Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace all instances of X509 identities presented in the legacy format #6182

Closed
dchristidis opened this issue Apr 14, 2023 · 0 comments · Fixed by #6195
Closed

Replace all instances of X509 identities presented in the legacy format #6182

dchristidis opened this issue Apr 14, 2023 · 0 comments · Fixed by #6195
Assignees
@dchristidis
Labels
Authentication & Authorisation enhancement feature
Milestone
32.0.0

Comments

@dchristidis
Copy link
Contributor

Description

Since release 1.30, Rucio fully supports both the legacy and the RFC-based format for X509 identities. This is configured using the LegacyDNStringFormat option of mod_ssl, see this comment for some additional details. By default, it is disabled, meaning that X509 identities must be stored in the RFC format.

However, all of the examples, testing and documentation still use the legacy format. This can be a source of confusion.

Motivation

Make the RFC-based format primary, without removing support for the legacy one.

Change

Replace all instances of X509 identities presented in the legacy format with the RFC-based one. Add a section in the documentation explaining the two formats, what Rucio supports, and how to choose between the two.
@dchristidis dchristidis self-assigned this Apr 14, 2023
@dchristidis dchristidis mentioned this issue Apr 14, 2023
Closed
dchristidis added a commit to dchristidis/rucio that referenced this issue Apr 26, 2023
@dchristidis
Replace all legacy-formatted X509 identities and use RFC format in te…
ec89f75 
…sts rucio#6182

This commit affects multiple components in different ways.

* Clients: examples in the help messages.
* Database: the default identity for the root account. This should be
      repalced anyway from the bootstrap section in rucio.cfg.
* Release management: placeholder values in the rucio.cfg templates.
* Testing: with the removal of OpenSSL’s LegacyDNStringFormat, tests are
      now done exclusively using the RFC-based format.

Note that the argument of `openssl req -subj` must continue to use the
legacy format.
@dchristidis dchristidis linked a pull request Apr 26, 2023 that will close this issue
Replace all legacy-formatted X509 identities #6182 #6195
Merged
bari12 pushed a commit that referenced this issue May 3, 2023
@dchristidis @bari12
Replace all legacy-formatted X509 identities and use RFC format in te…
1d54bff 
…sts #6182

This commit affects multiple components in different ways.

* Clients: examples in the help messages.
* Database: the default identity for the root account. This should be
      repalced anyway from the bootstrap section in rucio.cfg.
* Release management: placeholder values in the rucio.cfg templates.
* Testing: with the removal of OpenSSL’s LegacyDNStringFormat, tests are
      now done exclusively using the RFC-based format.

Note that the argument of `openssl req -subj` must continue to use the
legacy format.
@dchristidis dchristidis mentioned this issue May 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dchristidis dchristidis

Labels
Authentication & Authorisation enhancement feature
Projects
No open projects
Rucio 32 "The Good, The Bad and the Donkey" major release roadmap
Status: Done
Milestone
32.0.0
Development

Successfully merging a pull request may close this issue.

Replace all legacy-formatted X509 identities #6182 dchristidis/rucio
2 participants
@bari12 @dchristidis