On Dec 6, 2011, at 12:49 PM, Alan Sill wrote: > > On Dec 6, 2011, at 10:33 AM, JP Navarro wrote: > >> It would be interesting if there was a way to retrieve the entire raw public >> x.509 certificate using the GridFTP protocol itself.. > > Yes, this is the relevant point. It should be possible to tease this out of > the GSSAPI ADAT authentication exchange - this is part of FTP and not > GridFTP, technically, as covered in RFC 2228. GridFTP just uses the GSSAPI > authentication method. > > Alan >
The GridFTP protocol deals with SSL tokens. While it's possible to inspect those for data, what I sent before at the GSSAPI level is probably easier to manage. Something like this attached program should work combining the previous bit with some ftp control channel stuff. Note the code is pretty terrible (error handling, polling), but is possible to use. Invoked with the hostname of the gridftp server (can't choose ports). Joe
get-server-cert.c
Description: Binary data
