Trustmanager Changelog

Trustmanager 3.0.5 vs 3.0.3

Patch:

https://savannah.cern.ch/task/?21011

Changes

  • Bugs found by findbugs, one infinite loop, other very minor cosmetic changes.

Bugs fixed:

Configuration changes

None

Trustmanager 3.0.3 vs trustmanager/util-java 2.x

Patch:

https://savannah.cern.ch/task/?18704

Changes

  • Move to emi structure (install into /usr/share/java, not into /opt/glite)
  • restructuring into three jars: trustmanager.jar the main code, trustmanager-tomcat.jar and trustmanager-axis.jar for the tomcat and axis integration classes.

Bugs fixed:

Configuration changes

None

trustmanager 2.0.6, util-java 2.0.3

(current for glite 3.1 (rebuilt to add jdk build time dep) - no plans to update, old for glite 3.2)

Patch:

http://savannah.cern.ch/patch/?2950

Changes

Internal trustanchor handling rewritten, added support for namespaces, CAs with file ending other number than 0 and same for crls.

Bugs fixed:

Configuration changes

In tomcat server.xml:

add lines:

  • trustStoreDir="@TRUSTDIR@"
  • crlUpdateInterval="2h"
trustStoreDir should point to the /etc/grid-security/certificates or to the location that contains the CA certs, namespaces and CRLs. crlUpdateInterval defines how often the trustStoreDir is polled for changes in the files. Before default was 2h, now it is by default disabled, so it has to be explicitly enabled by defining it.

lines to remove:

  • sslCAFiles="@CAFILES@"
  • crlFiles="@CRLFILES@"
As configuration of these is handled by trustStoreDir now.

Without these changes the system works, but just like before, so without CA changes being noticed and with the vulnerability as in bug #20602.

Also on the clients the configuration should change to get the namespace checking to be enabled. Without removing the sslCAFiles and crlFiles and instead using trustStoreDir the namespaces are not checked and the old code is used. Release notes: This is a bug fixing and required code fix. The bugs fixed are listed below and there is additional code added that is needed to use the trustmanager in jetty WS container and when using slf4j.

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2011-07-21 - JoniHahkala
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EGEE All webs login

This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright & by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Ask a support question or Send feedback