Menu
▾
▴
#11 Check for proxies issued by specified cert
Currently, when a cert/key file is specified in the
clarens_client instantation, with e.g.
client=clarens_client(my_url, certfile='mycert.pem',
keyfile='mykey.pem')
the client code tries to open a few files in succession
to find an _openable_ file:
1. Specified key/cert combination
2. /tmp/x509up_u$UID
3. ~/.globus/user[cert,key].pem
It would be useful to add some intelligence to the process:
1. Open supplied cert _and_ create cert object
2. Open a proxy file, in the order $GLOBUS_PROXY_FILE
if it exists, fall back to /x509up_u$UID _and _ create
a cert object.
3. Check if the proxy was issued by the supplied cert
-> if not, use the supplied cert/key (possibly asking
for a pasword)
4. At this stage it would be convenient to also create
a proxy
The current behaviour can be retained by making the
supplied cert/key in step 1. to default to
~/.globus/user[cert,key].pem
The order of evaluation would then be:
1. ~/.globus/user[cert,key].pem
2. $GLOBUS_PROXY_FILE -> use if issued by cer in step 1
3. /x509up_u$UID -> use if issued by cer in step 1
4. Use cert key from step 1 if proxy was not issued by
that cert.
5. Possibly issue new key, and save in /x509up_u$UID
Or if expl
