From: Andrew McNab Date: Wed, 29 Jul 2009 09:05:04 +0000 (+0000) Subject: v3/v4 proxy cert change X-Git-Tag: gridsite-core_R_1_7_5~1 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=d7b8ed36d8bd022172ee71a3ee791030bb112a59;p=jra1mw.git v3/v4 proxy cert change --- diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES index d1b6697..748af9e 100644 --- a/org.gridsite.core/CHANGES +++ b/org.gridsite.core/CHANGES @@ -1,3 +1,7 @@ +* Wed Jul 29 2009 Andrew McNab +- When creating proxies with GRSTx509MakeProxyCert, + use 2=v3 rather than the old 3=v4 Globus behaviour. + See Bug #53721 from Joni Hahkala. * Fri Jul 23 2009 Andrew McNab - ==== GridSite version 1.7.5 ==== * Thu Jul 23 2009 Andrew McNab diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index 401b8e6..13038e4 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -1719,8 +1719,11 @@ int GRSTx509MakeProxyCert(char **proxychain, FILE *debugfp, } /* set version number for the certificate (X509v3) and the serial number - need 3 = v4 for GSI proxy?? */ - if (X509_set_version(certs[0], 3L) != 1) + + We now use 2 = v3 for the GSI proxy, rather than the old Globus + behaviour of 3 = v4. See Savannah Bug #53721 */ + + if (X509_set_version(certs[0], 2L) != 1) { mpcerror(debugfp, "GRSTx509MakeProxyCert(): error setting certificate version\n");