@bbockelm is this issue also related to the issue reported here? https://opensciencegrid.atlassian.net/browse/SOFTWARE-3454 I was about to submit another ticket on this but thought maybe they are related. -- Wei Yang | [log in to unmask]<mailto:[log in to unmask]> | 650-926-3338(O) From: Brian P Bockelman <[log in to unmask]> Reply-To: xrootd/xrootd <[log in to unmask]> Date: Monday, April 13, 2020 at 1:25 PM To: xrootd/xrootd <[log in to unmask]> Cc: Wei Yang <[log in to unmask]>, Mention <[log in to unmask]> Subject: Re: [xrootd/xrootd] Spurious XrdHttp authentication failures on manager node (#1177) @wyang007<https://github.com/wyang007> - you could reasonably argue that this and #750<https://github.com/xrootd/xrootd/issues/750> are really issues with XrdHttp that are bypassed by XrdLCMAPS. * This ticket is caused because the session cache is not disabled in XrdHttp. XrdLCMAPS does this when it is loaded. * #750<https://github.com/xrootd/xrootd/issues/750> is caused because the SSL_CTX object is loaded at initialization by XrdHttp and a corresponding X509_STORE is never refreshed. The X509_STORE pointer is passed from XrdHttp to the VOMS library and things blow up when VOMS attempts the CRL check (note the error message from #750<https://github.com/xrootd/xrootd/issues/750> is from libvomsapi, not OpenSSL). XrdLCMAPS isn't affected because it doesn't use XrdHttp's X509_STORE object periodically reloads its X509_STORE objects every 10 minutes (it also gets a bit clever in that is hashes the activity over 63 copies of the cert store so multiple threads don't have to share a single global mutex). — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/issues/1177#issuecomment-613080475>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABHVGA4HRAXHZZOOJLYKRCDRMNYJ3ANCNFSM4MG7LP2A>. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1177#issuecomment-613082791 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1