Hi Dirk, Am 04.12.2017 um 12:27 schrieb Dirk Heuvels:
If this is the case, the functionality is broken - with cache=session the token should be available only during and inside the current session context. With cache=daemon it is intended that the secret is enabled "globally" and available until explicity cleared.However the "clear" button is not useless, because the secret is not reset, when you log off.
If you enter an incorrect secret, the secret group is in state "complete", but your ca is unusable.
You are right.
Even in that case, if we have a functionality in place, it should work "as expected" ;)Anyway, if I'm "the last of my kind" regarding session caching you needn't put effort into that.
Thanks for reporting, ticket is already created and I will have a look on this. Perhaps you want to comment your expectations on how it should work to be usefull for your use case. (https://github.com/openxpki/openxpki/issues/599)
Oliver
Thanks for the quick response, Dirk -----Ursprüngliche Nachricht----- Von: Oliver Welter [mailto:[email protected]] Gesendet: Montag, 4. Dezember 2017 11:50 An: [email protected] Betreff: Re: [OpenXPKI-users] Secret group session error after update from 1.17 to 1.19 Hello Dirk, to be honest, you are the only one I know that uses cache-session and I must confess we did not test that :( I don't want to whitewash the bug but IMHO clear secret with cache session does not really make sense from a business view so I think we will fix the problem by removing the "clear" button. I will add a ticket to get the secret handling reworked for one of the next releases. best regards Oliver Am 01.12.2017 um 09:39 schrieb Dirk Heuvels:Hi Oliver, I'm afraid there is another spot in Session::Data.pm where validation fails, if "cache: session" is active for a secret group. It occurs when you click on "[clear secret]" in the management dialog for a secret that has been added previously. Best regards, Dirk 2017/12/01 09:20:29 openxpki.system.ERROR:17722 The following parameter was passed in the call to (eval) but was not listed in the validation options: default at /usr/share/perl5/MooseX/Params/Validate.pm line 67. MooseX::Params::Validate::validated_hash(ARRAY(0x592c338), "group", HASH(0x7afbd68), "MX_PARAMS_VALIDATE_NO_CACHE", 1) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/MooseParams.pm line 59 eval {...} called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/MooseParams.pm line 58 OpenXPKI::MooseParams::named_args(ARRAY(0x592c338), "group", HASH(0x7afbd68)) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Session/Data.pm line 216 OpenXPKI::Server::Session::Data::clear_secret(undef, "default") called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Crypto/TokenManager.pm line 422 OpenXPKI::Crypto::TokenManager::clear_secret_group(OpenXPKI::Crypto::TokenManager=HASH(0x6702720), "default") called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/API/Secret.pm line 81OpenXPKI::Server::API::Secret::clear_secret("OpenXPKI::Server::API::Secret", HASH(0x7b22f08)) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/API.pm line 1801 -----Ursprüngliche Nachricht----- Von: Oliver Welter [mailto:[email protected]] Gesendet: Donnerstag, 23. November 2017 16:55 An: [email protected] Betreff: Re: [OpenXPKI-users] Secret group session error after update from 1.17 to 1.19 Hi Dirk, have a look at this Pull Request if you want to patch it by yourself https://github.com/openxpki/openxpki/pull/594/files I will also create new packages (v.1.19.5) Oliver Am 21.11.2017 um 10:39 schrieb Dirk Heuvels:Hi everyone, I have been using OpenXPKI 1.17 on Debian Jessie as issuing CA and recently updated to 1.19.4. Since then my default secret group (realm.ca-one.crypto.secret.default) cannot be cached in the session anymore. The crucial setting in crypto.yaml: secret: default: label: Default secret group of this realm method: plain cache: daemon -> works vs. .. cache: session -> breaks openxpki.log says: 2017/11/21 09:50:50 openxpki.system.ERROR:32521 Mandatory parameter 'value' missing in call to (eval) at /usr/share/perl5/MooseX/Params/Validate.pm line 67. MooseX::Params::Validate::validated_hash(ARRAY(0x4eb27a0), "group", HASH(0x6fb38e0), "value", HASH(0x6fc8808), "MX_PARAMS_VALIDATE_NO_CACHE", 1) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/MooseParams.pm line 59 eval {...} called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/MooseParams.pm line 58 OpenXPKI::MooseParams::named_args(ARRAY(0x4eb27a0), "group", HASH(0x6fb38e0), "value", HASH(0x6fc8808)) called at /usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Server/Session/Data.pm line 190 (..) I have noticed, that session handling has changed from 1.17 to 1.19 and have added "system.server.session.type: File", as advised by the warnings that come up otherwise. I also tried out the server.yaml that comes as default with 1.19 and that stores sessions in the database. This doesn't change the behavior either. Are there any other settings that must be set with the new session management or is this possibly a bug? Thanks in advance, Dirk --------------------------------------------------------------------- - -------- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users-- Protect your environment - close windows and adopt a penguin! ---------------------------------------------------------------------- -------- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users-- Protect your environment - close windows and adopt a penguin! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
