LISTSERV 16.5 - XROOTD-DEV Archives

@bbockelm is this issue also related to the issue reported here? https://opensciencegrid.atlassian.net/browse/SOFTWARE-3454

I was about to submit another ticket on this but thought maybe they are related.

--
Wei Yang  |  [log in to unmask]<mailto:[log in to unmask]>  |  650-926-3338(O)

From: Brian P Bockelman <[log in to unmask]>
Reply-To: xrootd/xrootd <[log in to unmask]>
Date: Monday, April 13, 2020 at 1:25 PM
To: xrootd/xrootd <[log in to unmask]>
Cc: Wei Yang <[log in to unmask]>, Mention <[log in to unmask]>
Subject: Re: [xrootd/xrootd] Spurious XrdHttp authentication failures on manager node (#1177)


@wyang007<https://github.com/wyang007> - you could reasonably argue that this and #750<https://github.com/xrootd/xrootd/issues/750> are really issues with XrdHttp that are bypassed by XrdLCMAPS.

  *   This ticket is caused because the session cache is not disabled in XrdHttp. XrdLCMAPS does this when it is loaded.
  *   #750<https://github.com/xrootd/xrootd/issues/750> is caused because the SSL_CTX object is loaded at initialization by XrdHttp and a corresponding X509_STORE is never refreshed. The X509_STORE pointer is passed from XrdHttp to the VOMS library and things blow up when VOMS attempts the CRL check (note the error message from #750<https://github.com/xrootd/xrootd/issues/750> is from libvomsapi, not OpenSSL). XrdLCMAPS isn't affected because it doesn't use XrdHttp's X509_STORE object periodically reloads its X509_STORE objects every 10 minutes (it also gets a bit clever in that is hashes the activity over 63 copies of the cert store so multiple threads don't have to share a single global mutex).

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://github.com/xrootd/xrootd/issues/1177#issuecomment-613080475>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABHVGA4HRAXHZZOOJLYKRCDRMNYJ3ANCNFSM4MG7LP2A>.


-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/1177#issuecomment-613082791
########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1