Save remote host's cert chain in client-side session ad
We got a request from the EGI monitoring team for a way to remotely validate an HTCondor-CE's host cert (https://crt.cs.wisc.edu/rt/Ticket/Display.html?id=100742). This doesn't appear to be currently possible so BrianB suggested that we add code to this function (https://github.com/htcondor/htcondor/blob/master/src/condor_io/condor_auth_ssl.cpp#L1060) to save the remote host's cert chain in PEM format into the client-side session ad. This should make the cert chain available to the Python bindings through SecMan.ping().
Just because it took too long to pull this into cache, here’s an example use:
CODE REVIEW: Looks Good. Needs version history/docs.
Fair enough. Retargetting to the devel series.
as I understand it, it’s just the client that has to contain these changes, so we don’t have to worry about older versions out in the OSG-wild as much.
Given that OSG will support HTCondor 8.8 as part of OSG 3.5 for some time. I strongly prefer backporting this change to stable. It looks like an easy backport.