@abh3 commented on this pull request.

In src/XrdTls/XrdTlsTempCA.cc:

> @@ -198,11 +209,17 @@ CRLSet::processFile(file_smart_ptr &fp, const std::string &fname)
             return false;
         }
     }
+    if(!m_atLeastOneValidCRLFound)
+        m_atLeastOneValidCRLFound = atLeastOneValidCRLFound;

I think that if the current CRL file is replaced with a bad CRL file then, yes. It should be disabled. This is dynamic because the maintenance check tries to create a CRL file and if it fails then a) if the previous CRL file is still enforce then we need do nothing, or b) it gets replaced with a null file then we need top disable CRL checking. So, in the end it depends on the state the maintenance run leaves the CRL file (something I have not researched).


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1547#discussion_r759993478", "url": "https://github.com/xrootd/xrootd/pull/1547#discussion_r759993478", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1