You are viewing a plain text version of this content. The canonical link for it is here.

Posted to proton@qpid.apache.org by "Ted Ross (JIRA)" <ji...@apache.org> on 2015/09/25 23:00:05 UTC

[jira] [Created] (PROTON-1008) Using a blank mech_list disables authentication

Ted Ross created PROTON-1008:
--------------------------------

             Summary: Using a blank mech_list disables authentication
                 Key: PROTON-1008
                 URL: https://issues.apache.org/jira/browse/PROTON-1008
             Project: Qpid Proton
          Issue Type: Bug
          Components: python-binding
    Affects Versions: 0.11
            Reporter: Ted Ross
             Fix For: 0.11


This bug was introduced in commit
    https://github.com/apache/qpid-proton/commit/14956b07edc3de93f67179c753bbedcd9eba51a6
If the client leaves allowed_mechs as None, the SASL protocol is not even executed.  I claim that allowed_mechs is used to restrict the set of acceptable mechanisms.  If it is None, then all available mechanisms may be used.
This bug causes a failure in the Qpid Dispatch test suite (system_tests_qdstat).  The failure is when the server requires authentication and will accept EXTERNAL and the client has a valid client-certificate but doesn't use the sasl protocol because qdstat doesn't (and can't) set the allowed_mechs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)