From: ben.laskowski <ben...@gm...> - 2012-05-30 20:35:46
|
I am having some trouble with the auto certificate issuing daemon in OpenCA v 1.1.0. The daemon starts and successfully signs and returns a number of certificates, but then stops working without warning. I applied all the patches for v1.1.0 but it did not seem to help… I did notice that the published patches have a lower version number than the files that are included in the source for v1.1.0. I am using libpki-0.6.5, openca-tools-1.3.0, and openca-base-1.1.0. All packages are built from source on CentOS 5.6 64-bit. After the auto daemon dies, its deactivation time is reported as “Wed Dec 31 19:00:00 1969”. Due to the “MySQL server has gone away” errors in the log file, I have tried increasing the MySQL database timeout to its maximum value of 31,536,000 seconds, but this did not seem to make a difference. Max's post at http://sourceforge.net/mailarchive/forum.php?thread_name=4B835C8B.7060107%40cs.dartmouth.edu&forum_name=openca-users makes it sound like this problem has been fixed, but it is not clear to me in which version, or if I need to patch additional files to make this work reliably. Relevant sections of stderr.log are as follows: [Auto Certificate Issuing enabled via Web interface] initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. libGetPidProcessStatus::Pidfile does not exists! cmds->advanced_csr: LOANames: 1 cmds->advanced_csr: LOANames: 2 cmds->advanced_csr: LOANames: 3 cmds->advanced_csr: LOANames: 4 cmds->advanced_csr: LOANames: 5 OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. libGetPidProcessStatus::Pidfile does not exists! OpenCA::Crypto->getToken: entering function OpenCA::Crypto->getToken: CA OpenCA::Crypto->getToken: token added OpenCA::Crypto->getToken: token is present OpenCA::Crypto->getToken: token is usable OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell initServer: BrowserSupportedLanguage(s) [en-us,en;q=0.5] initServer: BrowserSupportedCharset(s) [] select language: en initServer: setLanguage: setEncoding for log return utf-8 initServer: setLanguage: en_GB :: utf-8 initServer: setLanguage: setEncoding for log return UTF-8 initServer: setLanguage: en_GB :: UTF-8 Issuing rollback() for database handle being DESTROY'd without explicit disconnect() at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 900. OpenCA::Crypto->getToken: entering function OpenCA::Crypto->getToken: CA OpenCA::Crypto->getToken: token added OpenCA::Crypto->getToken: token is present OpenCA::Crypto->getToken: token is usable OpenCA::OpenSSL->dataConvert: resetting error from -1 to 0. OpenCA::OpenSSL->dataConvert: resetting errno from 7700110 to 0. OpenCA::OpenSSL->setError: errno: 0 OpenCA::OpenSSL->setError: errval: OpenCA::OpenSSL->dataConvert: passwd is set OpenCA::OpenSSL->dataConvert: inpwd is set OpenCA::OpenSSL->dataConvert: outpwd is set OpenCA::OpenSSL->dataConvert: command=pkcs8 -passin env:inpwd -passout env:outpwd -out /opt/openca/var/openca/tmp/7484_cnv.tmp -in /opt/openca/var/openca/crypto/keys/cakey.pem -topk8 -outform PEM -inform PEM OpenCA::OpenSSL->dataConvert: using infile OpenCA::OpenSSL->_execute_command: entering function OpenCA::OpenSSL->_start_shell: try to start shell OpenCA::OpenSSL->_start_shell: | /usr/bin/openssl 1>/opt/openca/var/openca/tmp/7484_stdout.log 2>/opt/openca/var/openca/tmp/7484_stderr.log OpenCA::OpenSSL->_start_shell: shell started OpenCA::OpenSSL->_execute_command: pkcs8 -passin env:inpwd -passout env:outpwd -out /opt/openca/var/openca/tmp/7484_cnv.tmp -in /opt/openca/var/openca/crypto/keys/cakey.pem -topk8 -outform PEM -inform PEM OpenCA::OpenSSL->_execute_command: executed OpenCA::OpenSSL->_execute_command: command executed - stopping shell OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_execute_command: check for error OpenCA::OpenSSL->_execute_command: detected error log OpenCA::OpenSSL->_execute_command: stderr: OpenCA::OpenSSL->_execute_command: leaving successful (return: 1) OpenCA::OpenSSL->dataConvert: openssl itself successful OpenCA::OpenSSL->dataConvert: passphrases deleted OpenCA::OpenSSL->dataConvert: return result like follows OpenCA::OpenSSL->dataConvert: -----BEGIN ENCRYPTED PRIVATE KEY----- [key omitted] -----END ENCRYPTED PRIVATE KEY----- DBD::mysql::db commit failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3549. DBD::mysql::db commit failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3549. OpenCA::OpenSSL->_stop_shell: try to stop shell OpenCA::OpenSSL->_stop_shell: try to stop shell [Begin certificate requests via SCEP interface] [166 certificates successfully signed and returned] DBD::mysql::db rollback failed: MySQL server has gone away at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/DBI.pm line 3530. OpenCA: General error trapped 700: The compilation of the command cmdStartAutoCA failed. Can't use an undefined value as a HASH reference at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/X509.pm line 671.<br> Compilation failed in require at /opt/openca/etc/openca/openca_start line 65. OpenCA::OpenSSL->_stop_shell: try to stop shell I would appreciate any direction you can provide. Please let me know if any additional information would be helpful. -- View this message in context: http://old.nabble.com/Auto-Certificate-Issuing-Daemon-dies-tp33934571p33934571.html Sent from the openca-users mailing list archive at Nabble.com. |