URL: <http://savannah.cern.ch/bugs/?98088> Summary: libXrdSecgsi is overly verbose at "low" debug level Project: XROOTD Submitted by: iven Submitted on: 2012-10-10 17:01 Severity: 2 - Minor Priority: 3 - Low Status: None Privacy: Public Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any Fixed by commit(s): _______________________________________________________ Details: Example is from "xrdcp -d 1 ...", version 3.2.5-1 121010 16:32:13 8296 secgsi_Init: option CACheck: 1 121010 16:32:13 8296 secgsi_Init: using CA dir(s): /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_Init: option CRLCheck: 1 ('use-if-available'; download? no) 121010 16:32:13 8296 secgsi_Init: using CRL dir(s): /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_Init: CRL information refreshed every 86400 secs 121010 16:32:13 8296 sut_Cache::Init: cache allocated for 100 entries 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active entries) 121010 16:32:13 8296 sut_Cache::Init: cache allocated for 2 entries 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active entries) 121010 16:32:13 8296 secgsi_InitOpts: *** ------------------------------------------------------------ *** 121010 16:32:13 8296 secgsi_InitOpts: Mode: client 121010 16:32:13 8296 secgsi_InitOpts: Debug: 1 121010 16:32:13 8296 secgsi_InitOpts: CA dir: /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_InitOpts: CA verification level: 1 121010 16:32:13 8296 secgsi_InitOpts: CRL dir: /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_InitOpts: CRL extension: .r0 121010 16:32:13 8296 secgsi_InitOpts: CRL check level: 1 121010 16:32:13 8296 secgsi_InitOpts: CRL refresh time: 86400 121010 16:32:13 8296 secgsi_InitOpts: Certificate: /etc/grid-security/hostcert.pem 121010 16:32:13 8296 secgsi_InitOpts: Key: /etc/grid-security/hostkey.pem 121010 16:32:13 8296 secgsi_InitOpts: Proxy file: /tmp/sls-xrdcp-proxy.ppmN8289 121010 16:32:13 8296 secgsi_InitOpts: Proxy validity: 12:00 121010 16:32:13 8296 secgsi_InitOpts: Proxy dep length: 0 121010 16:32:13 8296 secgsi_InitOpts: Proxy bits: 512 121010 16:32:13 8296 secgsi_InitOpts: Proxy sign option: 1 121010 16:32:13 8296 secgsi_InitOpts: Proxy delegation option: 0 121010 16:32:13 8296 secgsi_InitOpts: Allowed server names: [*/]<target host name>[/*] 121010 16:32:13 8296 secgsi_InitOpts: Crypto modules: ssl 121010 16:32:13 8296 secgsi_InitOpts: Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc 121010 16:32:13 8296 secgsi_InitOpts: MDigests: sha1:md5 121010 16:32:13 8296 secgsi_InitOpts: *** ------------------------------------------------------------ *** sec_PM: Using gsi protocol, args='v:10300,c:ssl,ca:1d879c6c.0' 121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: constructing: host: eosatlassrv3.cern.ch 121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: p: gsi, plen: 4 121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: mode: client 121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: object created: v.. 121010 16:32:13 8296 secgsi_ParseCrypto: parsing list: ssl 121010 16:32:13 8296 secgsi_ParseCrypto: found module: ssl 121010 16:32:13 8296 crypto_Factory::GetCryptoFactory: loading ssl crypto factory object from libXrdCrypto.so 121010 16:32:13 8296 crypto_Factory::GetCryptoFactory: loading ssl crypto factory object from libXrdCryptossl.so 121010 16:32:13 8296 sut_Rndm::GetBuffer: enter: len: 32 121010 16:32:13 8296 sut_Rndm::Init: taking seed from /dev/urandom 121010 16:32:13 8296 secgsi_ParseCAlist: parsing list: 1d879c6c.0 121010 16:32:13 8296 secgsi_GetCA: Querying cache for tag: 1d879c6c.0:1 (timestamp:1349879533, refresh fq:86400) 121010 16:32:13 8296 secgsi_GetCA: trying to load CA certificate from /etc/grid-security/certificates/1d879c6c.0 121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 10 extensions 121010 16:32:13 8296 secgsi_VerifyCA: Warning: CA certificate not self-signed: integrity not checked, assuming OK (1d879c6c.0) 121010 16:32:13 8296 secgsi_LoadCRL: target file: /etc/grid-security/certificates/1d879c6c.r0 121010 16:32:13 8296 sut_Cache::Init: cache allocated for 50 entries 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active entries) 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 50 active entries) 121010 16:32:13 8296 secgsi_LoadCRL: CA signing certificate file = /etc/grid-security/certificates/1d879c6c.0 121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 10 extensions 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 1 active entries) 121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 3 extensions 121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 9 extensions 121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 1 active entries) 121010 16:32:13 8296 secgsi_getCredentials: version run by server: 10300 121010 16:32:13 8296 secgsi_CheckRtag: Nothing to check 121010 16:32:13 8296 secgsi_getCredentials: Client issuer hash: 1d879c6c.0 121010 16:32:13 8296 sut_Rndm::GetString: enter: len: 8 (type: Crypt) 121010 16:32:13 8296 sut_Rndm::GetString: got: 56sXLdru 121010 16:32:13 8296 secgsi_getCredentials: returned 101 bytes of credentials 121010 16:32:13 8296 crypto_X509Chain::EECname: EEC not found in chain 121010 16:32:13 8296 crypto_X509Chain::EEChash: EEC not found in chain 121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 9 extensions 121010 16:32:13 8296 secgsi_getCredentials: version run by server: 10300 121010 16:32:13 8296 secgsi_CheckRtag: Random tag successfully checked 121010 16:32:13 8296 sut_Rndm::GetString: enter: len: 8 (type: Crypt) 121010 16:32:13 8296 sut_Rndm::GetString: got: /JsnOFMk 121010 16:32:13 8296 secgsi_getCredentials: returned 3765 bytes of credentials Suggest to strip this down to (at most) 121010 16:32:13 8296 secgsi_InitOpts: *** ------------------------------------------------------------ *** 121010 16:32:13 8296 secgsi_InitOpts: Mode: client 121010 16:32:13 8296 secgsi_InitOpts: Debug: 1 121010 16:32:13 8296 secgsi_InitOpts: CA dir: /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_InitOpts: CA verification level: 1 121010 16:32:13 8296 secgsi_InitOpts: CRL dir: /etc/grid-security/certificates/ 121010 16:32:13 8296 secgsi_InitOpts: CRL extension: .r0 121010 16:32:13 8296 secgsi_InitOpts: CRL check level: 1 121010 16:32:13 8296 secgsi_InitOpts: CRL refresh time: 86400 121010 16:32:13 8296 secgsi_InitOpts: Certificate: /etc/grid-security/hostcert.pem 121010 16:32:13 8296 secgsi_InitOpts: Key: /etc/grid-security/hostkey.pem 121010 16:32:13 8296 secgsi_InitOpts: Proxy file: /tmp/sls-xrdcp-proxy.ppmN8289 121010 16:32:13 8296 secgsi_InitOpts: Proxy validity: 12:00 121010 16:32:13 8296 secgsi_InitOpts: Proxy dep length: 0 121010 16:32:13 8296 secgsi_InitOpts: Proxy bits: 512 121010 16:32:13 8296 secgsi_InitOpts: Proxy sign option: 1 121010 16:32:13 8296 secgsi_InitOpts: Proxy delegation option: 0 121010 16:32:13 8296 secgsi_InitOpts: Allowed server names: [*/]<target host name>[/*] 121010 16:32:13 8296 secgsi_InitOpts: Crypto modules: ssl 121010 16:32:13 8296 secgsi_InitOpts: Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc 121010 16:32:13 8296 secgsi_InitOpts: MDigests: sha1:md5 121010 16:32:13 8296 secgsi_InitOpts: *** ------------------------------------------------------------ *** 121010 16:32:13 8296 secgsi_LoadCRL: CA signing certificate file = /etc/grid-security/certificates/1d879c6c.0 121010 16:32:13 8296 secgsi_VerifyCA: Warning: CA certificate not self-signed: integrity not checked, assuming OK (1d879c6c.0) 121010 16:32:13 8296 secgsi_LoadCRL: target file: /etc/grid-security/certificates/1d879c6c.r0 (does it say anything about the CRL being used?) In particular, all the "hash" messages probably ought to be buried at debug level 3. _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/bugs/?98088> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/ ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1