@bbockelm commented on this pull request. > - if (SecEntity.moninfo) free(SecEntity.moninfo); - SecEntity.moninfo = X509_NAME_oneline(X509_get_subject_name(peer_cert), NULL, 0); - TRACEI(DEBUG, " Subject name is : '" << SecEntity.moninfo << "'"); - - mape = servGMap->dn2user(SecEntity.moninfo, bufname, sizeof(bufname), 0); - if ( !mape ) { - TRACEI(DEBUG, " Mapping name: " << SecEntity.moninfo << " --> " << bufname); - if (SecEntity.name) free(SecEntity.name); - SecEntity.name = strdup(bufname); - } - else { - TRACEI(ALL, " Mapping name: " << SecEntity.moninfo << " Failed. err: " << mape); - } - } - + if (!dn) { Is falling back to OpenSSL safe/reasonable? That is, is there a setup where a peer certificate is available and works but the `XrdCrypto` library doesn't? I mention this because this code will definitely do the wrong thing for proxies. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1224#pullrequestreview-436663972 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1