Adding support for pure cert/key authentication. Client controls this mode via XrdSecGSICREATEPROXY: 1. If XrdSecGSICREATEPROXY=1 (default), a proxy is auto-generated from the cert/key pair if one is not found. 2. If XrdSecGSICREATEPROXY=0, a proxy is used if present. Otherwise, the cert/key pair is used if present (no proxy). This is mostly meant, on the server side, for pass-less authentication, possible when the key file is pass-less. NB1: if the key-file is pass-less and XrdSecGSICREATEPROXY = 1 (default) authentication still works with the usual protocol, i.e. creating a proxy and using that for the handshake. Setting XrdSecGSICREATEPROXY = 0 avoids those additional steps. NB2: Forward / backward compatibility is obtained by enabling the cert/pair mechanism only for versions supporting it You can view, comment on, or merge this pull request online at: https://github.com/xrootd/xrootd/pull/1561 -- Commit Summary -- * Add support for reading the private key from a separate file * Add support for pure cert/key authentication (no proxy) * Reverse logic, 'no proxy' to 'create proxy' (see comments to PR#1493) * Increase version and add version check -- File Changes -- M src/XrdCrypto/XrdCryptoFactory.hh (2) M src/XrdCrypto/XrdCryptosslAux.cc (20) M src/XrdCrypto/XrdCryptosslAux.hh (4) M src/XrdSecgsi/XrdSecProtocolgsi.cc (69) M src/XrdSecgsi/XrdSecProtocolgsi.hh (11) M src/XrdSecgsi/XrdSecgsiProxy.cc (2) M src/XrdSecgsi/XrdSecgsitest.cc (2) -- Patch Links -- https://github.com/xrootd/xrootd/pull/1561.patch https://github.com/xrootd/xrootd/pull/1561.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1561 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1