← Back to branch summary

~ubuntu-branches/ubuntu/raring/eucalyptus/raring

~ubuntu-branches/ubuntu/raring/eucalyptus/raring

« back to all changes in this revision

Viewing changes to debian/patches/30-clock_drift.patch

Committer: Package Import Robot
Author(s): James Page
Date: 2011-09-21 09:57:58 UTC
Revision ID: package-import@ubuntu.com-20110921095758-v3q43gifp4lxlh1w

Tags: 2.0.1+bzr1256-0ubuntu8

https://launchpad.net/bugs/851611

https://launchpad.net/bugs/854946

* Fix compatibility issues with SSLv3 (LP: #851611):
  - d/patches/29-euca_conf-sslv3.patch: Use --secure-protocol=SSLv3
    with wget when communicating with CLC.
  - d/eucalyptus-cloud.upstart: Use --secure-protocol=SSLv3 with wget
    when checking for CLC startup complete.
* d/patches/30-clock_drift.patch: Resolve issue with rampart blocking
  communication between CC and NC when time is fractionally in the
  future (LP: #854946):

files added:
.pc/29-euca_conf-sslv3.patch

.pc/29-euca_conf-sslv3.patch/tools

.pc/29-euca_conf-sslv3.patch/tools/euca_conf.in

.pc/30-clock_drift.patch

.pc/30-clock_drift.patch/tools

.pc/30-clock_drift.patch/tools/client-policy-template.xml

.pc/30-clock_drift.patch/tools/service-policy-template.xml

.pc/30-clock_drift.patch/util

.pc/30-clock_drift.patch/util/euca_axis.c

debian/patches/29-euca_conf-sslv3.patch

debian/patches/30-clock_drift.patch

files modified:
.pc/applied-patches

debian/changelog

debian/eucalyptus-cloud.upstart

debian/patches/series

tools/client-policy-template.xml

tools/euca_conf.in

tools/service-policy-template.xml

util/euca_axis.c

Show diffs side-by-side

added added

removed removed

debian/patches/30-clock_drift.patch

1

Author: Graziano Obertelli <graziano@eucalyptus.com>

2

Description: Permit fractional time difference between NC and CC

3

Bug-Ubuntu: http://pad.lv/854946

4

5

--- a/tools/client-policy-template.xml 2011-03-30 16:44:16 +0000

6

+++ b/tools/client-policy-template.xml 2011-04-07 22:26:08 +0000

7

@@ -57,6 +57,7 @@

8

<rampc:ReceiverCertificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:ReceiverCertificate>

9

<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-CERT</rampc:Certificate>

10

<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-KEY</rampc:PrivateKey>

11

+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>

12

13

<!--

14

<rampc:User>CLIENT-USERNAME</rampc:User>

15

16

--- a/tools/service-policy-template.xml 2011-03-30 16:44:16 +0000

17

+++ b/tools/service-policy-template.xml 2011-04-07 22:26:08 +0000

18

@@ -60,6 +60,7 @@

19

<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:Certificate>

20

<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-KEY</rampc:PrivateKey>

21

22

+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>

23

</rampc:RampartConfig>

24

</wsp:All>

25

</wsp:ExactlyOne>

26

27

--- a/util/euca_axis.c 2011-03-30 16:44:16 +0000

28

+++ b/util/euca_axis.c 2011-04-07 22:26:08 +0000

29

@@ -360,7 +360,7 @@

30

signed_elems[1] = 1;

31

32

/* Regardless of the location of the Timestamp, verify the one that is signed */

33

- if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 0)) {

34

+ if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 20)) {

35

oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Validation failed for Timestamp with ID = %s", ref);

36

return 1;

37

}

38

Older »