You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/04/11 17:08:00 UTC
[jira] [Commented] (PROTON-2014) [c] Example broker can silently
use anonymous ciphers when misconfigured
[ https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16815630#comment-16815630 ]
ASF subversion and git services commented on PROTON-2014:
---------------------------------------------------------
Commit 2d3ba8aadc6657410a9e9f020c4d371cb41cd41b in qpid-proton's branch refs/heads/0.27.x from Andrew Stitcher
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a ]
PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl
- Also make send-ssl tell you the remote peer
(cherry picked from commit 159fac1f90d9b1ace1138d510176e7a5da54e9e9)
> [c] Example broker can silently use anonymous ciphers when misconfigured
> ------------------------------------------------------------------------
>
> Key: PROTON-2014
> URL: https://issues.apache.org/jira/browse/PROTON-2014
> Project: Qpid Proton
> Issue Type: Bug
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Major
> Fix For: proton-c-0.27.1, proton-c-0.28.0
>
>
> The example broker does not check the return value from {color:#2e3436}pn_ssl_domain_set_credentials(){color} and if given a bad certificate will allow anonymous ciphers without even displaying an error message.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org