globus worries
Robert Olson
olson at mcs.anl.gov
Wed Feb 4 11:09:04 CST 2004
Here's the deal.
The libeay32.lib and ssleay32.lib in the WinGlobus CVS repo are version
0.9.6i; apparently versions later than the recommended 0.9.6c appear to
work fine, until you start trying to use encrypted channels.
I found the problem that caused authentication failures with later openssl
versions (the actually weren't authentication failures; they started out
having a much more appropriate error message but that message got
overwritten in the globus code); however, there are further
incompatibilities that I couldn't track down in the time I spent looking.
Given that we're hopefully moving away from this soon, and that the linux
gt2.0 also uses 0.9.6c, I think we're best off just putting 0.9.6c libs
back into cvs and redistributing a pyGlobus built from them.
This is good incentive for folks to move to the 2.4-based AG; looks like
there are a lot of potential buffer-overrun exploits in older openssl.
We need to decide if we want to enable encrypted channels on our servers,
and break compatibility with folks that are not using an updated pyGlobus.
--bob
More information about the ag-dev
mailing list