-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS config and HTTP TPC #1323
Comments
Hi @wyang007 - Indeed, it looks like @abh3's overhaul of the OpenSSL handling inside XrdHttp for XRootD5 converted over almost everything to A quick grep reveals the following still refer to the old-style configs:
Brian |
That's already reported in #1248, but that report missed the sample config file ;-). |
Thanks Oliver. It looks like we lost track of it…
regards,
--
Wei Yang | yangw@slac.stanford.edu<mailto:yangw@slac.stanford.edu> | 650-926-3338(O)
On 11/9/20, 1:54 PM, "Oliver Freyermuth" <notifications@github.com<mailto:notifications@github.com>> wrote:
That's already reported in #1248<#1248>, but that report missed the sample config file ;-).
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1323 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABHVGA4F4LD57MV2JSMYQI3SPBQKLANCNFSM4TP4KOVA>.
|
Yes, we still recognize the old-style directives and honor them. If they
override teh new-style directives and you haven't indicated that it was
your intention to do so, a warning is issued to give you incentive to
change the config file. Otherwise, it should work as before.
Andy
…On Mon, 9 Nov 2020, Brian P Bockelman wrote:
Hi @wyang007 -
Indeed, it looks like @abh3's overhaul of the OpenSSL handling inside XrdHttp for XRootD5 converted over almost everything to `xrd.tlsca`.
A quick grep reveals the following still refer to the old-style configs:
- https://github.com/xrootd/xrootd/blob/master/src/XrdHttp/xrootd-http-rdr.cf#L14 (just a sample config file)
- https://github.com/xrootd/xrootd/blob/master/src/XrdTpc/XrdTpcConfigure.cc#L49 (the issue you note)
Brian
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#1323 (comment)
|
I don't think that's what @wyang007 was asking. He and Oliver are noting there is one place (https://github.com/xrootd/xrootd/blob/master/src/XrdTpc/XrdTpcConfigure.cc#L49) in the code that does not honor the new-style directives. It seems it was simply an oversight, probably because that source file is in a different directory? |
Ah, that is corerct. I did not pay attention to XrdTpc at all, especially
since it was changing often. The question is whether than should be
realigned for 5.0.3 or can wait for 5.1.0.
Andy
…On Mon, 9 Nov 2020, Brian P Bockelman wrote:
> Otherwise, it should work as before.
I don't think that's what @wyang007 was asking. He and Oliver are noting there is one place (https://github.com/xrootd/xrootd/blob/master/src/XrdTpc/XrdTpcConfigure.cc#L49) in the code that does not honor the new-style directives. It seems it was simply an oversight, probably because that source file is in a different directory?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#1323 (comment)
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|
I view this as a minor bug so 5.0.3 is preferred.
regards,
--
Wei Yang | yangw@slac.stanford.edu<mailto:yangw@slac.stanford.edu> | 650-926-3338(O)
On 11/9/20, 2:39 PM, "xrootd-dev" <notifications@github.com<mailto:notifications@github.com>> wrote:
Ah, that is corerct. I did not pay attention to XrdTpc at all, especially
since it was changing often. The question is whether than should be
realigned for 5.0.3 or can wait for 5.1.0.
Andy
|
In HTTP TPC, it seems I have to set http.cadir, and can't depend on "xrd.tlsca certdir" directive. This issue seems to only exist in HTTP TPC, not other HTTPs operations.
The text was updated successfully, but these errors were encountered: