@esindril commented on this pull request.
> - if (SecEntity.moninfo) free(SecEntity.moninfo);
- SecEntity.moninfo = X509_NAME_oneline(X509_get_subject_name(peer_cert), NULL, 0);
- TRACEI(DEBUG, " Subject name is : '" << SecEntity.moninfo << "'");
-
- mape = servGMap->dn2user(SecEntity.moninfo, bufname, sizeof(bufname), 0);
- if ( !mape ) {
- TRACEI(DEBUG, " Mapping name: " << SecEntity.moninfo << " --> " << bufname);
- if (SecEntity.name) free(SecEntity.name);
- SecEntity.name = strdup(bufname);
- }
- else {
- TRACEI(ALL, " Mapping name: " << SecEntity.moninfo << " Failed. err: " << mape);
- }
- }
-
+ if (!dn) {
Yes, for my plain simple certificate issued by the CERN GridCA the EEC was the CERN GridCA. There was only one certificate in the chain and this was the CA one. Also looking at the description of SSL_get_peer_cert_chain there is an explicit mentioning that one should use SSL_get_peer_certificate:
https://www.openssl.org/docs/man1.0.2/man3/SSL_get_peer_cert_chain.html
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1224#discussion_r445018147
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
