Francesco Malvezzi <francesco.malve...@unimore.it> writes: > 2009-06-10 11:57:55 ERROR Shibboleth.AttributeResolver [7]: exception > during SAML query to > https://omissis.unimore.it:8443/idp/profile/SAML1/SOAP/AttributeQuery: > CURLSOAPTransport failed while contacting SOAP responder: > error:0B07C065:x509 certificate routines:X509_STORE_add_cert:cert > already in hash table > 2009-06-10 11:57:55 ERROR Shibboleth.AttributeResolver [7]: unable to > obtain a SAML response from attribute authority
http://marc.info/?t=96963077100003&r=1&w=2 seems to point at this error being either a bug in how the OpenSSL routines are called or a bug in the certificate configuration. Since it works for you manually with curl, I suspect there's something different between how XMLTooling is calling curl versus what the command-line program does (including perhaps loading different certs). The error message does appear to mean what it says it means, namely that something is trying to load the same certificate twice. Do you, by any chance, have multiple copies of the same certificate referenced anywhere in your configuration, such as used for a certificate and for a trust chain, or for multiple IdPs? That might help narrow down what's going on. > More details: the SP is a brand new Debian/etch upgraded to lenny > (hosted on XEN). The box is 1 day old, no patching, noting. > > This configuration used to work since an year, at least till a week > ago. Did it work on a lenny system, or was it only working on etch? -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
