Hi Bockjoo,

Thank you for reporting this problem and sorry for the late response.

Indeed there used to be a bug until 5.3.1 in the VectorRead implementation that made it not workable with TLS. It has been fixed in 5.4.0 in the following patch:
https://github.com/xrootd/xrootd/commit/38180cc51af29b7209b1d4af2820c8ce3bf133b0

Cheers,
Michal

On 9 Feb 2022, at 16:55, Bockjoo Kim <[log in to unmask]> wrote:

I built the xrootd out of xrootd github to use it as the CMSSW_12_3_0_pre4 external.
With this one, CMSSW reading an xrootd file worked fine with the x509 and the token.
So 5.3.1 has the problem with TLS.

Bockjoo

On 2/8/22 14:34, Bockjoo Kim wrote:
Hi,

I am testing the CMS framework, CMSSW_12_3_0_pre4, with the xrootd 5.3.1 as the external library.

When I configured tls in the xrootd server like so:

xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem
xrd.tlsca certdir /etc/grid-security/certificates
xrootd.tls capable all
sec.protocol /usr/lib64 ztn

to test token with the CMSSW_12_3_0_pre4, the x509 authorization also gets stuck in the readv (Vector Read) of the root file on the xrootd server:

%MSG-w XrdAdaptorInternal:  AfterFile 08-Feb-2022 12:51:22 EST pre-events
Bockjoo readv IOPosBuffer before readv_result.first.get()  0
%MSG
[2022-02-08 12:54:23.117531 -0500][Error  ][XRootD            ][2571135] [cmsio2.rc.ufl.edu:1094] Unable to get the response to request kXR_readv (handle: 0x00000000, chunks: 2, total size: 224380)

So, I can not even test the token.

If I turn off the TLS configuration in the xrootd server, reading the root file on the xrootd server works fine with the x509 authorization.

By the way xrdcp from xrootd 5.3.1 in the CMSSW_12_3_0_pre4 works without the readv issue with the TLS configuration on the server:

[bockjoo@cms runAnalysis]$ which xrdcp
/opt/cms/services/aaa/CMSSWTokenTest/CMSSW_12_3_0_pre3/external/slc7_amd64_gcc10/bin/xrdcp
[bockjoo@cms runAnalysis]$ xrdcp -d 1 -f root://cmsio2.rc.ufl.edu//store/mc/RunIIAutumn18MiniAOD/ZToMuMu_NNPDF31_13TeV-powheg_M_4500_6000/MINIAODSIM/102X_upgrade2018_realistic_v15-v2/120000/CFAA5B09-4746-594F-9B1C-5F415F673C4E_Florida.root /dev/null
[2022-02-08 14:31:42.233334 -0500][Info   ][AsyncSock         ] [cmsio2.rc.ufl.edu:1094.0] TLS hand-shake done.
[144MB/378.8MB][ 38%][===================>                              ][144MB/s][378.8MB/378.8MB][100%][==================================================][378.8MB/s]  [2022-02-08 14:31:43.488218 -0500][Error  ][PostMaster        ] Unable to get transport handler for file protocol
[378.8MB/378.8MB][100%][==================================================][378.8MB/s]  

Will xrootd 5.4 client help with the issue with the TLS configured xrootd server?

Why is the readv behaving differently with the TLS configuration?

Thanks,

Bockjoo


On 1/13/22 15:33, Bockjoo Kim wrote:
Hi,

I am testing a token that I requested.

How do I send a token using the xrdcp command or any xrd* command?

Thanks,

Bockjoo

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1


Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1