Difference between revisions of "Funny Curly things"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 3: Line 3:
 
The <tt>curl</tt> tool is sometimes very handy to query grid services. For example, you can use <tt>curl</tt> to query the status of grid jobs, and in theory you could even submit a grid job using <tt>curl</tt>.
 
The <tt>curl</tt> tool is sometimes very handy to query grid services. For example, you can use <tt>curl</tt> to query the status of grid jobs, and in theory you could even submit a grid job using <tt>curl</tt>.
  
Starting with Fedora 12, RedHat has decided to change the way <tt>curl</tt> is built by default. As Fedora 12 is the 'baseline' for RedHat Enterprise Linux 6, this also affects the <tt>curl</tt> command in RHEL6, CentOS6 and Scientific Linux 6. In the past, <tt>curl</tt> was built and linked using the OpenSSL libraries. With Fedora 12+/RHEL6+, <tt>curl</tt> is now built and linked using the NSS library. This has an impact on you can use <tt>curl</tt> to query different grid services.
+
Starting with Fedora 12, RedHat has decided to change the way <tt>curl</tt> is built by default. As Fedora 12 is the 'baseline' for RedHat Enterprise Linux 6, this also affects the <tt>curl</tt> command in RHEL6, CentOS6 and Scientific Linux 6. In the past, <tt>curl</tt> was built and linked using the OpenSSL libraries. With Fedora 12+/RHEL6+, <tt>curl</tt> is now built and linked using the NSS library. This has an impact on how you can use <tt>curl</tt> to query different grid services.
  
 
The problem does not apply to grid services only, every site that requires a client-side certificate '''chain''', that is, the client needs to present both a certificate and an intermediary key, is affected.
 
The problem does not apply to grid services only, every site that requires a client-side certificate '''chain''', that is, the client needs to present both a certificate and an intermediary key, is affected.
+
 
 +
This page is the result of a comparison of the different SSL libraries that <tt>curl</tt> can be built against. The following SSL libraries were tested, using '''curl-7.22.0''', which was the latest and greatest version of <tt>curl</tt> at the time of writing:
 +
* OpenSSL 1.0.0d
 +
* NSS 3.12.10
 +
* GnuTLS 2.8.6
 +
* PolarSSL 0.14.3
 +
 
 
==VOMS Role==
 
==VOMS Role==
 
The HEP VOs have an SGM role, usually of the form
 
The HEP VOs have an SGM role, usually of the form

Revision as of 13:47, 21 September 2011

Introduction

The curl tool is sometimes very handy to query grid services. For example, you can use curl to query the status of grid jobs, and in theory you could even submit a grid job using curl.

Starting with Fedora 12, RedHat has decided to change the way curl is built by default. As Fedora 12 is the 'baseline' for RedHat Enterprise Linux 6, this also affects the curl command in RHEL6, CentOS6 and Scientific Linux 6. In the past, curl was built and linked using the OpenSSL libraries. With Fedora 12+/RHEL6+, curl is now built and linked using the NSS library. This has an impact on how you can use curl to query different grid services.

The problem does not apply to grid services only, every site that requires a client-side certificate chain, that is, the client needs to present both a certificate and an intermediary key, is affected.

This page is the result of a comparison of the different SSL libraries that curl can be built against. The following SSL libraries were tested, using curl-7.22.0, which was the latest and greatest version of curl at the time of writing:

  • OpenSSL 1.0.0d
  • NSS 3.12.10
  • GnuTLS 2.8.6
  • PolarSSL 0.14.3

VOMS Role

The HEP VOs have an SGM role, usually of the form

 /Role=lcgadmin

However, in this HOWTO the VO vlemed was chosen as the example. This VO has a role

/Role=sgm

available, which gives users who possess that role the right to install software in the VO specific software area. To generate an SGM-proxy use

$ voms-proxy-init --voms vlemed:/vlemed/Role=sgm