Branch: refs/heads/master
Home: https://github.com/xrootd/xrootd
Commit: 8f7d3aee05d3220e39f113e2a3cb35fe764e8b53
https://github.com/xrootd/xrootd/commit/8f7d3aee05d3220e39f113e2a3cb35fe764e8b53
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-05-19 (Sat, 19 May 2018)
Changed paths:
M src/XrdCrypto/XrdCryptoX509.cc
M src/XrdCrypto/XrdCryptoX509.hh
M src/XrdCrypto/XrdCryptosslX509.cc
M src/XrdCrypto/XrdCryptosslX509.hh
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Allow XRootD client to accept subjectAltNames.
With this, if the CN doesn't follow the expected matching rules,
then the client will iterate through the listed subjectAltNames
to determine whether the certificate matches the current host.
This includes support for CNs and SANs with wildcards.
Commit: cd8762fb2d3c08cad2e1ed701080e6e43164ec7e
https://github.com/xrootd/xrootd/commit/cd8762fb2d3c08cad2e1ed701080e6e43164ec7e
Author: Gerardo Ganis <[log in to unmask]>
Date: 2018-06-01 (Fri, 01 Jun 2018)
Changed paths:
M src/XrdCrypto/XrdCryptoX509.cc
Log Message:
-----------
Replace C-style string manipulation with C++ equivalent.
Commit: 47eb688dc2131c30edd57eba525f95bb2ea842ba
https://github.com/xrootd/xrootd/commit/47eb688dc2131c30edd57eba525f95bb2ea842ba
Author: Brian Bockelman <[log in to unmask]>
Date: 2018-06-03 (Sun, 03 Jun 2018)
Changed paths:
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Use hostname, not reverse DNS, for address comparison.
This changes XrdSecgsi to prefer to use the hostname for the purpose
of matching a certificate to a hostname (as opposed to the prior
behavior of a reverse DNS lookup).
Relying on reverse DNS is considered insecure; note that all the
other security mechanisms use the hostname.
With the SAN changes allowing multiple potential patterns in the
certificate, admins should be able to handle all the potential use
cases.
Commit: 9a78c14807933b0aaf0b82dc3f276b66f591063d
https://github.com/xrootd/xrootd/commit/9a78c14807933b0aaf0b82dc3f276b66f591063d
Author: Gerardo GANIS <[log in to unmask]>
Date: 2018-06-04 (Mon, 04 Jun 2018)
Changed paths:
M src/XrdCrypto/XrdCryptoX509.cc
M src/XrdCrypto/XrdCryptoX509.hh
M src/XrdCrypto/XrdCryptosslX509.cc
M src/XrdCrypto/XrdCryptosslX509.hh
M src/XrdSecgsi/XrdSecProtocolgsi.cc
Log Message:
-----------
Merge pull request #710 from bbockelm/allow_sans
Allow XRootD client to accept subjectAltNames.
Compare: https://github.com/xrootd/xrootd/compare/b7bad34f5824...9a78c1480793
**NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|