I first set ONE_AUTH to be ~/.one/one_x509 (created from my personal
certificate)
and then do,
econe-upload --url https://myone38sever file.img
This fails with the error message;
econe-upload:
<Error>
<Code>AuthFailure</Code>
<Message>Could not create X509 certificate from </Message>
</Error>
I can find that this message originates from
$ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb
because HTTP_SSL_CLIENT_CERT is not set(see below [1]).
I also confirmed that Apache also fails to set it
which means the client side, econe-upload command fails to send PEM string
correctly,
If you look at "upload_image method" in
$ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb,
I guess one of the following lines fails;
str = AWS.canonical_string(params, @uri.host)
sig = AWS.encode(@access_key_secret, str, false)
if curb
…
post_fields << Curl::PostField.content("Signature",sig)
post_fields << Curl::PostField.file("file",file_name)
connection = Curl::Easy.new(@uri.to_s)
connection.multipart_form_post = true
connection.ssl_verify_peer = false
connection.http_post(*post_fields)
Could Open Nebula developers investigate this?
(I am seeing the same error in both ON3.2 and ON3.8)
Thanks very much.
Hyunwoo Kim
FermiCloud Project
================================
[1] module X509CloudAuth
def do_auth(env, params={})
# For https, the web service should be set to include the user cert in
the environment.
cert_line = env['HTTP_SSL_CLIENT_CERT']
cert_line = nil if cert_line == '(null)' # For Apache mod_ssl
chain_index = 0
# Use the https credentials for authentication
unless cert_line.nil?
begin
m = cert_line.match(/(-+BEGIN CERTIFICATE-+)([^-]*)(-+END
CERTIFICATE-+)/)
cert_s = "#{m[1]}#{m[2].gsub(' ',"\n")}#{m[3]}"
cert = OpenSSL::X509::Certificate.new(cert_s)
rescue
raise "Could not create X509 certificate from " + cert_line
end
===================================
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
