I am working on adding support for the GSI authentication in a pure-Go client (go-hep/hep#250).
According to gsi-msg-specs, p.3: the context establishment phase is nothing more than normal SSLv3 handshake messages being exchanged
.
I was using RFC6101, p. 25 as a specification of SSLv3 handshake messages.
I have got TCP dump of xrootd authentication process (gist):
- the first message is a client
auth
request,
- the second message is a server
auth_more
response,
- the third message is
auth
request again, following with ok
response (not included in the dump, since it contains only ok
status).
However, the problem is that the payload of auth
request doesn't look like SSLv3 ClientHello
to me.
Also, the server response, which should be ServerHello
following by ServerCertificate
should contain ASN.1 encoded cert (you can see an example and decoding here).
But what is present looks more like the plain content of the server's crt
file. The content between -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
matches the certificate body.
Could someone please explain an implementation of GSI authentication in XRootD in a bit more detail?
Am I missing something?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"specification of the GSI auth (#757)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/757"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/757",
"url": "https://github.com/xrootd/xrootd/issues/757",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "specification of the GSI auth (#757)",
"sections": [
{
"text": "",
"activityTitle": "**Mikhail Ivchenko**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@EgorMatirov",
"facts": [
{
"name": "Repository: ",
"value": "xrootd/xrootd"
},
{
"name": "Issue #: ",
"value": 757
}
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/757"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 351089539\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1