You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
This issue was reported as a comment in the bodhi update system in Fedora:
https://bodhi.fedoraproject.org/updates/FEDORA-2017-0eca8dbb12
When I first investigated this I found the problem with the incompatibility with older servers that I reported in #461 which showed a similar problem, but the original reporter came back and reported that his problem still was there after updating to the version fixing the older server incompatibility.
I tried to issue the exact same command that was used by the reporter, and it succeeded without problems for me. So I asked for more information.
The detailed logs that were provided showed that on the users system the CRL files for the CA signing the server's certificate ware not present. And if I move these CRL files away on my system I can reproduce the problem.
An absent CRL file should not cause an error. The CRL file being absent means "do not check". If the CRL file is there it must be valid (i.e. not expired) and those certificates that are revoked in it must not be validated.
The CRL checking code in 4.6.0 treats a missing CRL as an expired CRL, which is not correct. This is a regression form the 4.5.0 version.
The logs from the original reporter attempting the same xrdcp command with 4.5.0 and 4.6.0 installed on the same system are attached.
xrdcp-4.5.0.txt
xrdcp-4.6.0.txt
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1