-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SubjectHash() returns hash.0 #464
Conversation
So, this reverts the previous commit be89136, right? |
No it is not a reversal! Not at all! That commit is important to make things work, without it things were broken. However, when i wrote that commit it was not clear to me that the SubjectHash() method did in fact add ".0" to the hash. In the old code, the comparison of the return value from SubjectHash() was sometimes done against the string with the ".0" and sometimes against the string without the ".0" depending on the input data, and it was not obvious when the code was doing the right thing and when it was doing the wrong thing. After the previous commit the comparison was always done against the string without the ".0" (since this was to me the most obvious meaning of the SubjectHash() method name - which was not correct). The important part of the previous commit was to do the same thing irrespectively whether the input data has the ".0" at the end or not, and it achieved that. And that is what made things work. The part with the comparison is usually not very crucial since it decides which of the two files should be used for the parent certificate, and normally both are present. The important parts of the previous commit are the parts that are not touched by this one. |
Hi Mattias, |
I don't think it is a good idea to make some ATLAS data unavailable, even if it is located on an old server. The previous version of the client worked with this server so for many that would be a regression and a reason not to update. The xrootd server is, as far as I know, not the only software that implements the xrootd server interface. Have you checked what other implementations have been doing? Does the protocol specification specify that the ".0" is mandatory? The client has until know accepted the hash without the ".0", so those implementing the server protocol might not be aware. |
Well, it is not reverting this patch that makes ATLAS data unavailable. Fixing #465 puts makes 4.5.0 and stable-4.6.x behaving exactly the same for what relates to loading-a-CRL-for-an-hash-without-.0 . |
Not needed after reversion of patch be89136 . |
XrdCryptoX509::SubjectHash() returns the hash followed by ".0", so make the proper comparison.