using xrdcp 4.10.0 with two xrootd 5.0.0 servers.
With 1094, which is configured:
xrd.tls /etc/grid-security/xrootd/hostcert.pem /etc/grid-security/xrootd/hostkey.pem
xrd.tlsca noverify
xrootd.tls session
ofs.tpc fcreds ?gsi =X509_USER_PROXY logok pgm /usr/share/xrootd/v5.0.0/bin/xrdcp --server
sec.protocol gsi -cert:/etc/grid-security/xrootd/hostcert.pem -key:/etc/grid-security/xrootd/hostkey.pem -dlgpxy:1 -exppxy:=creds
the client fails the TLS handshake but keeps retrying (attached log).
With 1096, configured:
xrd.tls /etc/grid-security/xrootd/hostcert.pem /etc/grid-security/xrootd/hostkey.pem
xrd.tlsca certdir /etc/grid-security/certificates log failure
xrootd.tls login
sec.protocol unix
the client fails with a login failed (from the TLS handshake).
In both cases, the "capable" directive is not given, so TLS should be enforced.
Client logs:
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1