You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2011/02/07 20:56:57 UTC
[jira] Resolved: (AMQCPP-348) Allow unverified SSL peer
[ https://issues.apache.org/jira/browse/AMQCPP-348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQCPP-348.
---------------------------------
Resolution: Fixed
Added code to check for the property "decaf.net.ssl.disablePeerVerification" and disable all verification if true.
client code sets via:
{noformat}
System::setProperty( "decaf.net.ssl.disablePeerVerification", "true" )
{noformat}
> Allow unverified SSL peer
> -------------------------
>
> Key: AMQCPP-348
> URL: https://issues.apache.org/jira/browse/AMQCPP-348
> Project: ActiveMQ C++ Client
> Issue Type: Improvement
> Affects Versions: 3.2.4
> Reporter: Kevin Quick
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 3.2.5, 3.3.0
>
>
> When using an ssl: connection, attempting to only provide a client certificate via:
> decaf::lang::System::setProperty("decaf.net.ssl.keyStore", certfile);
> fails with the following:
> Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Init failure ERROR: Error occurred while accessing an OpenSSL library method:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> It would be nice if the library would set peer_verify to false if no decaf.net.ssl.trustStore was provided to allow the client to bypass verification of the broker.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira