Skip to content

fix certificate start date to work regardless of the timezone#148

Merged
jacobperron merged 1 commit intoros2:masterfrom
mikaelarguedas:fix_certificates
Aug 7, 2019
Merged

fix certificate start date to work regardless of the timezone#148
jacobperron merged 1 commit intoros2:masterfrom
mikaelarguedas:fix_certificates

Conversation

@mikaelarguedas
Copy link
Member

@mikaelarguedas mikaelarguedas commented Aug 1, 2019

Currently if the machine generating the certificate has a local time ahead of UTC, the nodes fail to be created.

This PR switches to uses UTC time for the certificate start and end of validity times.

Error messages

Fast-RTPS:

2019-08-01 02:19:18.354 [SECURITY Error] Error validating the local participant identity. () -> Function init
2019-08-01 02:19:18.355 [RTPS_PARTICIPANT Error] Cannot create participant due to security initialization error -> Function createParticipant

Connext:

[CREATE Participant]RTI_Security_CertHelper_verifyCert:X509_verify_cert returned 0 with error 9: certificate is not yet valid
[CREATE Participant]RTI_Security_Authentication_get_certificate:failed to verify certificate
[CREATE Participant]RTI_Security_Authentication_validate_local_identity:failed to get certificate
[CREATE Participant]DDS_DomainParticipantTrustPlugins_getLocalParticipantSecurityState:!certificate verify fail
[CREATE Participant]DDS_DomainParticipant_createI:!get local participant security state
[CREATE Participant]DDS_DomainParticipantFactory_create_participant_disabledI:!create participant
DDSDomainParticipant_impl::create_disabledI:!create participant
DDSDomainParticipant_impl::createI:!create participant
DomainParticipantFactory_impl::create_participant():!create failure creating participant

Signed-off-by: Mikael Arguedas mikael.arguedas@gmail.com

@mikaelarguedas
fix certificate start date to work regardless of the timezone
1b7e09b 
Otherwise it fails with 'RTI_Security_CertHelper_verifyCert:X509_verify_cert returned 0 with error 9: certificate is not yet valid'

Signed-off-by: Mikael Arguedas <mikael.arguedas@gmail.com>
kyrofa
kyrofa approved these changes Aug 1, 2019
View reviewed changes
Copy link
Member

@kyrofa kyrofa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah seems sensible, thanks @mikaelarguedas!

@mikaelarguedas
Copy link
Member Author

mikaelarguedas commented Aug 6, 2019

@jacobperron or @mjcarroll gentle 🛎️
Can this be merged as is or should it get another 👀 and/or CI to go in ?

jacobperron
jacobperron approved these changes Aug 7, 2019
View reviewed changes
Copy link
Member

@jacobperron jacobperron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

  • Linux Build Status
  • Linux-aarch64 Build Status
  • macOS Build Status
  • Windows Build Status

@jacobperron jacobperron merged commit 7e3287e into ros2:master Aug 7, 2019
@mikaelarguedas mikaelarguedas deleted the fix_certificates branch August 7, 2019 06:07
@mikaelarguedas mikaelarguedas mentioned this pull request May 6, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kyrofa kyrofa kyrofa approved these changes

@jacobperron jacobperron jacobperron approved these changes

@ruffsl ruffsl ruffsl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mikaelarguedas @kyrofa @jacobperron @ruffsl