@wyang007 - you could reasonably argue that this and #750 are really issues with XrdHttp
that are bypassed by XrdLCMAPS
.
XrdHttp
. XrdLCMAPS
does this when it is loaded.SSL_CTX
object is loaded at initialization by XrdHttp
and a corresponding X509_STORE
is never refreshed. The X509_STORE
pointer is passed from XrdHttp
to the VOMS library and things blow up when VOMS attempts the CRL check (note the error message from #750 is from libvomsapi
, not OpenSSL). XrdLCMAPS
isn't affected because it doesn't use XrdHttp
's X509_STORE
object periodically reloads its X509_STORE
objects every 10 minutes (it also gets a bit clever in that is hashes the activity over 63 copies of the cert store so multiple threads don't have to share a single global mutex).—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1