Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
thanks again Jaime. What you just wrote matches my memory. But we
did not
thought it worth reporting since submission to 25.3.0 AP's solved.
For historical reasons our current server is built on top of
python 3.8 debian image
which has
`OpenSSL 1.1.1n 15 Mar 2022 (Library: OpenSSL 1.1.1w 11 Sep
2023)`
But we are looking into moving to alma9 image for other reasons.
So if you think
of looking at OpenSSL 1.1 vs. htcondor, do not do it for us !
Of course we'd love to complete the move to v2 API.
Stefano
The important versions are the OpenSSL version of the sender and the HTCondor version of the receiver.The receiver creates a Certificate Signing Request (CSR) that the sender signs with the proxyâs key. Older HTCondor versions set the parameters of the CSR in a way that newer OpenSSL versions refuse to sign. So Stefano is correct that this bug shouldnât trigger if the submitter has an older OpenSSL.
If your submitter has an older OpenSSL, that suggests there may be another bug that we need to investigate once we fix the bugs you encountered in the v2 bindings.- Jaime