You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Timothy Bish (JIRA)" <ji...@apache.org> on 2012/11/13 17:48:12 UTC
[jira] [Commented] (AMQCPP-438) ssl doesnt match the hostname when
there are multiple CN's
[ https://issues.apache.org/jira/browse/AMQCPP-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13496317#comment-13496317 ]
Timothy Bish commented on AMQCPP-438:
-------------------------------------
We welcome patches if you'd like to update the OpenSSLSocket class to allow for parsing of your certificate configurations
> ssl doesnt match the hostname when there are multiple CN's
> ----------------------------------------------------------
>
> Key: AMQCPP-438
> URL: https://issues.apache.org/jira/browse/AMQCPP-438
> Project: ActiveMQ C++ Client
> Issue Type: Bug
> Components: Decaf
> Affects Versions: 3.4.4
> Environment: HPUX 11.31, but this is not likely important
> Reporter: Jeffrey B
> Assignee: Timothy Bish
> Labels: decaf, hostname, ssl
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> If the ssl certificate on the server has its hostname in the cn field to be compatable, but it also has other cn's on the same entry, which openssl allows and we always use for all of our certificates, the file OpenSSLSocket.cpp finds that they do not match.
> It is only checking one item, so it is not iterating through different cn's. This sometimes returns the error that the servers certificate did not match the hostname, and sometimes it simply says that peer did not send his wireformat. This has no doesnt have an option to diable it like in NMS, at least not that I ahave found.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira