Menu
▾
▴
Re: [Openca-ocspd] Building ocspd from files from github
|
From: o h. <oh...@ya...> - 2019-04-18 16:16:13
|
[Added the mailing list back into the email... Sorry]
On Thursday, April 18, 2019, 3:04:24 PM UTC, o haya <oh...@ya...> wrote:
I ran the ocspd pointing to our configuration and it looks like this is where it is blowing up:
./ocspd -c /apps/oracle/ocspd/etc/ocspd/ocspd.xml -debug -stdout
...
Apr 18 14:57:37 2019 GMT [10335] INFO: [config.c:394] [DEBUG] Building CA List
Apr 18 14:57:37 2019 GMT [10335] GENERAL: Processing Configuration for [CA: EntrustCA.crl]
Apr 18 14:57:37 2019 GMT [10335] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
Apr 18 14:57:37 2019 GMT [10335] INFO: [config.c:623] [DEBUG] CRL Downloading Process Started [CA: EntrustCA.crl, URL: file:///apps/oracle/crl/golden/EntrustCA.crl]
Apr 18 14:57:37 2019 GMT [10335] INFO: [config.c:837] [DEBUG] CRL loaded successfully [URL: file:///apps/oracle/crl/golden/EntrustCA.crl]
Apr 18 14:57:37 2019 GMT [10335] INFO: [crl.c:213] [DEBUG] Got the public key from the CA cert [Scheme: RSA, Key Size: 2048]
Segmentation fault (core dumped)
On Thursday, April 18, 2019, 2:49:28 PM UTC, o haya <oh...@ya...> wrote:
Hi,
Oh oh... I got the following when I ran ocspd using our normal config files, etc.:
[root@ip-192-168-0-95 init.d]# ./ocspd-bugfixes start
Starting OCSP Responder: ./ocspd-bugfixes: line 39: 10259 Segmentation fault (core dumped) ${ocspd} -c "${conf}" -d
Error, check logs!
Where do I look for the logs that it is mentioning?
Jim
On Thursday, April 18, 2019, 10:59:51 AM UTC, Martin Hecht <he...@hl...> wrote:
Hi Jim,
looks good so far. You still have the example files in the config (the
College ca, Darmouth and example Token configurations, and as far as I
can see you have not configured your own CRL location, ca cert etc.).
At least in my environment it did not work to the point where it sais
"NOTICE: Exiting, Glad to serve you, Master!" in debug mode. It has
crashed earlier, but maybe it's something with loading the certificate
or the crl from file. But maybe you don't run into that problem (e.g.
because your ca uses different algorithms).
Martin
On 4/18/19 12:36 PM, o haya wrote:
> Hi Martin,
> I applied the patch file to general.h, and I was able to do the make and make install (FYI, I built the libpki and ocspd into /apps/oracle/libpki-bugfixes and /apps/oracle/ocspd-bugfixes, respectively).
>
> Then, I did a test on RHEL 6.10, and I *think* it worked???
>
> Here's the "-debug -stdout" output:
> [orcladmin@ip-192-168-0-95 sbin]$ $ocspd -c $conf -debug -stdout
>
> OpenCA's OCSP Responder - v3.1.2 (Build: Thu Apr 18 10:21:33 UTC 2019)
> (c) 2002-2018 by Massimiliano Pala and OpenCA Project
> OpenCA licensed software
>
> Apr 18 10:31:30 2019 GMT [9346] GENERAL: OpenCA OCSPD v3.1.2 (Thu Apr 18 10:21:33 UTC 2019)- starting.
> Apr 18 10:31:30 2019 GMT [9346] INFO: [token.c:2574] [DEBUG] ERROR, can not load directory /home/orcladmin/.libpki/profile.d!
> Apr 18 10:31:30 2019 GMT [9346] INFO: [token.c:831] [DEBUG] Can not load profiles (/home/orcladmin/.libpki/profile.d)
>
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:866] [DEBUG] Skipping file ..
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:866] [DEBUG] Skipping file .
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:876] [DEBUG] Loading file /apps/oracle/ocspd-bugfixes/etc/ocspd/ca.d/collegeca.xml
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:892] [DEBUG] Loaded /apps/oracle/ocspd-bugfixes/etc/ocspd/ca.d/collegeca.xml file
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:876] [DEBUG] Loading file /apps/oracle/ocspd-bugfixes/etc/ocspd/ca.d/self-certs.xml
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:892] [DEBUG] Loaded /apps/oracle/ocspd-bugfixes/etc/ocspd/ca.d/self-certs.xml file
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1]
> Apr 18 10:31:30 2019 GMT [9346] INFO: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1
> Apr 18 10:31:30 2019 GMT [9346] INFO: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1]
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1]
> Apr 18 10:31:30 2019 GMT [9346] INFO: [config.c:394] [DEBUG] Building CA List
> Apr 18 10:31:30 2019 GMT [9346] GENERAL: Processing Configuration for [CA: Dartmouth]
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
> Apr 18 10:31:30 2019 GMT [9346] INFO: [pki_socket.c:105] [DEBUG] Creating a SECURE connection (SSL/TLS)
> Apr 18 10:32:33 2019 GMT [9346] ERROR: Socket Connect failed (Unknown host)!
> Apr 18 10:32:33 2019 GMT [9346] ERROR: Socket _Connect failed (Unknown host)
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [pki_socket.c:156] [ERROR] Can not create network connection to collegeca.dartmouth.edu:443
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [pki_x509_io.c:227] Null Memory Pointer => No data returned from URL []
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [config.c:475] [ERROR] Can not get CA cert [CA: https://collegeca.dartmouth.edu/certs/DartmouthCA.cer, URL: Dartmouth]
> Apr 18 10:32:33 2019 GMT [9346] GENERAL: Processing Configuration for [CA: MySelf]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [pki_x509_io.c:227] Null Memory Pointer => No data returned from URL [▒ T]
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [config.c:475] [ERROR] Can not get CA cert [CA: etc/ocspd/certs/cacert.pem, URL: MySelf]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:784] [DEBUG] GOT SEARCH PATHS => 1
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:797] [DEBUG] SEARCHING FOR ocspServerToken in dir /apps/oracle/ocspd-bugfixes/etc/ocspd/pki/token.d
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:692] [DEBUG] Processing file [..]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:696] [DEBUG] Skipping ..
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:692] [DEBUG] Processing file [eracom.xml]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:710] [DEBUG] Opening File /apps/oracle/ocspd-bugfixes/etc/ocspd/pki/token.d/eracom.xml
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:722] [DEBUG] Getting Name Param...
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:728] [DEBUG] Got Name::Eracom
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:692] [DEBUG] Processing file [software.xml]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:710] [DEBUG] Opening File /apps/oracle/ocspd-bugfixes/etc/ocspd/pki/token.d/software.xml
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:722] [DEBUG] Getting Name Param...
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:728] [DEBUG] Got Name::ocspServerToken
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:736] [DEBUG] File successfully loaded /apps/oracle/ocspd-bugfixes/etc/ocspd/pki/token.d/software.xml
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:801] [DEBUG] FOUND => ocspServerToken [/apps/oracle/ocspd-bugfixes/etc/ocspd/pki/token.d]
> Apr 18 10:32:33 2019 GMT [9346] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /tokenConfig/password, Position: -1]
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [pki_x509_io.c:227] Null Memory Pointer => No data returned from URL [ ▒R]
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [token.c:692] Can not load Token certificate
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [token.c:839] Can not load Token's Profile => ocspServerToken
> Apr 18 10:32:33 2019 GMT [9346] ERROR: [core.c:42] [ERROR] Can not load default token (/apps/oracle/ocspd-bugfixes/etc/ocspd/ocspd.xml/ocspServerToken)
> Apr 18 10:32:33 2019 GMT [9346] NOTICE: Exiting, Glad to serve you, Master!
> [orcladmin@ip-192-168-0-95 sbin]$
>
>
>
> When I ran the test.sh:
> [orcladmin@ip-192-168-0-95 bin]$ ./test.sh
>
> OCSP Test Script
> (c) 2006 by Massimiliano Pala and OpenCA Team
>
> Test 78 requests (serial 123):
> [111111111111111111111111111111111111111111111111111111111111111111111111111111
> real 0m0.255s
> user 0m0.149s
> sys 0m0.035s
> ]
>
>
> Does that look all right? I mean is the ocspd-bugfixes look like it is working?
>
>
>
>
> Jim
>
|