Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
The current way we generate the X.509 one-line subject for gridmap inputs is broken:
https://github.com/xrootd/xrootd/blob/master/src/XrdCrypto/XrdCryptosslAux.cc#L767
It takes the new-style defaults for DN generation (where RDNs are ", "-separated) and simply replaces ", " with "/" to generate the old-style.
This fails to work for DNs that contain a ", ". For example, here's a DN in the gridmap:
/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California, San Diego/CN=stashcache.t2.ucsd.edu
(Notice the ", " in "University of California, San Diego") To actually use this DN in a gridmap, one must do:
/DC=org/DC=incommon/C=US/ST=California/L=La Jolla/O=University of California/San Diego/CN=stashcache.t2.ucsd.edu
I think we'll need to implement our own "real" DN generation by iterating through the X509_NAME structure instead of just string munging.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1