-
Hello, When we use DIRACOS2 2.36, we have an error with voms-proxy-init as follows
Curiously it works with our the other VOMS server at DESY
With previous DIRACOS2 using OpenSSL 1.1.1s, both voms-proxy-init work. I wonder if we are able to configure OpenSSL3 to accept SHA-1 certificate assuming the cause, but my attempts are failing... (perhaps it should be done during the DIRACOS2 build?) Following Chris's comment during BiLD, I gave various bit lengths, 512/1024/2048/4096, then the first failed with segmentation fault, and the rest failed with the AC verification, unfortunately (1024-4096 succeed with previous DIRACOS2). We'd appreciate it if you could kindly advise us anything to resolve the issue, and/or your experience with VOMS server issuing SHA-1 CA certificate, if you have. Best Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 3 replies
-
Maybe running the |
Beta Was this translation helpful? Give feedback.
-
Thanks, tried that, but verbosity for AC verification is not changed...
|
Beta Was this translation helpful? Give feedback.
-
Follow-up Our colleague at KEK computing center found a solution. [voms-clients-cpp]
[voms-clients-java]
So still I'm not sure what prevents from AC verification at cpp client, it might be a clue that java client can avoid the issue... |
Beta Was this translation helpful? Give feedback.
-
could be related to the discussion from xrootd/xrootd#2150 |
Beta Was this translation helpful? Give feedback.
I had missed your answer and the same thing just occurred to me ! It indeed seems likely