Save remote host's cert chain in client-side session ad


We got a request from the EGI monitoring team for a way to remotely validate an HTCondor-CE's host cert ( This doesn't appear to be currently possible so BrianB suggested that we add code to this function ( to save the remote host's cert chain in PEM format into the client-side session ad. This should make the cert chain available to the Python bindings through



Brian Bockelman
March 3, 2021, 10:47 PM

Just because it took too long to pull this into cache, here’s an example use:

Zach Miller
February 26, 2021, 6:59 PM

CODE REVIEW: Looks Good. Needs version history/docs.

Tim Theisen
January 6, 2021, 3:59 PM

Fair enough. Retargetting to the devel series.

Brian Lin
January 6, 2021, 3:46 PM

as I understand it, it’s just the client that has to contain these changes, so we don’t have to worry about older versions out in the OSG-wild as much.

Tim Theisen
January 6, 2021, 3:35 PM

Given that OSG will support HTCondor 8.8 as part of OSG 3.5 for some time. I strongly prefer backporting this change to stable. It looks like an easy backport.

Time remaining



Zach Miller