v3/v4 proxy cert change

diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES
index d1b6697..748af9e 100644 (file)
--- a/org.gridsite.core/CHANGES
+++ b/org.gridsite.core/CHANGES
@@ -1,3 +1,7 @@
+* Wed Jul 29 2009 Andrew McNab <Andrew.McNab@cern.ch>
+- When creating proxies with GRSTx509MakeProxyCert,
+  use 2=v3 rather than the old 3=v4 Globus behaviour.
+  See Bug #53721 from Joni Hahkala.
 * Fri Jul 23 2009 Andrew McNab <Andrew.McNab@cern.ch>
 - ==== GridSite version 1.7.5 ====
 * Thu Jul 23 2009 Andrew McNab <Andrew.McNab@cern.ch>

diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c
index 401b8e6..13038e4 100644 (file)
--- a/org.gridsite.core/src/grst_x509.c
+++ b/org.gridsite.core/src/grst_x509.c
@@ -1719,8 +1719,11 @@ int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp,
     }    
 
   /* set version number for the certificate (X509v3) and the serial number   
-     need 3 = v4 for GSI proxy?? */
-  if (X509_set_version(certs[0], 3L) != 1)
+     
+     We now use 2 = v3 for the GSI proxy, rather than the old Globus 
+     behaviour of 3 = v4. See Savannah Bug #53721 */
+     
+  if (X509_set_version(certs[0], 2L) != 1)
     {
       mpcerror(debugfp,
             "GRSTx509MakeProxyCert(): error setting certificate version\n");