Story #6570

Updated by Rob Nahf about 7 years ago

A user with an expired cilogon certificate should be treated as the user public in D1Client:

The day before yesterday I downloaded a user cilogon certificate - /tmp/x509up_u502. It expired after 24 (or 12) hours but wasn't deleted.

Yesterday When I ran a junit class of Matecat and got a "peer not authenticated" error. The is error was caused by the line - NodeList nodeList = D1Client.getCN().listNodes(); Eventually I figured out the expired certificate /tmp/x509up_u502 caused the issue. After I removed it, the junit test worked.

The listNodes() method can be called by the user public. So a user with an expired cilogon certificate calling it wouldn't hurt anything. I think the D1Client maybe examines the user certificate first: if it expires, don't send it to the server, just treats it as the user public.


Add picture from clipboard (Maximum size: 14.8 MB)