> @gganis <https://github.com/gganis> - in this case, can we have CRL mode
> "3" simply ignore the lack of a CRL?
I think that mode is available already as "1":
XrdSecGSICRLCHECK type of check to be performed on CRLs:
0 do not care; ignore any CRL information for the CA being used
for certificate chain verification;
1 use CRL if available (if the CRL certificate is missing for a
given CA, the related CRL is assumed to be empty);
2 require CRL for any trusted CA, but do not stop if the CRL
certificate is not up-to-date;
12 require CRL for any trusted CA, and attempt to download the
CRL certificate if the file is not found or is not up-to-date;
3 require an up-to-date CRL for each CA;
3 require an up-to-date CRL for each CA, and attempt to download
the CRL certificate if the file is not found or is not up-to-date.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@lickdragon in #716: \r\n\u003e @gganis \u003chttps://github.com/gganis\u003e - in this case, can we have CRL mode \r\n\u003e \"3\" simply ignore the lack of a CRL?\r\n\r\nI think that mode is available already as \"1\":\r\n\r\n\r\n XrdSecGSICRLCHECK type of check to be performed on CRLs:\r\n 0 do not care; ignore any CRL information for the CA being used \r\nfor certificate chain verification;\r\n 1 use CRL if available (if the CRL certificate is missing for a \r\ngiven CA, the related CRL is assumed to be empty);\r\n 2 require CRL for any trusted CA, but do not stop if the CRL \r\ncertificate is not up-to-date;\r\n 12 require CRL for any trusted CA, and attempt to download the \r\nCRL certificate if the file is not found or is not up-to-date;\r\n 3 require an up-to-date CRL for each CA;\r\n\r\n 3 require an up-to-date CRL for each CA, and attempt to download \r\nthe CRL certificate if the file is not found or is not up-to-date.\r\n\r\n\r\n"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/716#issuecomment-443783080"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/716#issuecomment-443783080",
"url": "https://github.com/xrootd/xrootd/issues/716#issuecomment-443783080",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [xrootd/xrootd] xrootd 4.80 cannot use letsencrypt as CA (#716)",
"sections": [
{
"text": "",
"activityTitle": "**cwseys**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@lickdragon",
"facts": [
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 716,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close issue",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 716\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/issues/716#issuecomment-443783080"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 338858599\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1