You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Kevin Quick (JIRA)" <ji...@apache.org> on 2011/01/22 00:30:43 UTC

[jira] Created: (AMQCPP-348) Allow unverified SSL peer

Allow unverified SSL peer
-------------------------

                 Key: AMQCPP-348
                 URL: https://issues.apache.org/jira/browse/AMQCPP-348
             Project: ActiveMQ C++ Client
          Issue Type: Improvement
    Affects Versions: 3.2.4
            Reporter: Kevin Quick
            Assignee: Timothy Bish


When using an ssl: connection, attempting to only provide a client certificate via:

            decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);

fails with the following:

Error occurred while accessing an OpenSSL library method:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Init failure ERROR: Error occurred while accessing an OpenSSL library method:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (AMQCPP-348) Allow unverified SSL peer

Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/AMQCPP-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish resolved AMQCPP-348.
---------------------------------

    Resolution: Fixed

Added code to check for the property "decaf.net.ssl.disablePeerVerification" and disable all verification if true.

client code sets via:

{noformat}
System::setProperty( "decaf.net.ssl.disablePeerVerification", "true" )
{noformat}

> Allow unverified SSL peer
> -------------------------
>
>                 Key: AMQCPP-348
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-348
>             Project: ActiveMQ C++ Client
>          Issue Type: Improvement
>    Affects Versions: 3.2.4
>            Reporter: Kevin Quick
>            Assignee: Timothy Bish
>            Priority: Minor
>             Fix For: 3.2.5, 3.3.0
>
>
> When using an ssl: connection, attempting to only provide a client certificate via:
>             decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> fails with the following:
> Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Init failure ERROR: Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (AMQCPP-348) Allow unverified SSL peer

Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/AMQCPP-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy Bish updated AMQCPP-348:
--------------------------------

         Priority: Minor  (was: Major)
    Fix Version/s: 3.3.0
                   3.2.5

> Allow unverified SSL peer
> -------------------------
>
>                 Key: AMQCPP-348
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-348
>             Project: ActiveMQ C++ Client
>          Issue Type: Improvement
>    Affects Versions: 3.2.4
>            Reporter: Kevin Quick
>            Assignee: Timothy Bish
>            Priority: Minor
>             Fix For: 3.2.5, 3.3.0
>
>
> When using an ssl: connection, attempting to only provide a client certificate via:
>             decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> fails with the following:
> Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Init failure ERROR: Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira