While testing the recent changes in XrdSecgsi I noticed that a regression has been first introduced in 47eb688 (and haven't been fixed by 1533382).
Consider XRootD with CERN Grid host certificate running on host.cern.ch. When the client tries to authenticate after issuing a command like:
xrdfs host ls /tmp
(note hostname was given without .cern.ch domain)
it fails and following error can be seen in the logs:
secgsi_getCredentials: server certificate CN 'host.cern.ch' does not match the expected format(s): '[*/]host[/*]' (default); exceptions are controlled by the env XrdSecGSISRVNAMES CF: 0x7fffeee1c360
secgsi_ErrF: Secgsi: ErrParseBuffer: server certificate CN 'host.cern.ch' does not match the expected format(s): '[*/]host[/*]' (default); exceptions are controlled by the env XrdSecGSISRVNAMES: kXGS_cert
@bbockelm : Before the commit in question the host hostname was properly resolved into host.cern.ch , currently we do DNS lookups only for IP addresses. Could you explain why the lookup has been removed for plain hostnames?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/725","url":"https://github.com/xrootd/xrootd/issues/725","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}}
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"[XrdSecgsi] regression in 47eb688dc2131c30edd57eba525f95bb2ea842ba (#725)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/725"}}}
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "37567f93-e2a7-4e2a-ad37-a9160fc62647",
"title": "[XrdSecgsi] regression in 47eb688dc2131c30edd57eba525f95bb2ea842ba (#725)",
"sections": [
{
"text": "",
"activityTitle": "**simonmichal**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@simonmichal",
"facts": [
{
"name": "Repository: ",
"value": "xrootd/xrootd"
},
{
"name": "Issue #: ",
"value": 725
}
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 725,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 725\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/725"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 342957608\n}"
}
],
"themeColor": "26292E"
}
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1