[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [geclipse-dev] Grid Certificates Problem
|
Hi all,
The problem is general. Our soft does not work with symbolic links in
archives.
The quickfix for this is to fetch certificates in old format (which are
still available, but I don't know for how long).
You find them under this URL:
http://dist.eugridpma.info/distribution/igtf/current-old/accredited/tgz/
note 'current-old' instead of 'current'.
Window->Preferences: g-Eclipse->Security: Import
pass this URL into the URI field.
Then "select all" and import.
--
Mateusz Pabiś
W dniu 2011-05-12 09:06, Nicholas Loulloudes pisze:
> Hi Mathias, all,
>
> How are you?
>
> I wanted to add-up on Antriani's email. We recently discovered that
> EuGridPMA changed the distribution format of CA certs. This change was
> due to the wake of OpenSSL v1, and become effective after CA cert
> distribution v1.33. At v1.34, the new format become the default format.
> As Antriani mentioned, the EuGridPMA so far provides the CA cert
> distribution in both formats, but I am not sure how long this transition
> phase will last.
>
> I had a quick look into our code that makes the cert import, and it
> seems that our parser does not work for the new format. If someone can
> verify this as well, then we can go ahead and provide the necessary patch.
>
> Best,
> Nicholas.
>
> Mathias Stümpert wrote:
>> Dear Antriani,
>>
>> I can think of two reasons for your problem:
>>
>> 1) The standard JCE is not "strong" enough to decrypt the certs you
>> are trying to import
>> 2) One of the certs you are trying to import may be corrupt or may
>> contain unsupported extensions
>>
>> For a solution of 1) see the help content for g-Eclipse:
>>
>> <cite>
>>
>> * download the "Java Cryptography Extension Unlimited Strength
>> Jurisdiction Policy Files" from
>> http://java.sun.com/javase/downloads (or the corresponding site
>> if you have another Java version)
>> * unpack that file and follow the instructions in the README. You
>> only need to copy the two policy files into the right path in
>> your Java installation, namely: *$JAVA_HOME/jre/lib/security*
>>
>> </cite>
>>
>> For a solution of 2) I recommend to try to import one cert after the
>> other to see if the problem is a general one or only occurs for one
>> specific cert.
>>
>> Cheers, Mathias
>>
>>
>>> Hi all,
>>>
>>> I have been using g-Eclipse to extend it with social functionality.
>>>
>>> I had a problem with the importing of the grid certificates -
>>> I was getting a parsing error after the change of the certificate format.
>>> I temporally solved the problem by using
>>> http://dist.eugridpma.info/distribution/igtf/current-old/accredited/tgz/
>>> instead of
>>> http://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/.
>>>
>>> Now the current-old fails for some certificates giving :
>>>
>>> Plug-In:
>>> eu.geclipse.core
>>>
>>> Contact Address:
>>> N/A
>>>
>>> Description:
>>> Unable to load certificate
>>>
>>> Reasons:
>>> N/A
>>>
>>> Proposed Solutions:
>>> N/A
>>>
>>> Stacktrace:
>>> eu.geclipse.core.reporting.ProblemException: Unable to load certificate
>>> at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:163)
>>> at
>>> eu.geclipse.ui.internal.preference.SecurityPreferencePage.addCertificates(SecurityPreferencePage.java:335)
>>> at
>>> eu.geclipse.ui.internal.preference.SecurityPreferencePage$11.run(SecurityPreferencePage.java:373)
>>> at
>>> org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
>>> Caused by: java.security.cert.CertificateException: Could not parse
>>> certificate: java.io.IOException: DerInputStream.getLength():
>>> lengthTag=11, too big.
>>> at
>>> sun.security.provider.X509Factory.engineGenerateCertificate(Unknown
>>> Source)
>>> at java.security.cert.CertificateFactory.generateCertificate(Unknown
>>> Source)
>>> at eu.geclipse.core.security.X509Util.loadCertificate(X509Util.java:159)
>>> ... 3 more
>>> Caused by: java.io.IOException: DerInputStream.getLength():
>>> lengthTag=11, too big.
>>> at sun.security.util.DerInputStream.getLength(Unknown Source)
>>> at sun.security.util.DerValue.init(Unknown Source)
>>> at sun.security.util.DerValue.<init>(Unknown Source)
>>> ... 6 more
>>>
>>>
>>> when i try to import them.
>>>
>>> Thanks,
>>> Antriani Stylianou
>>> University of Cyprus
>>>
>>>
>>> _______________________________________________
>>> geclipse-dev mailing list
>>> geclipse-dev@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> geclipse-dev mailing list
>> geclipse-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
>>
>
>
> --
>
> ________________________________________________________
> Nicholas Loulloudes
> PhD Candidate,
> Department of Computer Science,
> University of Cyprus,
> Nicosia, Cyprus
>
> Tel: +357-22892663
> Email: loulloudes.n[at]cs.ucy.ac.cy
> Web: www.cs.ucy.ac.cy/~nickl <http://www.cs.ucy.ac.cy/%7Enickl>
> VSense: vsense.cs.ucy.ac.cy <http://vsense.cs.ucy.ac.cy>
> ________________________________________________________
>
>
>
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev