 |
 |
Update from the GGUS ticket -- when NSS iterates through the directory, if `readdir` returns the KEK CRL file before the CA file, it triggers some internal NSS issue resulting in the above error message. Since the CRLs are ignored anyway by the CA parsing code, there's a simple workaround to aggregate all the unique CAs into a directory and point XrdHTTP at that instead. This seems to be somewhat unique to the KEK CA. It's not clear why this is - but I'd note the KEK CA is a rare one without an intermediate CA. Certainly if it affected all CAs, we would have noticed this previously -- there's about a 50/50 chance this occurs as directory ordering is random. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1429#issuecomment-801172692 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1