Hi @gganis!
@abh3 asked me to take a quick look at this. I don't have the time right now to do a thorough test so first impressions from reading the code:
XrdGSICREATEPROXY=1
and ask folks to turn it off?0
is used instead of nullptr
. They're effectively equivalent in this use case but I find nullptr
more explicit / modern styling.Item (2) seems relatively restrictive. Other clients, such as the traditional globus-*
ones, will cleanly fall back to the cert/key if a proxy isn't present, no?
I don't know the driving use case here but it seems this would be more familiar:
XrdSecGSICREATEPROXY=1
(default), a proxy is auto-generated from the cert/key pair if one is not found.XrdSecGSICREATEPROXY=0
, a proxy is used if present. Otherwise, the cert/key pair is used if present.Finally - what are the forward / backward compatibility concerns here? Can older servers handle a cert directly?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1