This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=1162173.
Currently pkispawn fails if the hostname contains double hypen "--".
WARNING: Catalina.start using conf/server.xml: The string "--" is not permitted within comments. Nov 07, 2014 10:12:05 PM org.apache.tomcat.util.digester.Digester fatalError SEVERE: Parse Fatal Error at line 31 column 40: The string "--" is not permitted within comments. org.xml.sax.SAXParseException; systemId: file:/var/lib/pki/pki-tomcat/conf/server.xml; lineNumber: 31; columnNumber: 40; The string "--" is not permitted within comments. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source) ...
The problem is pkispawn stores the hostname in a comment section in server.xml to provide the server URLs for pkidaemon, so if the hostname contains a double hypen the XML format becomes invalid.
<!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- CA Status Definitions --> <!-- Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ee/ca Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ca/ee/ca Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca/services EE Client Auth URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/ca/eeca/ca PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ... --> <!-- DO NOT REMOVE - End PKI Status Definitions -->
Proposed solution: The above lines should be removed from server.xml with an upgrade script. The pkidaemon should obtain the URLs (or the hostname and ports) directly from the CS.cfg of each subsystem.
Per CS/DS meeting of 02/16/2015: 10.3
Per discussions in the Dogtag 10.3 Triage meeting of 01/06/2016: priority low
attachment pki-ftweedal-0076-Avoid-XML-parse-fail-with-double-hyphen-in-hostname.patch
Pushed to master (8beb5cfa4cd81fbf47ea8cd6839b793c2a12284e)
Metadata Update from @mkosek: - Issue assigned to ftweedal - Issue set to the milestone: 10.3.0.a1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1822
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.