Hi @riccardodimaria!
I'm fairly unfamiliar with this feature but would recommend against using it - you lose integrity checks and the cost for encryption is fairly minimal (it's in-hardware these days).
Could you post the output of curl
with the -v
option? That should dump the headers to stderr and illuminate the situation. Particularly, your redirected URL should contain a xrdhttptk
. You can redact the secrets in the output - I'm just looking for the presence of headers.
Also to verify - modern versions of curl
are supposed to drop the Authorization
header on redirect for obvious security reasons.
Finally:
since here was no cert, no "opaque" token was generated
The opaque token is not generated from the certificate but rather from the XrdSecEntity
object. The code appears to do some questionable items such as dump the credentials unencrypted into the URL. I don't understand that but it was done in 581b26b by @ffurano so he might have some insight.
Brian
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1