You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Fernández,
José Alberto <ja...@indra.es> on 2020/03/26 12:40:42 UTC
Qpid-cpp SSL options
Hi all,
We are using qpid-cpp using AMQP 1.0 with SSL to connect to an external broker.
Broker administrator told us to set the following ssl parameters due to we are getting SSL errors due to verification fails
Trust all = true
Verify host = false
We have set:
connection.setOption("ssl-ignore-hostname-verification-failure", "TRUE");
to fullfil Verify host = false.
Is this option right?
Is there any options to set trust all to true?
If you need any log or other information contact us.
Thanks in advance.
Regards
________________________________
Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario o destinatarios. Si no es vd. el destinatario indicado, queda notificado que la lectura, utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. En el caso de haber recibido este correo electrónico por error, se ruega notificar inmediatamente esta circunstancia mediante reenvío a la dirección electrónica del remitente.
Evite imprimir este mensaje si no es estrictamente necesario.
This email and any file attached to it (when applicable) contain(s) confidential information that is exclusively addressed to its recipient(s). If you are not the indicated recipient, you are informed that reading, using, disseminating and/or copying it without authorisation is forbidden in accordance with the legislation in effect. If you have received this email by mistake, please immediately notify the sender of the situation by resending it to their email address.
Avoid printing this message if it is not absolutely necessary.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: Qpid-cpp SSL options
Posted by Gordon Sim <gs...@redhat.com>.
On 26/03/2020 12:40 pm, Fernández Parejo, José Alberto wrote:
> Hi all,
>
> We are using qpid-cpp using AMQP 1.0 with SSL to connect to an external broker.
>
> Broker administrator told us to set the following ssl parameters due to we are getting SSL errors due to verification fails
>
> Trust all = true
> Verify host = false
>
> We have set:
> connection.setOption("ssl-ignore-hostname-verification-failure", "TRUE");
> to fullfil Verify host = false.
>
> Is this option right?
Yes, that means that even if the certificate is not signed for use as
the hostname by which you are connecting, it will not fail. (Of course
that does mean that SSL is not guaranteeing you are actually connected
to the host you want to connect to.)
> Is there any options to set trust all to true?
Not that I know of. The qpid-cpp library uses mozilla's NSS for SSL.
Assuming your server is using a self signed cert, and that is the reason
for wanting to trust all, you can just add the public cert for the
server to your clients cert dab and mark it trusted.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org