Hi Michael.
My suggestion:
Forget about backport and 0.15.
You can patch the localca.py and simply remove line 173. I already committed this on github. We do not need the CSR get_extentions.
Kind regards Cornelius
Cornelius Kölbel +49 151 2960 1417
NetKnights GmbHHttp://NetKnights. It
+49 561 3166 797
I added the Jessie-Backports since they deliver 0.15, but when I wanted to install it, it greps python-pyopenssl from the trusty ppa and brokes :)After that I forced it with aptitude -t jessie-backports and now I get a Internal Server Error when accessing the startpage
[Tue Jun 07 09:53:37.895043 2016] [wsgi:error] [pid 489:tid 139726979172096] /usr/lib/python2.7/dist-packages/privacyidea/models.py:1793: SAWarning: Unicode column received non-unicode default value.[Tue Jun 07 09:53:37.895273 2016] [wsgi:error] [pid 489:tid 139726979172096] default=“/etc/privacyidea/dictionary”)[Tue Jun 07 09:53:37.921642 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Target WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’ cannot be loaded as Python module.[Tue Jun 07 09:53:37.921834 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Exception occurred processing WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’.[Tue Jun 07 09:53:37.921948 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] Traceback (most recent call last):[Tue Jun 07 09:53:37.922116 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/etc/privacyidea/privacyideaapp.wsgi”, line 3, in [Tue Jun 07 09:53:37.922265 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from privacyidea.app import create_app[Tue Jun 07 09:53:37.922359 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/app.py”, line 28, in [Tue Jun 07 09:53:37.922952 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] import privacyidea.api.before_after[Tue Jun 07 09:53:37.923097 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”, line 29, in [Tue Jun 07 09:53:37.923599 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from …lib.user import get_user_from_param[Tue Jun 07 09:53:37.923697 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line 55, in [Tue Jun 07 09:53:37.924472 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .resolver import (get_resolver_object,[Tue Jun 07 09:53:37.924585 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/resolver.py”, line 47, in [Tue Jun 07 09:53:37.925108 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from config import (get_resolver_types,[Tue Jun 07 09:53:37.925207 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/config.py”, line 47, in [Tue Jun 07 09:53:37.926073 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .caconnectors.localca import BaseCAConnector[Tue Jun 07 09:53:37.926233 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173[Tue Jun 07 09:53:37.926344 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] csr_extensions = csr_obj.get_extensions()[Tue Jun 07 09:53:37.926499 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] [1] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] IndentationError: unexpected indent
I think I’m gonna reinstall from scratch …
On Monday, June 6, 2016 at 11:36:09 PM UTC+2, Cornelius Kölbel wrote:The CSR extensions are not used at the moment.
So we could as well remove this line and then python-openssl 0.14 would
work fine, again.
Kind regards
Cornelius-------- Ursprüngliche Nachricht --------Von: Michael Muenz m.muenz@gmail.com Datum: 07.06.16 09:59 (GMT+01:00) An: privacyidea privacyidea@googlegroups.com Betreff: Re: [privacyidea] CA Connector can’t create certificate
Am Montag, den 06.06.2016, 13:20 -0700 schrieb Michael Muenz:
ii openssl 1.0.1t-1+deb8u2 amd64
Secure Sockets Layer toolkit - cryptographic utility
ii python-openssl 0.14-1 all
Python 2 wrapper around the OpenSSL library
[2016-06-06
22:16:46,000][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,001][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,028][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,029][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,056][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,057][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:187]
user u’mimu’ found in resolver u’maxadmins’
[2016-06-06
22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:188]
userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’
[2016-06-06
22:16:46,432][4767][140255173814016][ERROR][privacyidea.app:1423]
Exception on /token/init [POST]
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in
wsgi_app
response = self.full_dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in
full_dispatch_request
rv = self.handle_user_exception(e)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in
handle_user_exception
reraise(exc_type, exc_value, tb)
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in
full_dispatch_request
rv = self.dispatch_request()
File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in
dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File
“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,
line 104, in policy_wrapper
return wrapped_function(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/event.py”,
line 57, in event_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
180, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/api/token.py”,
line 186, in init
tokenrealms=tokenrealms)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line
180, in log_wrapper
f_result = func(*args, **kwds)
File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”,
line 912, in init_token
tokenobject.update(upd_params)
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/certificatetoken.py”, line 218, in update
crypto.FILETYPE_PEM, req))
File
“/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173, in sign_request
csr_extensions = csr_obj.get_extensions()
AttributeError: ‘X509Req’ object has no attribute ‘get_extensions’
On Monday, June 6, 2016 at 4:00:41 PM UTC+2, Cornelius Kölbel wrote:
Hi,
can you please post your privacyidea.log?
There should be a traceback.
Which version of pyopenssl and which version of openssl are
you using?
Kind regards
Cornelius
Am Montag, den 06.06.2016, 06:33 -0700 schrieb Michael Muenz:
> Hi,
>
>
> I've set up the WebCA as described in
>
http://privacyidea.readthedocs.io/en/latest/configuration/caconnectors.html
>
>
>
> When I try to roll out a new certificate I get:
> 'X509Req' object has no attribute 'get_extensions'
>
>
>
> There's no certificate but the token will be displayed
within the
> token view.
>
>
> Google tells me about some "wont fixes" with PyOpenSSL.
>
>
> I'm using Debian 8 with latest packages from Trusty build.
>
>
>
>
> Any ideas?
>
>
> Thanks
> Michael
> --
> Please read the blog post about getting help
> https://www.privacyidea.org/getting-help/.
>
> For professional services and consultancy regarding two
factor
> authentication please visit
> https://netknights.it/en/leistungen/one-time-services/
>
> In an enterprise environment you should get a SERVICE LEVEL
AGREEMENT
> which suites your needs for SECURITY, AVAILABILITY and
LIABILITY:
>
https://netknights.it/en/leistungen/service-level-agreements/
> ---
> You received this message because you are subscribed to the
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails
from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to
priva...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/privacyidea.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/privacyidea/9f13cbc2-8c89-4aaa-86ef-09b748676673%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.
–
Cornelius Kölbel
corneliu…@netknights.it
+49 151 2960 1417
NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
–
Please read the blog post about getting help
For professional services and consultancy regarding two factor authentication please visit
https://netknights.it/en/leistungen/one-time-services/
In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
https://netknights.it/en/leistungen/service-level-agreements/
You received this message because you are subscribed to the Google Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/b89d0ffc-b9ff-4362-bce6-9c81124d481e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tue Jun 07 09:53:37.926583 2016 ↩︎