Project

General

Profile

Feature #2806

Handle Condor host certificate DNS name validation

Added by John Weigand about 7 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
Parag Mhashilkar
Category:
-
Target version:
Start date:
07/02/2012
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

In a not-yet-released version of Condor, support is being added to
validate that the hostname in the server's certificate matches the
DNS name of the server. Detail can be seen here:
https://condor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1605

This feature was required in Condor to support Condor-C.

The current glideinWMS installer does not support this feature
and if this version of Condor is deployed, it will cause failed
DNS lookups, thereby causing the VOFrontend to not contact the factory
as documented in goc ticket 12322:
https://ticket.grid.iu.edu/goc/12322

The work-around solution for this problem is to add this to the condor config:
GSI_SKIP_HOST_CHECK=true

Documentation requires changing. Questions on this:
1. Trouble shooting guide only?
2. Main condor config attributes for all Condor instances?
Or just the VOFrontend client?
3. Is this version specific?

Installer changes required:
1. By default set to disabled?
2. Only provide the GSI_SKIP_HOST_CHECK=False or also provide the
SSL_SKIP_HOST_CHECK=False as well?
3. All Condor instances or just VOFrontend client?
If just the VOFrontend client, should this be user changeable or
should this be one of the "hard-coded" attributes created on
a 'create' or 'reconfig'?
4. Is this version specific or can it be added prior to the release
of Condor with this feature?

History

#1 Updated by John Weigand about 7 years ago

Just a note on this from a separate thread.
Per Derek, this was committed to the Condor 7.9.0 branch
whenever that is released.

John Weigand

#2 Updated by Burt Holzman almost 7 years ago

  • Assignee set to Burt Holzman

#3 Updated by Burt Holzman over 6 years ago

  • Target version set to v3_1

#4 Updated by Burt Holzman over 6 years ago

  • Target version changed from v3_1 to v2_7_x

Moving to 2.7 -- this can potentially affect any version since it's tied to Condor 7.9.

#5 Updated by Igor Sfiligoi over 5 years ago

What's the status of this?

#6 Updated by Parag Mhashilkar over 3 years ago

  • Assignee changed from Burt Holzman to Parag Mhashilkar
  • Target version changed from v2_7_x to v3_x


Also available in: Atom PDF