I am using xrootd 4.6.1 with xrdhttpvoms 0.2.4 from EPEL on a CentOS 7 system.
Not setting http.secretkey
but "using" it (by activating http.selfhttps2http
and / or desthttps no
) will not cause a startup failure or error message, but lead to creation of random tokens, potentially including non-ASCII characters.
This breaks on the client side, since the redirection URI can not be accessed.
Also, that is probably use of unintialized memory - might be exploitable?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1