It is at the client side. XrdSecProtocolgsi::ClientDoCert() is called by client only.
--
Wei Yang | [log in to unmask]<mailto:[log in to unmask]> | 650-926-3338(O)
From: Andrew Hanushevsky <[log in to unmask]>
Reply-To: xrootd/xrootd <[log in to unmask]>
Date: Wednesday, December 5, 2018 at 10:30 PM
To: xrootd/xrootd <[log in to unmask]>
Cc: Wei Yang <[log in to unmask]>, Author <[log in to unmask]>
Subject: Re: [xrootd/xrootd] Append signed Diffie-Hellman paramaters to the unsigned (#867)
Ah, are you telling me this is a server-side issue? That is, the message
only appears at the server? If so, I think this is a bit more complicated
then. If it's a client-side issue then the check with turnoff is correct.
On Wed, 5 Dec 2018, Wei Yang wrote:
> I put it there and comment it out because I feel the message is quite
misleading: In a TPC case, if the source does not send DH parameters (but
the destination does), this message will come out, even though the client
never intended to delegate the proxy to the source.
>
> I guess you are looking at this from debugging prospect while I am looking at it from user?s prospect. Is there an way to print out message only when XrdSecDEBUG is sent to something?
> --
> Wei Yang | [log in to unmask]<mailto:[log in to unmask]> | 650-926-3338(O)
>
> From: Andrew Hanushevsky <[log in to unmask]>
> Reply-To: xrootd/xrootd <[log in to unmask]>
> Date: Wednesday, December 5, 2018 at 10:03 PM
> To: xrootd/xrootd <[log in to unmask]>
> Cc: Wei Yang <[log in to unmask]>, Author <[log in to unmask]>
> Subject: Re: [xrootd/xrootd] Append signed Diffie-Hellman paramaters to the unsigned (#867)
>
>
> Could you un-comment the message
>
> std::cerr <<"secgsi: proxy delegation forbidden when server does not provide signed DH parameter!\n"
>
> that indicates delegation was turned off. Without that message we will be chasing delegation problems for days. With the message we will immediately know why i didn't work. A small price to pay for a message.
>
> ÿÿ
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/pull/867#issuecomment-444758763>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AE9TAx0GnxSVZasMhNlzYdP8yc87QBAiks5u2LM-gaJpZM4ZByBZ>.
>
>
> --
> You are receiving this because you commented.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/pull/867#issuecomment-444762097
‹
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/pull/867#issuecomment-444763403>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AE9TA766dhzeZ09r3hKt-AVze-XkGwGdks5u2LlxgaJpZM4ZByBZ>.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"PERSON","message":"@wyang007 in #867: It is at the client side. XrdSecProtocolgsi::ClientDoCert() is called by client only.\n\n--\nWei Yang | [log in to unmask]\u003cmailto:[log in to unmask]\u003e | 650-926-3338(O)\n\nFrom: Andrew Hanushevsky \[log in to unmask]\u003e\nReply-To: xrootd/xrootd \[log in to unmask]\u003e\nDate: Wednesday, December 5, 2018 at 10:30 PM\nTo: xrootd/xrootd \[log in to unmask]\u003e\nCc: Wei Yang \[log in to unmask]\u003e, Author \[log in to unmask]\u003e\nSubject: Re: [xrootd/xrootd] Append signed Diffie-Hellman paramaters to the unsigned (#867)\n\nAh, are you telling me this is a server-side issue? That is, the message\nonly appears at the server? If so, I think this is a bit more complicated\nthen. If it's a client-side issue then the check with turnoff is correct.\n\nOn Wed, 5 Dec 2018, Wei Yang wrote:\n\n\u003e I put it there and comment it out because I feel the message is quite\nmisleading: In a TPC case, if the source does not send DH parameters (but\nthe destination does), this message will come out, even though the client\nnever intended to delegate the proxy to the source.\n\u003e\n\u003e I guess you are looking at this from debugging prospect while I am looking at it from user?s prospect. Is there an way to print out message only when XrdSecDEBUG is sent to something?\n\u003e --\n\u003e Wei Yang | [log in to unmask]\u003cmailto:[log in to unmask]\u003e | 650-926-3338(O)\n\u003e\n\u003e From: Andrew Hanushevsky \[log in to unmask]\u003e\n\u003e Reply-To: xrootd/xrootd \[log in to unmask]\u003e\n\u003e Date: Wednesday, December 5, 2018 at 10:03 PM\n\u003e To: xrootd/xrootd \[log in to unmask]\u003e\n\u003e Cc: Wei Yang \[log in to unmask]\u003e, Author \[log in to unmask]\u003e\n\u003e Subject: Re: [xrootd/xrootd] Append signed Diffie-Hellman paramaters to the unsigned (#867)\n\u003e\n\u003e\n\u003e Could you un-comment the message\n\u003e\n\u003e std::cerr \u003c\u003c\"secgsi: proxy delegation forbidden when server does not provide signed DH parameter!\\n\"\n\u003e\n\u003e that indicates delegation was turned off. Without that message we will be chasing delegation problems for days. With the message we will immediately know why i didn't work. A small price to pay for a message.\n\u003e\n\u003e ÿÿ\n\u003e You are receiving this because you authored the thread.\n\u003e Reply to this email directly, view it on GitHub\u003chttps://github.com/xrootd/xrootd/pull/867#issuecomment-444758763\u003e, or mute the thread\u003chttps://github.com/notifications/unsubscribe-auth/AE9TAx0GnxSVZasMhNlzYdP8yc87QBAiks5u2LM-gaJpZM4ZByBZ\u003e.\n\u003e\n\u003e\n\u003e --\n\u003e You are receiving this because you commented.\n\u003e Reply to this email directly or view it on GitHub:\n\u003e https://github.com/xrootd/xrootd/pull/867#issuecomment-444762097\n\n‹\nYou are receiving this because you authored the thread.\nReply to this email directly, view it on GitHub\u003chttps://github.com/xrootd/xrootd/pull/867#issuecomment-444763403\u003e, or mute the thread\u003chttps://github.com/notifications/unsubscribe-auth/AE9TA766dhzeZ09r3hKt-AVze-XkGwGdks5u2LlxgaJpZM4ZByBZ\u003e.\n"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/867#issuecomment-444763714"}}}
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/pull/867#issuecomment-444763714",
"url": "https://github.com/xrootd/xrootd/pull/867#issuecomment-444763714",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
},
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Re: [xrootd/xrootd] Append signed Diffie-Hellman paramaters to the unsigned (#867)",
"sections": [
{
"text": "",
"activityTitle": "**Wei Yang**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@wyang007",
"facts": [
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 867,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close pull request",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"PullRequestClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"pullRequestId\": 867\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/pull/867#issuecomment-444763714"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 419897433\n}"
}
],
"themeColor": "26292E"
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
