I am working on adding support for the GSI authentication in a pure-Go client (go-hep/hep#250).
According to gsi-msg-specs, p.3: the context establishment phase is nothing more than normal SSLv3 handshake messages being exchanged.
I was using RFC6101, p. 25 as a specification of SSLv3 handshake messages.
I have got TCP dump of xrootd authentication process (gist):
- the first message is a client
auth request,
- the second message is a server
auth_more response,
- the third message is
auth request again, following with ok response (not included in the dump, since it contains only ok status).
However, the problem is that the payload of auth request doesn't look like SSLv3 ClientHello to me.
Also, the server response, which should be ServerHello following by ServerCertificate should contain ASN.1 encoded cert (you can see an example and decoding here).
But what is present looks more like the plain content of the server's crt file. The content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- matches the certificate body.
Could someone please explain an implementation of GSI authentication in XRootD in a bit more detail?
Am I missing something?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"specification of the GSI auth (#757)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/757"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/757",
"url": "https://github.com/xrootd/xrootd/issues/757",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "specification of the GSI auth (#757)",
"sections": [
{
"text": "",
"activityTitle": "**Mikhail Ivchenko**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@EgorMatirov",
"facts": [
{
"name": "Repository: ",
"value": "xrootd/xrootd"
},
{
"name": "Issue #: ",
"value": 757
}
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 757\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/757"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 351089539\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1