Bug #823

X509 auth driver should check errors when encripting

Added by Daniel Molina over 9 years ago. Updated about 6 years ago.

Status:ClosedStart date:09/23/2011
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Drivers - Auth
Target version:-
Resolution:wontfix Pull request:
Affected Versions:OpenNebula 3.8

Description

An exception is returned if the data to be encripted is too large for that key size.

OpenSSL::PKey::RSAError - data too large for key size:
/srv/cloud/one/lib/ruby/x509_auth.rb:178:in `private_encrypt'

History

#1 Updated by Ruben S. Montero over 8 years ago

  • Category set to Drivers - Auth
  • Target version set to Release 4.0

Also other errors should be more clearly shown in the logs. For example wrong permissions in r/the CA hash files make the authentication fails with a cryptic message:

/usr/lib/one/ruby/x509_auth.rb:183: `data greater than mod len'
(OpenSSL::PKey::RSAError)
from /usr/lib/one/ruby/x509_auth.rb:183:in `decrypt'
from /usr/lib/one/ruby/x509_auth.rb:116:in `authenticate'
from authenticate:50
/usr/lib/one/ruby/x509_auth.rb:183:
@cert_chain0.public_key.public_decrypt(Base64::decode64(data)

Reported by Uli in the maling list (THANKS!)

#2 Updated by Ruben S. Montero over 8 years ago

  • Tracker changed from Feature to Bug
  • Affected Versions OpenNebula 3.8 added

#3 Updated by Ruben S. Montero about 8 years ago

  • Target version changed from Release 4.0 to Release 4.2

#4 Updated by Ruben S. Montero almost 8 years ago

  • Target version deleted (Release 4.2)

#5 Updated by Ruben S. Montero about 6 years ago

  • Status changed from New to Closed
  • Resolution set to wontfix

Also available in: Atom PDF