On Fri, Mar 27, 2009 at 2:36 PM, Vincenzo Ciaschini < vincenzo.ciaschini@cnaf.infn.it> wrote:
Aleksandr Konstantinov wrote:
On Friday 27 March 2009 13:49, you wrote:
Morris Riedel wrote:
OpenSSL Proxy-based TLSs are different from GSI-Proxy-based TLSs – as far as I understood from my interop experiences and from our conversations. Actually, they are the same. You are thinking about legacy proxies, which are indeed different. However, from GT4 onward, RFC proxies (OpenSSL) proxies, are supported.
I think it was about wire protocol and not about proxies. AFAIK many of us have learned from own experience that those are incompatible. At least as implemented by Globus. Well, yes and no.
Assuming the proxies are not the problem, then you should be aware of the possibility of an extra message, "0" or "D" being sent from a GSI client immediately after the connection is successfully established.
On the other hand, a GSI server expects this message after connection establishment, so a SSL client should send it.
Specifying the SSL compatibility flag among the GSI option, this extra message should not be sent (modulo possible bugs)
That is a good news to know. I just also googled some information : http://bugzilla.globus.org/globus/show_bug.cgi?id=3036 It would also be nice if voms server can support pure TLS compatibility, so that the client (other than voms client like voms-proxy-init) that talks voms protocol, while uses TLS instead of globus GSSAPI, can also interoperate with voms server. Weizhong Qiang
Ciao, Vincenzo