URL:
<http://savannah.cern.ch/bugs/?98088>
Summary: libXrdSecgsi is overly verbose at "low" debug level
Project: XROOTD
Submitted by: iven
Submitted on: 2012-10-10 17:01
Severity: 2 - Minor
Priority: 3 - Low
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Fixed by commit(s):
_______________________________________________________
Details:
Example is from "xrdcp -d 1 ...", version 3.2.5-1
121010 16:32:13 8296 secgsi_Init: option CACheck: 1
121010 16:32:13 8296 secgsi_Init: using CA dir(s):
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_Init: option CRLCheck: 1 ('use-if-available';
download? no)
121010 16:32:13 8296 secgsi_Init: using CRL dir(s):
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_Init: CRL information refreshed every 86400 secs
121010 16:32:13 8296 sut_Cache::Init: cache allocated for 100 entries
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active
entries)
121010 16:32:13 8296 sut_Cache::Init: cache allocated for 2 entries
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active
entries)
121010 16:32:13 8296 secgsi_InitOpts: ***
------------------------------------------------------------ ***
121010 16:32:13 8296 secgsi_InitOpts: Mode: client
121010 16:32:13 8296 secgsi_InitOpts: Debug: 1
121010 16:32:13 8296 secgsi_InitOpts: CA dir:
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_InitOpts: CA verification level: 1
121010 16:32:13 8296 secgsi_InitOpts: CRL dir:
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_InitOpts: CRL extension: .r0
121010 16:32:13 8296 secgsi_InitOpts: CRL check level: 1
121010 16:32:13 8296 secgsi_InitOpts: CRL refresh time: 86400
121010 16:32:13 8296 secgsi_InitOpts: Certificate:
/etc/grid-security/hostcert.pem
121010 16:32:13 8296 secgsi_InitOpts: Key: /etc/grid-security/hostkey.pem
121010 16:32:13 8296 secgsi_InitOpts: Proxy file:
/tmp/sls-xrdcp-proxy.ppmN8289
121010 16:32:13 8296 secgsi_InitOpts: Proxy validity: 12:00
121010 16:32:13 8296 secgsi_InitOpts: Proxy dep length: 0
121010 16:32:13 8296 secgsi_InitOpts: Proxy bits: 512
121010 16:32:13 8296 secgsi_InitOpts: Proxy sign option: 1
121010 16:32:13 8296 secgsi_InitOpts: Proxy delegation option: 0
121010 16:32:13 8296 secgsi_InitOpts: Allowed server names: [*/]<target host
name>[/*]
121010 16:32:13 8296 secgsi_InitOpts: Crypto modules: ssl
121010 16:32:13 8296 secgsi_InitOpts: Ciphers:
aes-128-cbc:bf-cbc:des-ede3-cbc
121010 16:32:13 8296 secgsi_InitOpts: MDigests: sha1:md5
121010 16:32:13 8296 secgsi_InitOpts: ***
------------------------------------------------------------ ***
sec_PM: Using gsi protocol, args='v:10300,c:ssl,ca:1d879c6c.0'
121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: constructing: host:
eosatlassrv3.cern.ch
121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: p: gsi, plen: 4
121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: mode: client
121010 16:32:13 8296 secgsi_XrdSecProtocolgsi: object created: v..
121010 16:32:13 8296 secgsi_ParseCrypto: parsing list: ssl
121010 16:32:13 8296 secgsi_ParseCrypto: found module: ssl
121010 16:32:13 8296 crypto_Factory::GetCryptoFactory: loading ssl crypto
factory object from libXrdCrypto.so
121010 16:32:13 8296 crypto_Factory::GetCryptoFactory: loading ssl crypto
factory object from libXrdCryptossl.so
121010 16:32:13 8296 sut_Rndm::GetBuffer: enter: len: 32
121010 16:32:13 8296 sut_Rndm::Init: taking seed from /dev/urandom
121010 16:32:13 8296 secgsi_ParseCAlist: parsing list: 1d879c6c.0
121010 16:32:13 8296 secgsi_GetCA: Querying cache for tag: 1d879c6c.0:1
(timestamp:1349879533, refresh fq:86400)
121010 16:32:13 8296 secgsi_GetCA: trying to load CA certificate from
/etc/grid-security/certificates/1d879c6c.0
121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 10 extensions
121010 16:32:13 8296 secgsi_VerifyCA: Warning: CA certificate not
self-signed: integrity not checked, assuming OK (1d879c6c.0)
121010 16:32:13 8296 secgsi_LoadCRL: target file:
/etc/grid-security/certificates/1d879c6c.r0
121010 16:32:13 8296 sut_Cache::Init: cache allocated for 50 entries
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 0 active
entries)
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 50 active
entries)
121010 16:32:13 8296 secgsi_LoadCRL: CA signing certificate file =
/etc/grid-security/certificates/1d879c6c.0
121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 10 extensions
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 1 active
entries)
121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 3 extensions
121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 9 extensions
121010 16:32:13 8296 sut_Cache::Rehash: Hash table updated (found 1 active
entries)
121010 16:32:13 8296 secgsi_getCredentials: version run by server: 10300
121010 16:32:13 8296 secgsi_CheckRtag: Nothing to check
121010 16:32:13 8296 secgsi_getCredentials: Client issuer hash: 1d879c6c.0
121010 16:32:13 8296 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
121010 16:32:13 8296 sut_Rndm::GetString: got: 56sXLdru
121010 16:32:13 8296 secgsi_getCredentials: returned 101 bytes of
credentials
121010 16:32:13 8296 crypto_X509Chain::EECname: EEC not found in chain
121010 16:32:13 8296 crypto_X509Chain::EEChash: EEC not found in chain
121010 16:32:13 8296 cryptossl_X509::IsCA: certificate has 9 extensions
121010 16:32:13 8296 secgsi_getCredentials: version run by server: 10300
121010 16:32:13 8296 secgsi_CheckRtag: Random tag successfully checked
121010 16:32:13 8296 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
121010 16:32:13 8296 sut_Rndm::GetString: got: /JsnOFMk
121010 16:32:13 8296 secgsi_getCredentials: returned 3765 bytes of
credentials
Suggest to strip this down to (at most)
121010 16:32:13 8296 secgsi_InitOpts: ***
------------------------------------------------------------ ***
121010 16:32:13 8296 secgsi_InitOpts: Mode: client
121010 16:32:13 8296 secgsi_InitOpts: Debug: 1
121010 16:32:13 8296 secgsi_InitOpts: CA dir:
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_InitOpts: CA verification level: 1
121010 16:32:13 8296 secgsi_InitOpts: CRL dir:
/etc/grid-security/certificates/
121010 16:32:13 8296 secgsi_InitOpts: CRL extension: .r0
121010 16:32:13 8296 secgsi_InitOpts: CRL check level: 1
121010 16:32:13 8296 secgsi_InitOpts: CRL refresh time: 86400
121010 16:32:13 8296 secgsi_InitOpts: Certificate:
/etc/grid-security/hostcert.pem
121010 16:32:13 8296 secgsi_InitOpts: Key: /etc/grid-security/hostkey.pem
121010 16:32:13 8296 secgsi_InitOpts: Proxy file:
/tmp/sls-xrdcp-proxy.ppmN8289
121010 16:32:13 8296 secgsi_InitOpts: Proxy validity: 12:00
121010 16:32:13 8296 secgsi_InitOpts: Proxy dep length: 0
121010 16:32:13 8296 secgsi_InitOpts: Proxy bits: 512
121010 16:32:13 8296 secgsi_InitOpts: Proxy sign option: 1
121010 16:32:13 8296 secgsi_InitOpts: Proxy delegation option: 0
121010 16:32:13 8296 secgsi_InitOpts: Allowed server names: [*/]<target host
name>[/*]
121010 16:32:13 8296 secgsi_InitOpts: Crypto modules: ssl
121010 16:32:13 8296 secgsi_InitOpts: Ciphers:
aes-128-cbc:bf-cbc:des-ede3-cbc
121010 16:32:13 8296 secgsi_InitOpts: MDigests: sha1:md5
121010 16:32:13 8296 secgsi_InitOpts: ***
------------------------------------------------------------ ***
121010 16:32:13 8296 secgsi_LoadCRL: CA signing certificate file =
/etc/grid-security/certificates/1d879c6c.0
121010 16:32:13 8296 secgsi_VerifyCA: Warning: CA certificate not
self-signed: integrity not checked, assuming OK (1d879c6c.0)
121010 16:32:13 8296 secgsi_LoadCRL: target file:
/etc/grid-security/certificates/1d879c6c.r0
(does it say anything about the CRL being used?)
In particular, all the "hash" messages probably ought to be buried at debug
level 3.
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/bugs/?98088>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
