On Mon, Aug 11, 2008 at 2:44 PM, Charles Bacon <[EMAIL PROTECTED]> wrote:
> On Aug 11, 2008, at 12:46 PM, I8abyte wrote:
>
>>> 2) Show us the command (and output) you're using to check the extensions
>>
>> grid-cert-info:
>
> Is that just "grid-cert-info", or "grid-cert-info -file /path/to/proxy"?
When I posted this it was the later, a plain: grid-cert-info -file
/tmp/x509up_u<UID>
I typically change the proxy's location to reside in my ~/.globus
directory. I get the same lingering result either way. My personal
cert (usercred.p12) does not have a pathlen set either.
And, when I grab a proxy via 'grid-prox-init -path-length <l>' where
"l" has been any positive integer the "pathlen" extension *never*
shows up. I was under the impression from an earlier comment you made
that was the option which would set that, but the option description
> This stuff about trying to keep things secret is getting in the way of
> debugging, and I don't think the things you're hiding are things you need to
> keep secret. The only secret thing out of your hostname, DN, public key,
> private key is your private key.
I'm not trying to be difficult, I have to type in this stuff by hand
and I typically snip out the relevant bits in the interest of brevity.
I'm also testing with my personal account and it's not appropriate
for me to publish some of it.
>
> "grid-cert-info" all by itself will not show a path-length restriction.
> Your certificate probably doesn't have one. But your proxy will. Show
> both the command and the output of:
> openssl x509 -in /tmp/x509up_u`id -u` -noout -text
"pathlen" is *not* set anywhere in my personal and 'grid-proxy-init'
issued proxy certs:
openssl x509 -in /tmp/x509up_u`id -u` -noout -text
...
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
1.2.6.1.5.5.7.1.14: critical
0....0
...
My root CA has a pathlen of "3" and my second-level CA has a pathlen
"2". My personal cert does not have a pathlen set and never has any
of my proxy certs displayed one.
BTW, thanks for your help so far!
