The changes made in https://rb.dcache.org/r/13229/ silently affected the way the TLS requirements of
the source server are determined for the third-party-client.
Since we no longer require any of those special properties to be set when the mode is STRICT, the client now thinks that the endpoint for the source does not support TLS (because when all those properties are false, the mode is set to NONE, which is now incorrect behavior).
Modification:
Deduce the server mode from the two CGI values
for kXR_haveTLS and kXR_gotoTLS.
Result:
Correct TPC client behavior regarding the
establishment of a secure connection.
Motivation:
The changes made in https://rb.dcache.org/r/13229/ silently affected the way the TLS requirements of the source server are determined for the third-party-client.
Since we no longer require any of those special properties to be set when the mode is STRICT, the client now thinks that the endpoint for the source does not support TLS (because when all those properties are false, the mode is set to NONE, which is now incorrect behavior).
Modification:
Deduce the server mode from the two CGI values for
kXR_haveTLSandkXR_gotoTLS.Result:
Correct TPC client behavior regarding the establishment of a secure connection.
Will require update of the libraries in dCache.
Target: master Request: 4.5 Request: 4.4 Request: 4.3 Requires-notes: yes Patch: https://rb.dcache.org/r/13925/ Acked-by: Tigran