[Pgi-wg] TLS : OpenSSL and GSI implementations - gLite 3.2released today
weizhongqiang at gmail.com
Fri Mar 27 09:37:46 CDT 2009
On Fri, Mar 27, 2009 at 2:36 PM, Vincenzo Ciaschini <
vincenzo.ciaschini at cnaf.infn.it> wrote:
> Aleksandr Konstantinov wrote:
> > On Friday 27 March 2009 13:49, you wrote:
> >> Morris Riedel wrote:
> >>> OpenSSL Proxy-based TLSs are different from GSI-Proxy-based TLSs – as
> >>> far as I understood from my interop experiences and from our
> >> Actually, they are the same. You are thinking about legacy proxies,
> >> which are indeed different. However, from GT4 onward, RFC proxies
> >> (OpenSSL) proxies, are supported.
> > I think it was about wire protocol and not about proxies. AFAIK many of
> us have learned
> > from own experience that those are incompatible. At least as implemented
> by Globus.
> Well, yes and no.
> Assuming the proxies are not the problem, then you should be aware of
> the possibility of an extra message, "0" or "D" being sent from a GSI
> client immediately after the connection is successfully established.
> On the other hand, a GSI server expects this message after connection
> establishment, so a SSL client should send it.
> Specifying the SSL compatibility flag among the GSI option, this extra
> message should not be sent (modulo possible bugs)
That is a good news to know. I just also googled some information :
It would also be nice if voms server can support pure TLS compatibility, so
that the client (other than voms client like voms-proxy-init) that talks
voms protocol, while uses TLS instead of globus GSSAPI, can also
interoperate with voms server.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pgi-wg