Hi,

        We have access to a host whose certificate has a bit of an
unconventional DN

/C=IT/O=INFN/OU=datagrid-
UI/L=Pisa/CN=grid003.pi.infn.it/EMAIL=livio.salconi@pi.infn.it

When using the CoG ftp module, we get the following error:

> Expected target subject name="/CN=host/grid003.pi.infn.it"
> Target returned subject name=
"/C=IT/O=INFN/OU=datagrid-
UI/L=Pisa/CN=grid003.pi.infn.it/EMAIL=livio.salconi@pi.infn.it"

The C globus client tools accept this DN with an EMAIL postfix just fine.
Looking at the HostAuthorization.java file, it seems to assume that DNs end
with the common name (CN).  I'm not sure if this is a good solution, but I've
modified the HostAuthorization file to search for the CN in the DN (in the case
it's not at the end of the DN).
 
   public void authorize(X509Certificate [] chain, Socket socket)
        throws AuthorizationException {
       ...
 63       String fqdn = null;
 64       String dnname = chain[0].getSubjectDN().getName();
 65
 66       // hack to get around certificates with EMAIL postfixes (like INFN)
 67       int cnindex = dnname.toUpperCase().indexOf( "CN=" );
 68       String cnname = dnname.substring( cnindex );
 69
 70       fqdn = cnname.substring(3, cnname.indexOf(","));


I made this change for our purpose since there doesn't seems to be any way to 
specify a host DN in the ftp api (i.e., like there is for gram).

Thanks,
Shava


------- Additional Comments From Jarek Gawor 2002-11-01 02:34 -------

The code was modified to search for the first CN= RDN as described.