Hi,
I filled the email address in the certificate but what I think is problem
with surname , please check below the log:
*File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py in
get_user at line 91* code arguments variables
Function argument list
(self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
Code listing
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
p = profile = dict()
username = p['username'] = reduce(lambda a,b: '%s | %s' %
(a,b), self.subject.CN or self.subject.commonName)
p['first_name'] = reduce(lambda a,b: '%s | %s' %
(a,b),self.subject.givenName or username)
p['last_name'] = reduce(lambda a,b: '%s | %s' %
(a,b),self.subject.surname)
p['email'] = reduce(lambda a,b: '%s | %s' %
(a,b),self.subject.Email or self.subject.emailAddress)
# IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
p['registration_id'] = self.serial
Variables a undefined b undefined builtinreduce <built-in function
reduce> self.subject.surname [] self
<gluon.contrib.login_methods.x509_auth.X509Auth
object> self.subject <Storage {'Email': ['[email protected]'],
...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p {'first_name': 'A |
m | i | t | 1 | | K | h | a | w | a | r | e', 'username': 'Amit1 Khaware'}
And while generating the certificates it is not asking about surname, it's
asking below information:
Country Name (2 letter code) [US]:
State or Province Name (full name) [CA]:
Locality Name (eg, city) [San Diego]:
Organization Name (eg, company) [Cafesoft LLC]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:*Cafesoft CA*
Email Address [[email protected]]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*password*
An optional company name []:
please check the link :
http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
So x509_auth.py expects surname but above link doesn't provide option to
fill surname :(
Regards,
Amit
On Tue, Nov 6, 2012 at 8:34 PM, Michele Comitini <[email protected]
> wrote:
> self.subject.Email is [] i.e. an empty list. Check if that is the problem.
>
> mic
> Il giorno 06/nov/2012 14:32, "Amit" <[email protected]> ha scritto:
>
>> I have used below link to generate server certificates, client
>> certificates and CA certificates, imported client and CA certificates to
>> Mozilla Firefox browser and then deploy server certificates and CA
>> certificate to the Rocket server :
>>
>> D:\web2py2.1.1\web2py>web2py.py -a password -i 127.0.0.1 -p 8000 -c
>> C:\OpenSSL-Win32\bin\cirrusAwareCA\server\certificates\server.test.com.crt
>> -k C:\OpenSSL-Win32\bin\cirrusAwareCA\server\keys\server.test.com.key
>> --ca-cert=C:\OpenSSL-Win32\bin\cirrusAwareCA\CA\cirrusAwareCA.crt
>>
>> Then Open browser type https://127.0.0.1:8000/MyApp/default/index
>>
>> Now its giving error:
>> <type 'exceptions.TypeError'> reduce() of empty sequence with no initial
>> value Error snapshot [image: help]
>>
>> <type 'exceptions.TypeError'>(reduce() of empty sequence with no initial
>> value)
>>
>> inspect attributes
>> Frames
>>
>> -
>>
>> *File D:\web2py2.1.1\web2py\gluon\restricted.py in restricted at line
>> 209* code arguments variables
>> -
>>
>> *File
>>
>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>> in <module> at line 76* code arguments variables
>> -
>>
>> *File D:\web2py2.1.1\web2py\gluon\globals.py in <lambda> at line 187*
>> code arguments variables
>> -
>>
>> *File
>>
>> D:\web2py2.1.1\web2py\applications\AuthenticationApp\controllers\default.py
>> in user at line 38* code arguments variables
>> Code listing
>>
>> 33.
>> 34.
>> 35.
>> 36.
>> 37.
>> 38.
>>
>> 39.
>> 40.
>> 41.
>> 42.
>>
>> use @auth.requires_login()
>> @auth.requires_membership('group name')
>>
>>
>> @auth.requires_permission('read','table name',record_id)
>>
>>
>> to decorate functions that need access control
>> """
>> return dict(form=auth())
>>
>>
>>
>> def download():
>> """
>>
>> -
>>
>> *File D:\web2py2.1.1\web2py\gluon\tools.py in __call__ at line 1205*
>> code arguments variables
>> -
>>
>> *File D:\web2py2.1.1\web2py\gluon\tools.py in login at line 2016* code
>> arguments variables
>> -
>>
>> *File D:\web2py2.1.1\web2py\gluon\contrib\login_methods\x509_auth.py
>> in get_user at line 91* code arguments variables
>> Function argument list
>>
>> (self=<gluon.contrib.login_methods.x509_auth.X509Auth object>)
>> Code listing
>>
>> 86.
>> 87.
>> 88.
>> 89.
>> 90.
>> 91.
>>
>> 92.
>> 93.
>> 94.
>> 95.
>>
>>
>> p = profile = dict()
>>
>> username = p['username'] = reduce(lambda a,b: '%s | %s' % (a,b),
>> self.subject.CN or self.subject.commonName)
>>
>>
>> p['first_name'] = reduce(lambda a,b: '%s | %s' %
>> (a,b),self.subject.givenName or username)
>>
>> p['last_name'] = reduce(lambda a,b: '%s | %s' %
>> (a,b),self.subject.surname)
>>
>>
>> p['email'] = reduce(lambda a,b: '%s | %s' %
>> (a,b),self.subject.Email or self.subject.emailAddress)
>>
>>
>> # IMPORTANT WE USE THE CERT SERIAL AS UNIQUE KEY FOR THE USER
>> p['registration_id'] = self.serial
>>
>> Variables a undefined b undefined builtinreduce <built-in
>> function reduce> self.subject.surname [] self
>> <gluon.contrib.login_methods.x509_auth.X509Auth
>> object> self.subject <Storage {'Email': [], 'C': ['IN'],
>> 'serialNumbe...SG'], 'organizationUnitName': ['HSG'], 'SN': []}> p
>> {'first_name':
>> 'A | m | i | t', 'username': 'Amit'}
>>
>>
>> Regards,
>> Amit
>>
>>
>>
>>
>> On Tue, Nov 6, 2012 at 6:42 PM, Michele Comitini <
>> [email protected]> wrote:
>>
>>> https://github.com/web2py/web2py/blob/master/gluon/main.py#L824
>>>
>>> The log seems to say that your certificate file is not there, or not
>>> accessible
>>>
>>> mic
>>>
>>>
>>> 2012/11/6 Amit <[email protected]>
>>>
>>>> I am using Python 2.7.2.
>>>>
>>>> On Tue, Nov 6, 2012 at 6:33 PM, Michele Comitini <
>>>> [email protected]> wrote:
>>>>
>>>>> What is your python version?
>>>>>
>>>>>
>>>>> 2012/11/6 Amit <[email protected]>
>>>>>
>>>>>> Hi Michele,
>>>>>> I used Simpatica to generates the certificates but failed to deploy
>>>>>> to the web2py server, please check once the first mail in this mail chain
>>>>>> where I explained the problem in details.
>>>>>>
>>>>>> Regards,
>>>>>> Amit
>>>>>>
>>>>>> On Tue, Nov 6, 2012 at 4:52 PM, Michele Comitini <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> I suggest looking at code gluon/contrib/login_methods/x509_auth.py.
>>>>>>> Basically you can extract anything from client supplied cert and use it
>>>>>>> with the auth tables of web2py. That is really simple.
>>>>>>> The tedious part id getting to know what stuff you can put in the
>>>>>>> cert. That is more related to managing a CA than to web2py itself.
>>>>>>>
>>>>>>> I have written a simple but functional app for managing a little CA:
>>>>>>> simpatiCA <http://goo.gl/nrAhS> ; it is simple enough to be used
>>>>>>> as an example and extended to your needs. If you need a real CA there
>>>>>>> are
>>>>>>> more featured solutions around...
>>>>>>>
>>>>>>> mic
>>>>>>>
>>>>>>>
>>>>>>> > PS: the man behind X509 auth code in web2py is mcm, sadly for your
>>>>>>> it's documented how it works but not how to organize the certs (which
>>>>>>> in >
>>>>>>> theory you should know in advance)
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>> 2012/11/6 Niphlod <[email protected]>
>>>>>>>
>>>>>>>> hem... one thing is helping you to create certs and key for a SSL
>>>>>>>> protected webserver, quite another to help you managing a credential
>>>>>>>> store
>>>>>>>> (I really don't have time for that).
>>>>>>>> You have problems on finding out what OpenSSL is and want to manage
>>>>>>>> X509 ? Really ?
>>>>>>>> Maybe it's time to read some docs.
>>>>>>>>
>>>>>>>> http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>>>>>>>>
>>>>>>>>
>>>>>>>> PS: the man behind X509 auth code in web2py is mcm, sadly for your
>>>>>>>> it's documented how it works but not how to organize the certs (which
>>>>>>>> in
>>>>>>>> theory you should know in advance)
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>>
>>>
>>>
>>>
>>
>> --
>>
>>
>>
>>
> --
>
>
>
>
--
