Hi Steffen,
On Thu, May 14, 2009 at 12:02:07AM +0200, Steffen Waitz wrote:
> after successfully installing the latest OpenXPKI code from Sf, i've
> tried to create a user certificate. Unfortunally i'm stuck in the
> issuing of the certificate. The Webinterface has given me this error:
>
> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR; __SIGNAL__ => 0;
> __EXIT_CODE__ => 1
>
> After some googling an reading the mailing list i've found out that i
> have to start the openxpki daemon with the debug option to get more
> detailed information about. Now this is what i've got:
That's a good start. Unluckily, for invocations of external programs,
that is sometimes not enough.
> OpenXPKI::Crypto::CLI::execute (line 127): command: /usr/bin/openssl ca
> -batch -sub
> j "/DC=org/DC=OpenXPKI/DC=Test Deployment/CN=xxxx xxxx+UID=abc"
> -multivalue-rdn -out /var/tmp/openxpkiaHWTwA -in /var/tm
> p/openxpkirAGx3e -passin env:pwd 1>>/var/tmp/openxpkiQIaDQB
> 2>>/var/tmp/openxpkiWmEcBp
It would be interesting to see the file into which the STDERR output
is redirected (in this case /var/tmp/openxpkiWmEcBp). It is deleted
right after the command exits, though. Can you please try patching
CLI.pm with the attached patch which disables this deletion and
look at the output of the STDERR redirect?
Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[email protected] | working @ urn:oid:1.3.6.1.4.1.11417
diff --git a/trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
b/trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
index 45a6a32..0414ec6 100644
--- a/trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
+++ b/trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
@@ -215,7 +215,7 @@ sub __find_error : PRIVATE {
if (my $exc = OpenXPKI::Exception->caught()) {
if ($exc->message() =~ m{ I18N_OPENXPKI_READ_FILE_DOES_NOT_EXIST |
I18N_OPENXPKI_READ_FILE_NOT_READABLE | I18N_OPENXPKI_READ_FILE_OPEN_FAILED
}xms) {
# read_file did not work ...
- unlink($stdout_file_of{$ident});
+ #unlink($stdout_file_of{$ident});
OpenXPKI::Exception->throw(
message => 'I18N_OPENXPKI_CRYPTO_CLI_CANNOT_OPEN_ERRLOG',
params => { 'FILENAME' => $stderr_file_of{$ident},
@@ -224,13 +224,13 @@ sub __find_error : PRIVATE {
}
}
- unlink($stderr_file_of{$ident});
+ #unlink($stderr_file_of{$ident});
##! 4: "error log contains: $ret"
$ret = $engine_of{$ident}->filter_stderr($ret);
if ($self->error_ispresent($ret)) {
##! 8: "error detected - firing exception"
- unlink ($stdout_file_of{$ident});
+ #unlink ($stdout_file_of{$ident});
OpenXPKI::Exception->throw(
message => 'I18N_OPENXPKI_CRYPTO_CLI_ERROR',
params => { 'ERRVAL' => $ret,
@@ -257,7 +257,7 @@ sub get_result {
$ret = 1;
}
}
- unlink ($stdout_file_of{$ident});
+ #unlink ($stdout_file_of{$ident});
## WARNING: DO NOT OUTPUT ANYTHING HERE
## WARNING: THE OUTPUT MUST BE CHECKED BY THE CALLER FOR ITS SECURITY LEVEL
@@ -272,13 +272,13 @@ sub cleanup {
my $ident = ident $self;
if (exists $stdin_file_of{$ident} and -e $stdin_file_of{$ident}) {
- unlink($stdin_file_of{$ident});
+ #unlink($stdin_file_of{$ident});
}
if (exists $stdout_file_of{$ident} and -e $stdout_file_of{$ident}) {
- unlink ($stdout_file_of{$ident});
+ #unlink ($stdout_file_of{$ident});
}
if (exists $stderr_file_of{$ident} and -e $stderr_file_of{$ident}) {
- unlink ($stderr_file_of{$ident});
+ #unlink ($stderr_file_of{$ident});
}
##! 1: "end"
}
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
