var/lib/pki-tps/docroot/img, referer: https://neo.dsdev.sjc.redhat.com:7890/css/pki-360.css
[Sun Jul 05 08:25:26 2009] [info] Connection to child 13 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 15 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 18 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 17 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 16 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
[Sun Jul 05 08:25:26 2009] [info] Connection to child 14 closed (server neo.dsdev.sjc.redhat.com:7890, client 10.14.1.24)
===================================================

Comment 9 Jack Magne 2009-07-06 16:57:58 UTC

When we tested, this all worked fine. Will look at it.

Comment 10 Kashyap Chamarthy 2009-07-07 07:14:28 UTC

Verified(on CS8 RC2). with the PKI_HOSTNAME=neo.dsdev.sjc.redhat.com and appropriate DN for authentication database did the trick.

Jack, sorry for the confusion.

Note You need to log in before you can comment on or make changes to this bug.