Hi Sam, all,
> We've recently been testing a new disk server, and spent a while trying to debug a curious
> issue with its edg-mkgridmap.
>
> When contacting
> https://voms.hellasgrid.gr:8443/voms/dteam/services/VOMSCompatibility?method=getGridmapUsers&container=%2Fdteam (which
> should work for the dteam VO - certainly, the url works in a web browser) for the dteam
> user list, edg-mkgridmap throws
>
> Can't connect to voms.hellasgrid.gr:8443 <http://voms.hellasgrid.gr:8443> (SSL connect
> attempt failed because of handshake problemserror:00000000:lib(0):func(0):reason(0))
>
>
> This works perfectly on another disk server configured only a week previously.
>
> As far as we can tell, the only difference is that the new disk server is Centos 6.8,
> while the "older" one is Centos 6.7.
>
> I see from the release notes that 6.8 makes some security changes to SSL (disabling SSLv2
> totally, and defaulting to TLS1.2, for example), and I'm wondering if this is causing
> problems with the hellasgrid voms server?
Fortunately we had already created edg-mkgridmap-4.0.3 last year
to deal with security-related library changes on CentOS/EL7 and
it turns out to work fine on CentOS/EL 6.8 as well, hooray! :-)
As the code of v4.0.3 also is backward-compatible (even with SL5),
I dared putting that version into the WLCG repo on Fri night:
http://linuxsoft.cern.ch/wlcg/sl6/x86_64/
I did a quick check to ensure it still works OK on 6.7 as well.
We will arrange for EPEL6 to get updated ASAP.
|