You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since release 1.30, Rucio fully supports both the legacy and the RFC-based format for X509 identities. This is configured using the LegacyDNStringFormat option of mod_ssl, see this comment for some additional details. By default, it is disabled, meaning that X509 identities must be stored in the RFC format.
However, all of the examples, testing and documentation still use the legacy format. This can be a source of confusion.
Motivation
Make the RFC-based format primary, without removing support for the legacy one.
Change
Replace all instances of X509 identities presented in the legacy format with the RFC-based one. Add a section in the documentation explaining the two formats, what Rucio supports, and how to choose between the two.
The text was updated successfully, but these errors were encountered:
…sts rucio#6182
This commit affects multiple components in different ways.
* Clients: examples in the help messages.
* Database: the default identity for the root account. This should be
repalced anyway from the bootstrap section in rucio.cfg.
* Release management: placeholder values in the rucio.cfg templates.
* Testing: with the removal of OpenSSL’s LegacyDNStringFormat, tests are
now done exclusively using the RFC-based format.
Note that the argument of `openssl req -subj` must continue to use the
legacy format.
…sts #6182
This commit affects multiple components in different ways.
* Clients: examples in the help messages.
* Database: the default identity for the root account. This should be
repalced anyway from the bootstrap section in rucio.cfg.
* Release management: placeholder values in the rucio.cfg templates.
* Testing: with the removal of OpenSSL’s LegacyDNStringFormat, tests are
now done exclusively using the RFC-based format.
Note that the argument of `openssl req -subj` must continue to use the
legacy format.
Description
Since release 1.30, Rucio fully supports both the legacy and the RFC-based format for X509 identities. This is configured using the
LegacyDNStringFormat
option ofmod_ssl
, see this comment for some additional details. By default, it is disabled, meaning that X509 identities must be stored in the RFC format.However, all of the examples, testing and documentation still use the legacy format. This can be a source of confusion.
Motivation
Make the RFC-based format primary, without removing support for the legacy one.
Change
Replace all instances of X509 identities presented in the legacy format with the RFC-based one. Add a section in the documentation explaining the two formats, what Rucio supports, and how to choose between the two.
The text was updated successfully, but these errors were encountered: