The issue here is understood. From a historical perspective, RFC2818 does not require that wildcard entries in a certificate be supported. Additionally, RFC6125 deprecates wildcard certificates due to security consideration (that RFC is widely ignored for obvious reasons). Both however make it clear that wildcards are purely optional. Of course, it's understood that wildcard support in our environment is important. The solution for this, unfortunately,will likely wait for R5 as that's when we introduce TLS and that implementation supports wildcard certs. So, it would be only a matter of using that cert checking code for GSI. Some repackaging would be needed but it's not onerous.

My understanding is that you may have a temporary workaround. If that workaround doesn't work we will revisit the schedule.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1055?email_source=notifications\u0026email_token=AA7NRDU7EYX5FH5QV65MOXDQJPVEXA5CNFSM4IWPZQKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6WAVSA#issuecomment-531368648", "url": "https://github.com/xrootd/xrootd/issues/1055?email_source=notifications\u0026email_token=AA7NRDU7EYX5FH5QV65MOXDQJPVEXA5CNFSM4IWPZQKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6WAVSA#issuecomment-531368648", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1