Hi Rachana
This is what I see with the environment variable set
[EMAIL PROTECTED] saz]$ bin/sazclient
globus_l_gsi_gssapi_activate entering
globus_l_gsi_gssapi_activate exiting
globus_i_gsi_gss_cred_read entering
globus_i_gsi_gss_create_cred entering
globus_i_gsi_gssapi_init_ssl_context entering
globus_i_gsi_gssapi_init_ssl_context exiting: major_status=0
globus_i_gsi_gss_create_cred entering
globus_i_gsi_gss_cred_read exiting: major_status=0
gss_acquire_cred exiting: major_status=0
SAZProtocol: Going to establish security context
gss_init_sec_context entering
Creating context w/ Credentials provided.
globus_i_gsi_gss_create_and_fill_context entering
SSL is at 0x9f26620
SSL_set_app_data to callback data 0x9f26290
Ciphers available:
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
...
...
gss_create_empty_oid_set entering
gss_create_empty_oid_set exiting: major_status=0
globus_i_gsi_gss_create_and_fill_context exiting: major_status=0
globus_i_gsi_gss_handshake entering
globus_i_gsi_gss_handshake exiting: major_status=1
globus_i_gsi_gss_get_token entering
output token: length = 104
value =
...
...
globus_i_gsi_gss_get_token exiting: major_status=0
init_sec_context:major_status:00000001:gss_state:0
req_flags=00000002:ret_flags=00000000
gss_init_sec_context exiting: major_status=1
gss_release_buffer entering
gss_release_buffer exiting: major_status=0
gss_init_sec_context entering
globus_i_gsi_gss_put_token entering
input token: length = 8614
value =
0000 - 16 03 00 00 4a 02
...
...
21a0 - 00 04 0e ...
21a6 - <SPACES/NULS>
globus_i_gsi_gss_put_token exiting: major_status=0
globus_i_gsi_gss_handshake entering
globus_i_gsi_gss_handshake exiting: major_status=1
globus_i_gsi_gss_get_token entering
output token: length = 17258
value =
0000 - 16 03 00 40 00 0b 00 41-bd 00 41 ba 00 0b aa
30 [EMAIL PROTECTED]
globus_i_gsi_gss_get_token exiting: major_status=0
init_sec_context:major_status:00000001:gss_state:0
req_flags=00000002:ret_flags=00000000
gss_init_sec_context exiting: major_status=1
gss_release_buffer entering
gss_release_buffer exiting: major_status=0
************AND THIS IS WHERE IT HANGS*********************
What does this mean ??
Thank you
-Neha
On Aug 15, 2008, at 9:22 AM, Rachana Ananthakrishnan wrote:
Neha,
The debug option suggested in the previous thread would help get
useful logs
to see what the issue is.
http://www.globus.org/mail_archive/csec-dev/2008/08/msg00011.html. The
environment variable is for C side of things, so you should set it
on your
client side and run the client. It is not used on the Java (your
server)
side.
I tested old style proxy (with use of CN=proxy) with depth 5 on the
Java
side of things, and the handshake worked fine without any hangs. On
the
server side, there is SSL level logging you can modify, that would
generate
loads of messages tho':
log4j.category.COM.claymoresystems.ptls.SSLDebug=OFF
I suggest we start with the C side logs to first understand what the
client
is waiting on.
Rachana
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Neha Sharma
Sent: Thursday, August 14, 2008 11:22 AM
To: Charles Bacon
Cc: Neha Sharma; [email protected]
Subject: Re: [gt-user] Any known limitation
in"globus_gss_assist_init_sec_context" ??
Hi
I tried debugging this issue on client side, but no luck so far.
So, I decided to figure out the hang on Server Side (in Java)
This is what is happening on server side: (I have included relevant
code)
- once server receives request from client, it gets out of the
accept() method call and forks a client thread (passes the socket as
an argument)
server = new ServerSocket(port);
socket = server.accept();
sazInit=new SAZInit(socket,confObject);
SAZClientThread sazClientThread=new SAZClientThread(sazInit);
sazClientThread.start();
- within this client thread, the first thing it does is obtain an
ExtendedGSSContext (using the servers host cert and host key) and
passes it as an argument to another function
"getGsiServerSocket " . I
have attached file called ANAM.java which contains these functions.
context
=
anamObject
.getGsiServerContext
(confObject.SAZ_SERVER_CERT,confObject.SAZ_SERVER_KEY);
clientSocket = anamObject.getGsiServerSocket(clientSocket,context);
I believe handshake is being done by function "getGsiClientSocket",
(Socket clientSocket =
GssSocketFactory.getDefault().createSocket(host, port, context);)
- then it tries to obtain a input and output stream using
this client
socket. This is where it hangs...
the code which does this is :
rwSocket=new ReadWriteSocket(clientSocket);
and I have attached file called ReadWriteSocket.java.
Basically this is what the constructor is doing..
public ReadWriteSocket(Socket clientSocket){
this.clientSocket=clientSocket;
try{
in=clientSocket.getInputStream();
out=clientSocket.getOutputStream();
reader =new BufferedReader(new
InputStreamReader(in));
writer=new PrintStream(out);
din=new DataInputStream(in);
dout=new DataOutputStream(out);
}catch(IOException e){
System.out.println("Exception "+e);
}
}
The code hangs on the getInputStream() function...
I have also tested that if I just try to get input and output stream
from the socket object (when it gets created by server and is passed
to the thread before globus libraries are used), i can get them.
So obviously globus libraries are modifying the client socket
in a way
that is causing the problem in case of proxy delegated 5 times and
above..
At this stage, I am not sure what else I can try at my end and am
looking forward for any support from the Globus folks..
If you need any other information, please let me know
-Neha
