Re: [Openca-ocspd] Building ocspd from files from github

[o h. <oh...@ya...>]

 Hi,
I think that I needed to also run the patch that you provided awhile ago.
After I did that, I was able to build ocspd.
However, I am having trouble running the new ocspd.
I get the following when only the self-cert.xml is in the ca.d directory:
[orcladmin@ip-192-168-0-95 sbin]$ ls /apps/oracle/ocspd-bugfixes-2/etc/ocspd/ca.d                                                    

BACKUP  self-certs.xml

[orcladmin@ip-192-168-0-95 sbin]$ /apps/oracle/ocspd-bugfixes-2/sbin/ocspd -c /apps/oracle/ocspd-bugfixes-2/etc/ocspd/ocspd.xml -debug -stdout -v

OpenCA's OCSP Responder - v3.1.2 (Build: Fri Apr 26 20:37:46 UTC 2019)
(c) 2002-2018 by Massimiliano Pala and OpenCA Project
    OpenCA licensed software

Apr 26 21:10:05 2019 GMT [18470] GENERAL: OpenCA OCSPD v3.1.2 (Fri Apr 26 20:37:46 UTC 2019)- starting.
Apr 26 21:10:05 2019 GMT [18470] INFO: [token.c:2574] [DEBUG] ERROR, can not load directory /home/orcladmin/.libpki/profile.d!
Apr 26 21:10:05 2019 GMT [18470] INFO: [token.c:831] [DEBUG] Can not load profiles (/home/orcladmin/.libpki/profile.d)

Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:866] [DEBUG] Skipping file ..
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:866] [DEBUG] Skipping file .
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:866] [DEBUG] Skipping file BACKUP
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:876] [DEBUG] Loading file /apps/oracle/ocspd-bugfixes-2/etc/ocspd/ca.d/self-certs.xml
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:892] [DEBUG] Loaded /apps/oracle/ocspd-bugfixes-2/etc/ocspd/ca.d/self-certs.xml file
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/security/chrootDir, Position: -1]
Apr 26 21:10:05 2019 GMT [18470] INFO: [config.c:277] [DEBUG] Selected response digest algorithm: SHA1
Apr 26 21:10:05 2019 GMT [18470] INFO: [config.c:298] [DEBUG] Selected signature digest algorithm: SHA256
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbUrl, Position: -1]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /serverConfig/general/dbPersistant, Position: -1]
Apr 26 21:10:05 2019 GMT [18470] INFO: [config.c:394] [DEBUG] Building CA List
Apr 26 21:10:05 2019 GMT [18470] GENERAL: Processing Configuration for [CA: MySelf]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /caConfig/caCertValue, Position: -1]
Apr 26 21:10:05 2019 GMT [18470] ERROR: [pki_x509_io.c:227] Null Memory Pointer => No data returned from URL []
Apr 26 21:10:05 2019 GMT [18470] ERROR: [config.c:475] [ERROR] Can not get CA cert [CA: etc/ocspd/certs/cacert.pem, URL: MySelf]
Apr 26 21:10:05 2019 GMT [18470] INFO: Configuration loaded and parsed
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:784] [DEBUG] GOT SEARCH PATHS => 1
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:797] [DEBUG] SEARCHING FOR ocspServerToken in dir /apps/oracle/ocspd-bugfixes-2/etc/ocspd/pki/token.d
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:692] [DEBUG] Processing file [..]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:696] [DEBUG] Skipping ..
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:692] [DEBUG] Processing file [eracom.xml]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:710] [DEBUG] Opening File /apps/oracle/ocspd-bugfixes-2/etc/ocspd/pki/token.d/eracom.xml
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:722] [DEBUG] Getting Name Param...
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:728] [DEBUG] Got Name::Eracom
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:692] [DEBUG] Processing file [software.xml]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:710] [DEBUG] Opening File /apps/oracle/ocspd-bugfixes-2/etc/ocspd/pki/token.d/software.xml
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:722] [DEBUG] Getting Name Param...
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:728] [DEBUG] Got Name::ocspServerToken
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:736] [DEBUG] File successfully loaded /apps/oracle/ocspd-bugfixes-2/etc/ocspd/pki/token.d/software.xml
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:801] [DEBUG] FOUND => ocspServerToken [/apps/oracle/ocspd-bugfixes-2/etc/ocspd/pki/token.d]
Apr 26 21:10:05 2019 GMT [18470] INFO: [pki_config.c:412] [DEBUG] Element Not Found [Search: /tokenConfig/password, Position: -1]
Apr 26 21:10:05 2019 GMT [18470] ERROR: [pki_x509_io.c:227] Null Memory Pointer => No data returned from URL [▒▒▒]
Apr 26 21:10:05 2019 GMT [18470] ERROR: [token.c:692] Can not load Token certificate
Apr 26 21:10:05 2019 GMT [18470] ERROR: [token.c:839] Can not load Token's Profile => ocspServerToken
Apr 26 21:10:05 2019 GMT [18470] ERROR: [core.c:42] [ERROR] Can not load default token (/apps/oracle/ocspd-bugfixes-2/etc/ocspd/ocspd.xml/ocspServerToken)
Apr 26 21:10:05 2019 GMT [18470] NOTICE: Exiting, Glad to serve you, Master!


In other words, it just starts and then dies/exits.
Jim







    On Friday, April 26, 2019, 5:58:40 PM UTC, o haya via Openca-ocspd <ope...@li...> wrote:  
 
  Hi Martin,
So I should just download this ZIP and re-build libpki:
https://github.com/mrbaseman/libpki/tree/bugfixes
?
Do I have to wait for a merge?  Or do I just download the above?
Thanks,Jim

    On Thursday, April 25, 2019, 3:06:45 PM UTC, Martin Hecht <he...@hl...> wrote:  
 
 Hi Jim,

I think I have found the problem, at least with
https://github.com/mrbaseman/libpki/commit/34fe3f3febb37f7b40cc03bc4f8dd99dbab209f7
ocspd loads our crl when compiled on SL 6 and does not crash anymore.
The commit is in my "bugfixes" branch.

@Max: It has been added to #41 for libpki, and I have also opened #46
for ocspd for building it on RHEL 6.x and derivates

Cheers, Martin

On 4/19/19 1:24 AM, o haya via Openca-ocspd wrote:
>  Hi,
> Do you have any idea about what is causing the segfault?  It seems like the only CRL it works with now is the collegeca one (at least for me).  What is it about the collegeca one that allows it to work?
> Thanks,Jim
>
>

  _______________________________________________
Openca-ocspd mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openca-ocspd