RFC 2818 compliance

[jbasney]

Is JGlobus compatible with https://docs.globus.org/security-bulletins/2015-12-strict-mode? I just received the following error message that I think indicates JGlobus is not doing the required subjectAltName checking:

Authentication failed. Caused by Failure unspecified at GSS-API level. Caused by GSSException: Operation unauthorized (Mechanism level: [JGLOBUS-56] Authorization failed. Expected "/CN=host/140.221.68.253" target but received "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=dtn11.alcf.anl.gov")
at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:1079)
at org.globus.ftp.extended.GridFTPControlChannel.authenticate(GridFTPControlChannel.java:209)
at stork.module.CooperativeModule$ControlChannel.<init>(CooperativeModule.java:248)
at stork.module.CooperativeModule$ChannelPair.<init>(CooperativeModule.java:458)
at stork.module.CooperativeModule$StorkFTPClient.<init>(CooperativeModule.java:946)
at stork.module.CooperativeModule$GridFTPTransfer.process(CooperativeModule.java:1336)
at stork.module.CooperativeModule$GridFTPTransfer.run(CooperativeModule.java:1679)
at java.lang.Thread.run(Thread.java:745)

[bbockelm]

Hi Jim,

To the best of my knowledge, jglobus is not RFC 2818 compatible. I recall someone opening a ticket about starting down the path of supporting subjectAltName, but don't recall anything past discussions.

Brian