LISTSERV 16.5 - XROOTD-DEV Archives

Hi all,
I think Xrootd should imitate Globus in this matter: by default, the client should compare
the name it used to contact the service with the names in the SAN and fall back on the
subject DN as needed. Better yet, for the time being it could still fall back on the DNS
if no match was found yet. Just as Globus did, at some point the latter fall-back is no
longer tried by default, but still available through a run-time configuration option.
In the end, possibly after a few years, that route is removed altogether.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@maarten-litmaath in #841: Hi all,\r\nI think Xrootd should imitate Globus in this matter: by default, the client should compare\r\nthe name it used to contact the service with the names in the SAN and fall back on the\r\nsubject DN as needed. Better yet, for the time being it could still fall back on the DNS\r\nif no match was found yet. Just as Globus did, at some point the latter fall-back is no\r\nlonger tried by default, but still available through a run-time configuration option.\r\nIn the end, possibly after a few years, that route is removed altogether.\r\n"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/841#issuecomment-431070343"}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/841#issuecomment-431070343", "url": "https://github.com/xrootd/xrootd/issues/841#issuecomment-431070343", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } }, { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "Re: [xrootd/xrootd] xrdcopy ignores subject alternative names from the x509 host certificate (#841)", "sections": [ { "text": "", "activityTitle": "**Maarten Litmaath**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@maarten-litmaath", "facts": [ ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 841,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/841#issuecomment-431070343" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 393853216\n}" } ], "themeColor": "26292E" } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1