yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1103569] Re: unable to load certificate should abort request

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Mar 2013 15:19:43 -0000
Reply-to: Bug 1103569 <1103569@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1103569

Title:
  unable to load certificate should abort request

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  From the mailing list, the following message should be improve with
  decent help, e.g.:

    Unable to load certificate; ensure you've configured PKI with
  `keystone-manage pki_setup`

  Instead of simply:

  (sqlalchemy.engine.base.Engine): 2013-01-23 17:04:57,904 INFO ('106298a47e5a4d129c7b8571e188c51e', 1)
  (keystone.common.cms): 2013-01-23 17:04:57,990 ERROR Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
  140702974211744:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
  140702974211744:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
  unable to load certificate

  Then the following code should never be reached:

  (root): 2013-01-23 17:04:57,991 ERROR Command 'openssl' returned non-zero exit status 3
  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1-py2.7.egg/keystone/common/wsgi.py", line 215, in __call__
      result = method(context, **params)
    File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1-py2.7.egg/keystone/token/controllers.py", line 118, in authenticate
      config.CONF.signing.keyfile)
    File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1-py2.7.egg/keystone/common/cms.py", line 140, in cms_sign_token
      output = cms_sign_text(text, signing_cert_file_name, signing_key_file_name)
    File "/usr/local/lib/python2.7/dist-packages/keystone-2013.1-py2.7.egg/keystone/common/cms.py", line 135, in cms_sign_text
      raise subprocess.CalledProcessError(retcode, "openssl")
  CalledProcessError: Command 'openssl' returned non-zero exit status 3

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1103569/+subscriptions