Print

Print

@amadio commented on this pull request.

In src/XrdCrypto/XrdCryptosslgsiAux.cc:

> @@ -1423,3 +1423,16 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
    // Done
    return 0;
 }
+
+//____________________________________________________________________________
+const EVP_MD *XrdCryptosslSHAFun() {
+   //
+   // SHA function
+   // Default SHA-256, controlled by var XrdCryptoGSISHA
+   static const EVP_MD *sslSHAFun = 0;
+   if (!sslSHAFun) {
+      const char *_md = getenv("XrdCryptoGSISHA") ? getenv("XrdCryptoGSISHA") : "sha256";           
+      sslSHAFun = EVP_get_digestbyname(_md);

If the user passes a bad name, this will assign nullptr to sslSHAFun, which will probably cause trouble. We need to check that we get a non-null pointer from EVP_get_digestbyname and fallback to the default otherwise.

I was also thinking that if the only place where this is needed is in xrdgsiproxy, we could add an option on the command line, like -sig sha256 which would use a different signature than the default, but that can be done later.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/pull/1999/review/1388339069@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1999#pullrequestreview-1388339069", "url": "https://github.com/xrootd/xrootd/pull/1999#pullrequestreview-1388339069", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1