@bbockelm commented on this pull request.

In src/XrdHttp/XrdHttpProtocol.cc:

> -        if (SecEntity.moninfo) free(SecEntity.moninfo);
-        SecEntity.moninfo = X509_NAME_oneline(X509_get_subject_name(peer_cert), NULL, 0);
-        TRACEI(DEBUG, " Subject name is : '" << SecEntity.moninfo << "'");
-        
-        mape = servGMap->dn2user(SecEntity.moninfo, bufname, sizeof(bufname), 0);
-        if ( !mape ) {
-          TRACEI(DEBUG, " Mapping name: " << SecEntity.moninfo << " --> " << bufname);
-          if (SecEntity.name) free(SecEntity.name);
-          SecEntity.name = strdup(bufname);
-        }
-        else {
-          TRACEI(ALL, " Mapping name: " << SecEntity.moninfo << " Failed. err: " << mape);
-        }
-      }
-      
+  if (!dn) {

Is falling back to OpenSSL safe/reasonable? That is, is there a setup where a peer certificate is available and works but the XrdCrypto library doesn't?

I mention this because this code will definitely do the wrong thing for proxies.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1224#pullrequestreview-436663972", "url": "https://github.com/xrootd/xrootd/pull/1224#pullrequestreview-436663972", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1