Hi @XMol -
Actually, the 4.9.0 client is meant to duplicate the (insecure) existing reliance on reverse DNS, so Andy's case should be working as the DN matches the reverse DNS lookup of the IP.
This is controllable by the environment variable XrdSecGSITRUSTDNS (defaults to 1; set to 0 to disable use of reverse DNS lookups).
Looks like there's a regression in master after SAN support was added - maybe a bad merge? Seems that the trustdns variable is set but never used, which is a touch suspicious.
Brian
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@bbockelm in #841: Hi @XMol -\r\n\r\nActually, the 4.9.0 client is meant to duplicate the (insecure) existing reliance on reverse DNS, so Andy's case should be working as the DN matches the reverse DNS lookup of the IP.\r\n\r\nThis is controllable by the environment variable `XrdSecGSITRUSTDNS` (defaults to `1`; set to `0` to disable use of reverse DNS lookups).\r\n\r\nLooks like there's a regression in master after SAN support was added - maybe a bad merge? Seems that the `trustdns` variable is set but never used, which is a touch suspicious.\r\n\r\nBrian"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/841#issuecomment-430573045"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/841#issuecomment-430573045",
"url": "https://github.com/xrootd/xrootd/issues/841#issuecomment-430573045",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [xrootd/xrootd] xrdcopy ignores subject alternative names from the x509 host certificate (#841)",
"sections": [
{
"text": "",
"activityTitle": "**Brian P Bockelman**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@bbockelm",
"facts": [
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 841,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 841\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/841#issuecomment-430573045"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 393853216\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
