devstack

stash.sh doesn't clear the cache under $*_AUTH_CACHE_DIR

Bug #1088497 reported by Jian Wen
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
devstack
In Progress
Undecided
Jian Wen

Bug Description

if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then $*_AUTH_CACHE_DIR is used to cache ca.pem and signing_cert.pem for
the keystone server.

If we run ./stack.sh again, the ca.pem and signing_cert.pem are regenerated. And the cache become invalid.
Command like 'nova list' would make nova-api use the invalid pem files to verify CMS. As a result:
Verification failure
140630604306080:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
140630604306080:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:721:
140630604306080:error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:900:
140630604306080:error:2E09D06D:CMS routines:CMS_verify:content verify error:cms_smime.c:425:

Jian Wen (wenjianhn)
Changed in devstack:
assignee: nobody → Jian Wen (wenjianhn)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to devstack (master)

Fix proposed to branch: master
Review: https://review.openstack.org/17920

Changed in devstack:
status: New → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.