Re: Federation appears successful but can't see changes

Tue, 19 Jan 2010 12:22:09 -0800 

Rob,
  The set of checks that check-certificates.sh does might not be
comprehensive enough. Could you try adding "-purpose any" to
the verify command in check-certificates.sh and see if it still passes?
Here is the patch of the change I am talking about:

$ hg diff check-certificates.sh
diff -r e4b4d8e3e3ca check-certificates.sh
--- a/check-certificates.sh     Mon Jan 18 14:12:49 2010 -0800
+++ b/check-certificates.sh     Tue Jan 19 15:18:15 2010 -0500
@@ -54,9 +54,9 @@

 # Verify the certificate chain.
 if (( $len > 1 )); then
-  verifycmd="openssl verify -CAfile ${certli...@]}"
+  verifycmd="openssl verify -purpose any -CAfile ${certli...@]}"
 else
-  verifycmd="openssl verify ${certli...@]}"
+  verifycmd="openssl verify -purpose any ${certli...@]}"
 fi

 if $verifycmd | grep -q "OK$" ; then


   Thanks,
   -joe

--
Joe Gregorio
Developer Relations, Google Wave

On Tue, Jan 19, 2010 at 2:26 PM, Rob <[email protected]> wrote:
> I have disabled chat for traitwise.com, but that seemed to make the
> problem worse.  While the server is still logging what look like the
> correct transactions, I can no longer share a wave between
> traitwise.com and the sandbox.
>
> The full stack trace for the certificate error is:
> SEVERE: Failed to add our own signer info to the certificate store
> org.waveprotocol.wave.crypto.SignatureException: Certificate
> validation failure
>        at
> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache
> (CachedCertPathValidator.java:103)
>        at
> org.waveprotocol.wave.crypto.CachedCertPathValidator.validate
> (CachedCertPathValidator.java:65)
>        at
> org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo
> (WaveSignatureVerifier.java:129)
>        at
> org.waveprotocol.wave.examples.fedone.waveserver.CertificateManagerImpl.storeSignerInfo
> (CertificateManagerImpl.java:196)
>        at
> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl.<init>
> (WaveServerImpl.java:429)
>        at
> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl$
> $FastClassByGuice$$8086ed04.newInstance(<generated>)
>        at
> com.google.inject.internal.cglib.reflect.FastConstructor.newInstance
> (FastConstructor.java:40)
>        at com.google.inject.internal.DefaultConstructionProxyFactory
> $1.newInstance(DefaultConstructionProxyFactory.java:58)
>        at com.google.inject.internal.ConstructorInjector.construct
> (ConstructorInjector.java:80)
>        at com.google.inject.internal.ConstructorBindingImpl
> $Factory.get(ConstructorBindingImpl.java:180)
>        at com.google.inject.internal.ProviderToInternalFactoryAdapter
> $1.call(ProviderToInternalFactoryAdapter.java:43)
>        at com.google.inject.internal.InjectorImpl.callInContext
> (InjectorImpl.java:814)
>        at
> com.google.inject.internal.ProviderToInternalFactoryAdapter.get
> (ProviderToInternalFactoryAdapter.java:40)
>        at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>        at
> com.google.inject.internal.InternalFactoryToProviderAdapter.get
> (InternalFactoryToProviderAdapter.java:40)
>        at com.google.inject.internal.FactoryProxy.get
> (FactoryProxy.java:51)
>        at com.google.inject.internal.ProviderToInternalFactoryAdapter
> $1.call(ProviderToInternalFactoryAdapter.java:43)
>        at com.google.inject.internal.InjectorImpl.callInContext
> (InjectorImpl.java:814)
>        at
> com.google.inject.internal.ProviderToInternalFactoryAdapter.get
> (ProviderToInternalFactoryAdapter.java:40)
>        at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>        at
> com.google.inject.internal.InternalFactoryToProviderAdapter.get
> (InternalFactoryToProviderAdapter.java:40)
>        at com.google.inject.internal.FactoryProxy.get
> (FactoryProxy.java:51)
>        at com.google.inject.internal.SingleParameterInjector.inject
> (SingleParameterInjector.java:38)
>        at com.google.inject.internal.SingleParameterInjector.getAll
> (SingleParameterInjector.java:62)
>        at com.google.inject.internal.ConstructorInjector.construct
> (ConstructorInjector.java:79)
>        at com.google.inject.internal.ConstructorBindingImpl
> $Factory.get(ConstructorBindingImpl.java:180)
>        at com.google.inject.internal.ProviderToInternalFactoryAdapter
> $1.call(ProviderToInternalFactoryAdapter.java:43)
>        at com.google.inject.internal.InjectorImpl.callInContext
> (InjectorImpl.java:814)
>        at
> com.google.inject.internal.ProviderToInternalFactoryAdapter.get
> (ProviderToInternalFactoryAdapter.java:40)
>        at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>        at
> com.google.inject.internal.InternalFactoryToProviderAdapter.get
> (InternalFactoryToProviderAdapter.java:40)
>        at com.google.inject.internal.SingleParameterInjector.inject
> (SingleParameterInjector.java:38)
>        at com.google.inject.internal.SingleParameterInjector.getAll
> (SingleParameterInjector.java:62)
>        at com.google.inject.internal.ConstructorInjector.construct
> (ConstructorInjector.java:79)
>        at com.google.inject.internal.ConstructorBindingImpl
> $Factory.get(ConstructorBindingImpl.java:180)
>        at com.google.inject.internal.ProviderToInternalFactoryAdapter
> $1.call(ProviderToInternalFactoryAdapter.java:43)
>        at com.google.inject.internal.InjectorImpl.callInContext
> (InjectorImpl.java:814)
>        at
> com.google.inject.internal.ProviderToInternalFactoryAdapter.get
> (ProviderToInternalFactoryAdapter.java:40)
>        at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>        at
> com.google.inject.internal.InternalFactoryToProviderAdapter.get
> (InternalFactoryToProviderAdapter.java:40)
>        at com.google.inject.internal.InjectorImpl$4$1.call
> (InjectorImpl.java:761)
>        at com.google.inject.internal.InjectorImpl.callInContext
> (InjectorImpl.java:807)
>        at com.google.inject.internal.InjectorImpl$4.get
> (InjectorImpl.java:757)
>        at com.google.inject.internal.InjectorImpl.getInstance
> (InjectorImpl.java:796)
>        at org.waveprotocol.wave.examples.fedone.ServerMain.run
> (ServerMain.java:61)
>        at org.waveprotocol.wave.examples.fedone.ServerMain.main
> (ServerMain.java:50)
> Caused by: java.security.cert.CertPathValidatorException: subject/
> issuer name chaining check failed
>        at
> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate
> (PKIXMasterCertPathValidator.java:139)
>        at
> sun.security.provider.certpath.PKIXCertPathValidator.doValidate
> (PKIXCertPathValidator.java:326)
>        at
> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate
> (PKIXCertPathValidator.java:178)
>        at java.security.cert.CertPathValidator.validate
> (CertPathValidator.java:250)
>        at
> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache
> (CachedCertPathValidator.java:101)
>        ... 45 more
>
>
>    Thanks,
>    -Rob
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Wave Protocol" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/wave-protocol?hl=en.
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups "Wave 
Protocol" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/wave-protocol?hl=en.

Reply via email to