You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Kevin Quick (JIRA)" <ji...@apache.org> on 2011/01/22 00:30:43 UTC
[jira] Created: (AMQCPP-348) Allow unverified SSL peer
Allow unverified SSL peer
-------------------------
Key: AMQCPP-348
URL: https://issues.apache.org/jira/browse/AMQCPP-348
Project: ActiveMQ C++ Client
Issue Type: Improvement
Affects Versions: 3.2.4
Reporter: Kevin Quick
Assignee: Timothy Bish
When using an ssl: connection, attempting to only provide a client certificate via:
decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
fails with the following:
Error occurred while accessing an OpenSSL library method:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Init failure ERROR: Error occurred while accessing an OpenSSL library method:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQCPP-348) Allow unverified SSL peer
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQCPP-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQCPP-348.
---------------------------------
Resolution: Fixed
Added code to check for the property "decaf.net.ssl.disablePeerVerification" and disable all verification if true.
client code sets via:
{noformat}
System::setProperty( "decaf.net.ssl.disablePeerVerification", "true" )
{noformat}
> Allow unverified SSL peer
> -------------------------
>
> Key: AMQCPP-348
> URL: https://issues.apache.org/jira/browse/AMQCPP-348
> Project: ActiveMQ C++ Client
> Issue Type: Improvement
> Affects Versions: 3.2.4
> Reporter: Kevin Quick
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 3.2.5, 3.3.0
>
>
> When using an ssl: connection, attempting to only provide a client certificate via:
> decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> fails with the following:
> Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Init failure ERROR: Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (AMQCPP-348) Allow unverified SSL peer
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQCPP-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQCPP-348:
--------------------------------
Priority: Minor (was: Major)
Fix Version/s: 3.3.0
3.2.5
> Allow unverified SSL peer
> -------------------------
>
> Key: AMQCPP-348
> URL: https://issues.apache.org/jira/browse/AMQCPP-348
> Project: ActiveMQ C++ Client
> Issue Type: Improvement
> Affects Versions: 3.2.4
> Reporter: Kevin Quick
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 3.2.5, 3.3.0
>
>
> When using an ssl: connection, attempting to only provide a client certificate via:
> decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> fails with the following:
> Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Init failure ERROR: Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira