 |
 |
@abh3 Quoting @bbockelm : > * This ticket is caused because the session cache is not disabled in `XrdHttp`. `XrdLCMAPS` does this when it is loaded. > > * #750 is caused because the `SSL_CTX` object is loaded at initialization by `XrdHttp` and a corresponding `X509_STORE` is never refreshed. The `X509_STORE` pointer is passed from `XrdHttp` to the VOMS library and things blow up when VOMS attempts the CRL check (note the error message from #750 is from `libvomsapi`, not OpenSSL). `XrdLCMAPS` isn't affected because it doesn't use `XrdHttp`'s `X509_STORE` object periodically reloads its `X509_STORE` objects every 10 minutes (it also gets a bit clever in that is hashes the activity over 63 copies of the cert store so multiple threads don't have to share a single global mutex). On the first point, I think the main thing is that `XrdHTTP` should probably ensure the session handling works as expected. Whether that is "solved" by disabling it, or by fixing it in some way as @ffurano proposed, the plugins should be able to access the SSL chain for a client with a verified connection. Modifying `SSL_CTX` at the plugin level (as `XrdLCMAPS` does it) will of course also fix things, but does not seem right. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1177#issuecomment-613328225 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1