 |
 |
Hi, >since there was a recent naming transition xrootd4->xrootd I thought it was a good idea to recompile libxrdhttpvoms and refurbish the setup of littlexrdhttp, as t was old-ish (Sept) Thanks! I've updated to all the new rpms, everything seems to be working as expected with the cephy bits. > please post the startup phase of the server (with the -d switch). I've attached the full log, it looks okay to me (again, I have nothing to compare this too): Plugin loaded unversioned XrdHttpGetSecXtractor from secxtractorlib /usr/lib64/libXrdHttpVOMS-4.so =====> http.secxtractor /usr/lib64/libXrdHttpVOMS-4.so Connecting with a VOMS proxy now leads to something different happening, but it's still not extracting VOMS goodness: --------------- 141201 10:48:49 10716 XrdInet: Accepted connection from [log in to unmask] 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: received dlen: 16 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: received dump: 22 03 01 01 34 01 00 01 30 03 03 84 124 71 -111 00 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: This does not look like http at pos 0 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: This may look like https 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Protocol matched. https: 1 141201 10:48:49 10716 sysXrdHttp: Reset 141201 10:48:49 10716 sysXrdHttp: XrdHttpReq request ended. 141201 10:48:49 10716 XrdProtocol: matched protocol XrdHttp 141201 10:48:49 10716 ?:7@gdss541 XrdPoll: FD 7 attached to poller 0; num=1 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Process. lp:0x7fedb8002258 reqstate: 0 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Setting host: [::ffff:130.246.179.6] 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Entering SSL_accept... 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: SSL_accept returned :1 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Extracting auth info. 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: SSL_get_peer_certificate returned :0x7fedb8014000 141201 10:48:49 10716 ?:7@gdss541 sysXrdHttp: Setting link name: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tom byrne/CN=proxy 140659745793792:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE 140659745793792:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE 141201 10:48:49 10716 /C=UK/O=eScience/OU=CLR@gdss541 sysXrdHttp: SSL_get_verify_result returned :0 --------------- With the relevant bit of the server response: <span id="requestby">Request by /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tom byrne/CN=proxy ( DN: /C=UK/O=eScience/OU=CLRC/L=RAL/CN=tom byrne/CN=proxy ) ( [::ffff:130.246.179.6] )</span> --------------- I'm beginning to suspect maybe I've messed something up with my certificate setup, I've double checked that I can do the identical davix-get on your littlexrdhttp setup with the VOMS bit working. From tomorrow I'm going to be in CERN for the ATLAS Computing Jamboree, so I may be even slower to respond, sorry! Cheers Tom -- Scanned by iCritical. ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1