Print

Print

The EOSCTALHCb instance at CERN got plenty of HTTP transfers issues caused by an expired certificate.
Despite the fact that the certificate got renewed, the transfers were still failing with the same errors.
The XRootD server of EOSCTALHCb had to be restarted in order to solve the problem.

The XrdHttp protocol implemented in XRootD loads the certificate only at the XRootD server startup. It is not automatically renewed. Restarting all the EOS servers to update the certificate is not something feasible.

@ffurano suggests to modify the lines of code that gets the XrdHttpProtocol instance (https://github.com/xrootd/xrootd/blob/master/src/XrdHttp/XrdHttpProtocol.cc#L272) and add a check on the lifetime of it.
If that instance is older than X amount of time, we can re-call the InitTLS() method so that the certificate is re-loaded.

@abh3 you may for sure give your thoughts on this if you wish ;)


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/1678@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1678", "url": "https://github.com/xrootd/xrootd/issues/1678", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1