Hi,
Within the last weeks we evaluated several CA's including OpenCA. Three teams
stumbled over the same mistake: They misconfigured the httpd user and group.
The result is that when accessing e.g. the initial ca page you get a white
frame and an error entry in the web server log saying:
... Undefined subroutine &main::configError called at /var/www/cgi-bin/ca/ca
line 86., referer: ...
For those not familiar with OpenCA's source code this was complete Greek. Even
experienced administrators threw the towel...
The reason for the missing error description is a bug in OpenCA's error
handling code. When there was a problem while loading the configuration you
try telling this the user by calling
configError( "Error while loading configuration ($CONFIG)!" );
But at this point the method configError() is still unknown. Only after the
configuration loaded successfully it becomes available. So at this point you
have to use the simple print function to report the error.
I attach a patch for openca-0.9.1.3 which tells the user excactly what the
problem is and what (s)he can do about it.
Comments requested :o)
Ciao!
Ronny
--
Ronny Standtke E-Mail: [EMAIL PROTECTED]
secunet SwissIT AG Mobil: + 41 79 786 81 82
Hauptbahnhofstrasse 12 Tel.: + 41 32 625 80 44
CH - 4501 Solothurn Fax: + 41 32 625 80 41
diff -rU 3 openca-0.9.1.3/src/web-interfaces/ca/ca.in openca-0.9.1.3_patched/src/web-interfaces/ca/ca.in
--- openca-0.9.1.3/src/web-interfaces/ca/ca.in 2002-11-26 11:33:03.000000000 +0100
+++ openca-0.9.1.3_patched/src/web-interfaces/ca/ca.in 2003-11-05 14:35:59.000000000 +0100
@@ -83,7 +83,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
diff -rU 3 openca-0.9.1.3/src/web-interfaces/ldap/ldap.in openca-0.9.1.3_patched/src/web-interfaces/ldap/ldap.in
--- openca-0.9.1.3/src/web-interfaces/ldap/ldap.in 2002-09-25 11:35:56.000000000 +0200
+++ openca-0.9.1.3_patched/src/web-interfaces/ldap/ldap.in 2003-11-05 14:36:15.000000000 +0100
@@ -89,7 +89,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
diff -rU 3 openca-0.9.1.3/src/web-interfaces/node/node.in openca-0.9.1.3_patched/src/web-interfaces/node/node.in
--- openca-0.9.1.3/src/web-interfaces/node/node.in 2002-11-20 15:56:08.000000000 +0100
+++ openca-0.9.1.3_patched/src/web-interfaces/node/node.in 2003-11-05 14:36:27.000000000 +0100
@@ -90,7 +90,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
diff -rU 3 openca-0.9.1.3/src/web-interfaces/pub/pki.in openca-0.9.1.3_patched/src/web-interfaces/pub/pki.in
--- openca-0.9.1.3/src/web-interfaces/pub/pki.in 2002-09-25 11:35:56.000000000 +0200
+++ openca-0.9.1.3_patched/src/web-interfaces/pub/pki.in 2003-11-05 14:36:44.000000000 +0100
@@ -89,7 +89,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
diff -rU 3 openca-0.9.1.3/src/web-interfaces/pub/scepd.in openca-0.9.1.3_patched/src/web-interfaces/pub/scepd.in
--- openca-0.9.1.3/src/web-interfaces/pub/scepd.in 2002-10-20 00:26:18.000000000 +0200
+++ openca-0.9.1.3_patched/src/web-interfaces/pub/scepd.in 2003-11-05 14:36:56.000000000 +0100
@@ -74,7 +74,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
diff -rU 3 openca-0.9.1.3/src/web-interfaces/ra/RAServer.in openca-0.9.1.3_patched/src/web-interfaces/ra/RAServer.in
--- openca-0.9.1.3/src/web-interfaces/ra/RAServer.in 2002-09-25 11:35:56.000000000 +0200
+++ openca-0.9.1.3_patched/src/web-interfaces/ra/RAServer.in 2003-11-05 14:37:12.000000000 +0100
@@ -89,7 +89,27 @@
my $CONFIG = '@etc_prefix@/servers/@[EMAIL PROTECTED]';
if( (my $ret = $config->loadCfg( "$CONFIG" )) == undef ) {
print "Content-type: text/html\n\n";
- configError( "Error while loading configuration ($CONFIG)!" );
+ if ( -e $CONFIG ) {
+ if ( -r $CONFIG ) {
+ print "The configuration file <b>$CONFIG<b/> can not be parsed!";
+ } else {
+ print "The configuration file <b>$CONFIG</b> exists but can not be read!<p>
+ You probably misconfigured OpenCA during installation. Make sure that you used
+ the correct user and group for your webserver.<p>
+ <i>HINT:</i><br>
+ Under UNIX-like operating systems you can determine the user and group of your
+ webserver by issuing the following command<br>
+ # ps -eo \"%U %G %a\"<br>
+ and look for the process name of your webserver (in most cases httpd)<p>
+ Use this information when customizing your configure script at the following
+ configuration options:<br>
+ --with-httpd-user=<b>user id of webserver</b><br>
+ --with-httpd-group=apache=<b>group id of webserver</b><br>
+ ";
+ }
+ } else {
+ print "The configuration file <b>$CONFIG</b> does not exist!";
+ }
exit 100;
}
$common_libs = $config->getParam('CgiLibPath')->{VALUES}->[0];
