Home -> Toolkit -> Releasenotes -> 3.2.0

Globus > Toolkit > Release Notes > 3.2 > GSI <

Globus Toolkit® 3.2 GSI Release Notes

Grid Security Infrastructure (GSI) enables secure authentication and communication over an open network. GSI provides a number of useful services for Grids, including mutual authentication and single sign-on.

The 3.2 release contains a slew of bug fixes and various improvements. Improvements of note are updated third party libraries, Certificate Revocation List (CRL) support in Java, support for pluggable authorization in the GridFTP and Pre-WS GRAM components, SimpleCA and improved documentation. Also, the security component will no longer ship with the Globus CA certificate. Users requiring certificates for testing should take a look at the Globus Certificate Service or Simple CA.

Improvements/Bug Details

• CRL Support for Java GSI libraries
• Support for authorization callouts. These callouts can be used to replace gridmap based authorization/mapping and to enforce finer grained authorization in the Pre-WS GRAM component. More information can be found here
• OpenSSL has been upgraded to version 0.9.7. This release of OpenSSL changes the textual representation of certain certificate subject (DN) components. The components that are affected are USERID, which changed to UID, and Email, which changed to emailAddress. This will require you to update your grid-mapfile and CA signing policy files for CAs whose certificate subject contains any of the affected components. See bug 575 for details.
• grid-proxy-init now checks that the certificate and the private key match
• CRL checking for C GSI libraries now handles the lastUpdate field and no longer assumes that the nextUpdate field is always present, which means that CRLs without a nextUpdate field no longer cause an error and don't expire.
• The SimpleCA packages are now included in the standard distribution.
• The Globus CA setup package is now no longer part of the distribution. Users requiring certificates for testing should take a look at the Globus Certificate Service or Simple CA. Note that you will not be able to run grid-cert-request until you have installed a CA setup package .
• CA setup packages (GCS and SimpleCA) are now non-interactive.
• grid-cert-renew has been removed from the distribution
• For grid services specific security changes please see the core release notes
• The grid-default-ca utility has been added to the distribution
• Various minor API changes have been made (Proxy Core, Cert Utils, System Config)
• Fixed bugs 590, 978, 982, 1018, 1028, 1091, 1126, 1143, 1151, 1171, 1304, 1308, 1522, 1541, 1553, 1589, 1630