25 Oct 2013 Valerio Venturi
The VOMS Product Team is pleased to announce the release of VOMS clients v. 3.0.4 and VOMS Java APIs v. 3.0.2.
This release provides an important bug fix, as highlighted in the release notes for the clients and the APIs. Packages can be obtained from our repositories and will soon be available on the EMI-3 repository. Follow the instructions in the releases section.
The new packages provide fixes for the problems described in this ticket. The issue was that private keys embedded in VOMS proxies created by the new VOMS clients were encoded following the PKCS#8 standard instead of the PKCS#1 formerly used by VOMS clients version 2.x. While the PKCS#8 standard is correctly handled by most middleware components, the old jglobus library used by dCache SRM clients does not understand it so the parsing of VOMS proxies resulted in a failure.
Another issue was found in CANL, on which Java APIs are based. CANL, when serializing the VOMS proxies did not set the KeyUsage extension as critical, and this caused failures when contacting services where the KeyUsage check was implemented stricly. CANL 1.3.0 fixes this issue and VOMS Java APIs were updated to explicitly depend on that version.