#22 Certmonger aborts after unsuccessful attempt to save certificate
Closed: Fixed None Opened 10 years ago by jcholast.

Certmonger acquires writing lock in the NEED_TO_SAVE_CERT state but doesn't release it after unsucessful attempt to save the certificate before it goes to NEED_TO_SAVE_CERT again, causing it to abort itself:

2013-12-04 06:01:23 [25261] Request2('20131203030219') moved to state 'NEED_TO_SAVE_CERT'
2013-12-04 06:01:23 [25261] Will revisit Request2('20131203030219') now.
2013-12-04 06:01:23 [25261] Request2('20131203030219') taking writing lock
2013-12-04 06:01:23 [25261] Request2('20131203030219') moved to state 'PRE_SAVE_CERT'
2013-12-04 06:01:23 [25261] Will revisit Request2('20131203030219') on traffic from 8.
2013-12-04 06:01:58 [25261] Request2('20131203030219') moved to state 'START_SAVING_CERT'
2013-12-04 06:01:58 [25261] Will revisit Request2('20131203030219') now.
2013-12-04 06:01:58 [25261] Request2('20131203030219') moved to state 'SAVING_CERT'
2013-12-04 06:01:58 [25261] Will revisit Request2('20131203030219') on traffic from 8.
2013-12-04 06:01:58 [25540] Unable to decode certificate signed data into buffer.
2013-12-04 06:01:58 [25261] Request2('20131203030219') moved to state 'NEED_TO_NOTIFY_ISSUED_FAILED'
2013-12-04 06:01:58 [25261] Will revisit Request2('20131203030219') soonish.
2013-12-04 06:02:28 [25261] Request2('20131203030219') moved to state 'NOTIFYING_ISSUED_FAILED'
2013-12-04 06:02:28 [25261] Will revisit Request2('20131203030219') on traffic from 8.
2013-12-04 06:02:28 [25548] 0x1d Certificate named "auditSigningCert cert-pki-ca" in token "NSS Certificate DB" in database "/var/lib/pki-ca/alias" issued by CA but not saved.
2013-12-04 06:02:28 [25261] Request2('20131203030219') moved to state 'NEED_TO_SAVE_CERT'
2013-12-04 06:02:28 [25261] Will revisit Request2('20131203030219') soonish.
<SIGABRT>

Should have been fixed by c91d840. Which version is this?

This happens on RHEL6 with certmonger-0.61-3.el6. The commit does indeed fix it.

Sorry for the fuss, I think the ticket can be closed now.

The fix hasn't gone into a release yet, so I think it's useful to leave this open until then. Thanks for verifying that the fix works for you!

Fixed upstream in 0.69 and later. The RHEL6-specific resolution of this is being tracked at https://bugzilla.redhat.com/show_bug.cgi?id=1032760, and since we no longer need this ticket to track it, I'm marking this one as fixed.

Metadata Update from @nalin:
- Issue assigned to nalin

7 years ago

Login to comment on this ticket.

Metadata