LISTSERV 16.5 - XROOTD-DEV Archives

  Branch: refs/heads/master
  Home:   https://github.com/xrootd/xrootd
  Commit: 8f7d3aee05d3220e39f113e2a3cb35fe764e8b53
      https://github.com/xrootd/xrootd/commit/8f7d3aee05d3220e39f113e2a3cb35fe764e8b53
  Author: Brian Bockelman <[log in to unmask]>
  Date:   2018-05-19 (Sat, 19 May 2018)

  Changed paths:
    M src/XrdCrypto/XrdCryptoX509.cc
    M src/XrdCrypto/XrdCryptoX509.hh
    M src/XrdCrypto/XrdCryptosslX509.cc
    M src/XrdCrypto/XrdCryptosslX509.hh
    M src/XrdSecgsi/XrdSecProtocolgsi.cc

  Log Message:
  -----------
  Allow XRootD client to accept subjectAltNames.

With this, if the CN doesn't follow the expected matching rules,
then the client will iterate through the listed subjectAltNames
to determine whether the certificate matches the current host.

This includes support for CNs and SANs with wildcards.


  Commit: cd8762fb2d3c08cad2e1ed701080e6e43164ec7e
      https://github.com/xrootd/xrootd/commit/cd8762fb2d3c08cad2e1ed701080e6e43164ec7e
  Author: Gerardo Ganis <[log in to unmask]>
  Date:   2018-06-01 (Fri, 01 Jun 2018)

  Changed paths:
    M src/XrdCrypto/XrdCryptoX509.cc

  Log Message:
  -----------
  Replace C-style string manipulation with C++ equivalent.


  Commit: 47eb688dc2131c30edd57eba525f95bb2ea842ba
      https://github.com/xrootd/xrootd/commit/47eb688dc2131c30edd57eba525f95bb2ea842ba
  Author: Brian Bockelman <[log in to unmask]>
  Date:   2018-06-03 (Sun, 03 Jun 2018)

  Changed paths:
    M src/XrdSecgsi/XrdSecProtocolgsi.cc

  Log Message:
  -----------
  Use hostname, not reverse DNS, for address comparison.

This changes XrdSecgsi to prefer to use the hostname for the purpose
of matching a certificate to a hostname (as opposed to the prior
behavior of a reverse DNS lookup).

Relying on reverse DNS is considered insecure; note that all the
other security mechanisms use the hostname.

With the SAN changes allowing multiple potential patterns in the
certificate, admins should be able to handle all the potential use
cases.


  Commit: 9a78c14807933b0aaf0b82dc3f276b66f591063d
      https://github.com/xrootd/xrootd/commit/9a78c14807933b0aaf0b82dc3f276b66f591063d
  Author: Gerardo GANIS <[log in to unmask]>
  Date:   2018-06-04 (Mon, 04 Jun 2018)

  Changed paths:
    M src/XrdCrypto/XrdCryptoX509.cc
    M src/XrdCrypto/XrdCryptoX509.hh
    M src/XrdCrypto/XrdCryptosslX509.cc
    M src/XrdCrypto/XrdCryptosslX509.hh
    M src/XrdSecgsi/XrdSecProtocolgsi.cc

  Log Message:
  -----------
  Merge pull request #710 from bbockelm/allow_sans

Allow XRootD client to accept subjectAltNames.


Compare: https://github.com/xrootd/xrootd/compare/b7bad34f5824...9a78c1480793
      **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1