Branch: refs/heads/master Home: https://github.com/xrootd/xrootd Commit: 8f7d3aee05d3220e39f113e2a3cb35fe764e8b53 https://github.com/xrootd/xrootd/commit/8f7d3aee05d3220e39f113e2a3cb35fe764e8b53 Author: Brian Bockelman <[log in to unmask]> Date: 2018-05-19 (Sat, 19 May 2018) Changed paths: M src/XrdCrypto/XrdCryptoX509.cc M src/XrdCrypto/XrdCryptoX509.hh M src/XrdCrypto/XrdCryptosslX509.cc M src/XrdCrypto/XrdCryptosslX509.hh M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Allow XRootD client to accept subjectAltNames. With this, if the CN doesn't follow the expected matching rules, then the client will iterate through the listed subjectAltNames to determine whether the certificate matches the current host. This includes support for CNs and SANs with wildcards. Commit: cd8762fb2d3c08cad2e1ed701080e6e43164ec7e https://github.com/xrootd/xrootd/commit/cd8762fb2d3c08cad2e1ed701080e6e43164ec7e Author: Gerardo Ganis <[log in to unmask]> Date: 2018-06-01 (Fri, 01 Jun 2018) Changed paths: M src/XrdCrypto/XrdCryptoX509.cc Log Message: ----------- Replace C-style string manipulation with C++ equivalent. Commit: 47eb688dc2131c30edd57eba525f95bb2ea842ba https://github.com/xrootd/xrootd/commit/47eb688dc2131c30edd57eba525f95bb2ea842ba Author: Brian Bockelman <[log in to unmask]> Date: 2018-06-03 (Sun, 03 Jun 2018) Changed paths: M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Use hostname, not reverse DNS, for address comparison. This changes XrdSecgsi to prefer to use the hostname for the purpose of matching a certificate to a hostname (as opposed to the prior behavior of a reverse DNS lookup). Relying on reverse DNS is considered insecure; note that all the other security mechanisms use the hostname. With the SAN changes allowing multiple potential patterns in the certificate, admins should be able to handle all the potential use cases. Commit: 9a78c14807933b0aaf0b82dc3f276b66f591063d https://github.com/xrootd/xrootd/commit/9a78c14807933b0aaf0b82dc3f276b66f591063d Author: Gerardo GANIS <[log in to unmask]> Date: 2018-06-04 (Mon, 04 Jun 2018) Changed paths: M src/XrdCrypto/XrdCryptoX509.cc M src/XrdCrypto/XrdCryptoX509.hh M src/XrdCrypto/XrdCryptosslX509.cc M src/XrdCrypto/XrdCryptosslX509.hh M src/XrdSecgsi/XrdSecProtocolgsi.cc Log Message: ----------- Merge pull request #710 from bbockelm/allow_sans Allow XRootD client to accept subjectAltNames. Compare: https://github.com/xrootd/xrootd/compare/b7bad34f5824...9a78c1480793 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1