 |
 |
While testing the recent changes in XrdSecgsi I noticed that a regression has been first introduced in 47eb688dc2131c30edd57eba525f95bb2ea842ba (and **haven't been fixed** by 1533382e11418c24916c93392973ac1c3fcab552). Consider XRootD with CERN Grid host certificate running on host.cern.ch. When the client tries to authenticate after issuing a command like: ``` xrdfs host ls /tmp ``` (note hostname was given without _.cern.ch_ domain) it fails and following error can be seen in the logs: ``` secgsi_getCredentials: server certificate CN 'host.cern.ch' does not match the expected format(s): '[*/]host[/*]' (default); exceptions are controlled by the env XrdSecGSISRVNAMES CF: 0x7fffeee1c360 secgsi_ErrF: Secgsi: ErrParseBuffer: server certificate CN 'host.cern.ch' does not match the expected format(s): '[*/]host[/*]' (default); exceptions are controlled by the env XrdSecGSISRVNAMES: kXGS_cert ``` @bbockelm : Before the commit in question the _host_ hostname was properly resolved into _host.cern.ch_ , currently we do DNS lookups only for IP addresses. Could you explain why the lookup has been removed for plain hostnames? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/725 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1