Print

Print

To the best of my knowledge, there's O(10) certificates that use DigiCert Grid CA in the US as most universities have an InCommon CA subscription. These are all host certificate so I'm fairly certain there's minimal risk to do a workaround here.

To avoid dropping it when the OpenSSL backend is in use, what if we simply sort any CRL with this particular OID set as critical to the of the list around here: https://github.com/xrootd/xrootd/blob/master/src/XrdTls/XrdTlsTempCA.cc#L188

I've got no interest in trying to redistribute system libraries... especially considering the enormous patch sets that RHEL runs on these.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/2065/1684316408@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/2065#issuecomment-1684316408", "url": "https://github.com/xrootd/xrootd/issues/2065#issuecomment-1684316408", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1