<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>I first set ONE_AUTH to be ~/.one/one_x509 (created from my personal certificate)</div>
<div>and then do,</div>
<div>econe-upload  --url <a href="https://myone38sever">https://myone38sever</a> file.img</div>
<div><br>
</div>
<div>This fails with the error message;</div>
<div>
<div>econe-upload: </div>
<div>                <Error></div>
<div>                    <Code>AuthFailure</Code></div>
<div>                    <Message>Could not create X509 certificate from </Message></div>
<div>                </Error></div>
<div>    </div>
</div>
<div><br>
</div>
<div>I can find that this message originates from </div>
<div>
<div>$ONE_LOCATION/lib/ruby/cloud/CloudAuth/X509CloudAuth.rb </div>
<div>because HTTP_SSL_CLIENT_CERT is not set(see below [1]).</div>
<div><br>
</div>
<div>I also confirmed that Apache also fails to set it</div>
<div>which means the client side, econe-upload command fails to send PEM string correctly,</div>
<div><br>
</div>
<div>If you look at "upload_image method"  in $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb, </div>
<div>I guess one of the following lines fails;</div>
<div>
<div>            str = AWS.canonical_string(params, @uri.host)</div>
<div>            sig = AWS.encode(@access_key_secret, str, false)</div>
</div>
<div><br>
</div>
<div>
<div>            if curb</div>
</div>
<div>
<div>                …</div>
<div>                post_fields << Curl::PostField.content("Signature",sig)</div>
<div>                post_fields << Curl::PostField.file("file",file_name)</div>
<div><br>
</div>
<div>                connection = Curl::Easy.new(@uri.to_s)</div>
<div>                connection.multipart_form_post = true</div>
<div>                connection.ssl_verify_peer = false</div>
<div>                connection.http_post(*post_fields)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Could Open Nebula developers investigate this?</div>
<div>(I am seeing the same error in both ON3.2 and ON3.8)</div>
<div><br>
</div>
<div>Thanks very much.</div>
<div><br>
</div>
<div>Hyunwoo Kim</div>
<div>FermiCloud Project</div>
<div><br>
</div>
<div>================================</div>
<div>[1] module X509CloudAuth</div>
<div>    def do_auth(env, params={})</div>
<div>        # For https, the web service should be set to include the user cert in the environment.                                                                             </div>
<div>        cert_line   = env['HTTP_SSL_CLIENT_CERT']</div>
<div>        cert_line   = nil if cert_line == '(null)' # For Apache mod_ssl                                                                                                     </div>
<div>        chain_index = 0</div>
<div><br>
</div>
<div>        # Use the https credentials for authentication                                                                                                                      </div>
<div>        unless cert_line.nil?</div>
<div>            begin</div>
<div>                m      = cert_line.match(/(-+BEGIN CERTIFICATE-+)([^-]*)(-+END CERTIFICATE-+)/)</div>
<div>                cert_s = "#{m[1]}#{m[2].gsub(' ',"\n")}#{m[3]}"</div>
<div>                cert   = OpenSSL::X509::Certificate.new(cert_s)</div>
<div>            rescue</div>
<div>                raise "Could not create X509 certificate from " + cert_line</div>
<div>            end</div>
</div>
<div>===================================</div>
</body>
</html>