CAS proxy validation failure - Configured TLS trust engine was not used

[Cantor, Scott]

On 8/17/20, 7:05 PM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:

>    Hmm. I don't see anything suspicious set to 10 minutes. It looks like the time value settings are only for things like
> establishing the connection, killing idle connections, or other stuff involving a given connection. The proxy validation
> calls are coming as separate TCP connections, so it's not a keep alive thing. The other settings are for the size of the
> pools. I don't see anything that jumps out as "hold onto something for 10 minutes then reinitialize it"?

I don't either, and I reviewed the code, and it looks fine to me. I don't see any way this could be happening. The unit tests work, and I manipulated them to repeat the same calls multiple times in a row and they worked fine too.

I checked my logs, and the HTTP connector that is coded essentially the same way is not producing any errors.

I think there's an issue that's preventing the HTTP stack from properly invoking the hooks that allow the trust check to happen. And I don't think we can rule out platform issues but I don't know if you said what the details are. There isn't much to do but file it with all the specifics.

-- Scott