You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Gordon Sim <gs...@redhat.com> on 2015/05/14 21:54:20 UTC
Review Request 34229: Expose subject from peer's certificate
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/
-----------------------------------------------------------
Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
Bugs: PROTON-861
https://issues.apache.org/jira/browse/PROTON-861
Repository: qpid-proton-git
Description
-------
This is useful e.g. to determine whether a particular connection is authorised for certain actions.
The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
Diffs
-----
proton-c/bindings/python/proton/__init__.py bc639e3
proton-c/include/proton/ssl.h 0ac4aef
proton-c/src/ssl/openssl.c 2bbdda0
Diff: https://reviews.apache.org/r/34229/diff/
Testing
-------
Thanks,
Gordon Sim
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Rafael Schloming <rh...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83914
-----------------------------------------------------------
Ship it!
Ship It!
- Rafael Schloming
On May 15, 2015, 9:40 a.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 15, 2015, 9:40 a.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Andrew Stitcher <as...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83926
-----------------------------------------------------------
Ship it!
Nitpick below (really a question of python API consistency)
proton-c/bindings/python/proton/__init__.py
<https://reviews.apache.org/r/34229/#comment134997>
Should this be a read-only property? rather than a function?
(sorry to be nitpicking)
- Andrew Stitcher
On May 15, 2015, 9:40 a.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 15, 2015, 9:40 a.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Kenneth Giusti <kg...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83917
-----------------------------------------------------------
Ship it!
Ship It!
- Kenneth Giusti
On May 15, 2015, 9:40 a.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 15, 2015, 9:40 a.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Gordon Sim <gs...@redhat.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/
-----------------------------------------------------------
(Updated May 15, 2015, 9:40 a.m.)
Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
Bugs: PROTON-861
https://issues.apache.org/jira/browse/PROTON-861
Repository: qpid-proton-git
Description
-------
This is useful e.g. to determine whether a particular connection is authorised for certain actions.
The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
Diffs (updated)
-----
proton-c/bindings/python/proton/__init__.py bc639e3
proton-c/include/proton/ssl.h 0ac4aef
proton-c/src/ssl/openssl.c 2bbdda0
Diff: https://reviews.apache.org/r/34229/diff/
Testing
-------
Thanks,
Gordon Sim
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Gordon Sim <gs...@redhat.com>.
> On May 14, 2015, 10:06 p.m., Andrew Stitcher wrote:
> > proton-c/include/proton/ssl.h, line 327
> > <https://reviews.apache.org/r/34229/diff/2/?file=960374#file960374line327>
> >
> > I think this probably should return const char* as the resulting string is not writable be the API client.
Agreed; done in latest patch.
- Gordon
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83857
-----------------------------------------------------------
On May 15, 2015, 9:40 a.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 15, 2015, 9:40 a.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Andrew Stitcher <as...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83857
-----------------------------------------------------------
proton-c/include/proton/ssl.h
<https://reviews.apache.org/r/34229/#comment134938>
I think this probably should return const char* as the resulting string is not writable be the API client.
- Andrew Stitcher
On May 14, 2015, 8:27 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 8:27 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Gordon Sim <gs...@redhat.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/
-----------------------------------------------------------
(Updated May 14, 2015, 8:27 p.m.)
Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
Bugs: PROTON-861
https://issues.apache.org/jira/browse/PROTON-861
Repository: qpid-proton-git
Description
-------
This is useful e.g. to determine whether a particular connection is authorised for certain actions.
The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
Diffs (updated)
-----
proton-c/bindings/python/proton/__init__.py bc639e3
proton-c/include/proton/ssl.h 0ac4aef
proton-c/src/ssl/openssl.c 2bbdda0
Diff: https://reviews.apache.org/r/34229/diff/
Testing
-------
Thanks,
Gordon Sim
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Andrew Stitcher <as...@apache.org>.
> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > This looks good to me - essentially what I was starting with.
> >
> > Although we may nned something more specific to interoperate with qpidd as it has a very specific notion of what the authid for sasl external looks like - I need to follow this through more carefully.
>
> Alan Conway wrote:
> IMO what gsim has is fine, and what you are talking about would be an addition like `char* pn_some_long_name_authid(const char* subject)`. We're talking about a few simple parse or transform functions, I don't think we need to introduce a whole new refcounted pn_subject class. If it is qpidd specific then it shouldn't even be in proton.
I'm not suggesting a new pn_subject_t type (although it isn't necessarily a bad idea - X509 names are significantly cpomplex).
Where I do differ from your API sketch is that I would not parse some text form of the subject - we have access to the actual certificate objects so it makes sense to use them - the code wil end up being simpler and more reliable tham have to format a representation of the subject them parsing it then creating a new representation. so something more like:
char *pn_some_long_name(pn_ssl_t *ssl);
- Andrew
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
On May 14, 2015, 8:27 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 8:27 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Gordon Sim <gs...@redhat.com>.
> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > proton-c/src/ssl/openssl.c, line 1263
> > <https://reviews.apache.org/r/34229/diff/1/?file=960166#file960166line1263>
> >
> > I think _oneline would be closer in format to using flags
> > XN_FLAGS_ONELINE
Oops, I didn't mean to leave that in. The oneline approach was the first option, but it prints in slightly non-standard form (uses '/' as separator rather than ',') and on reading the docs its no longer recommended.
> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > proton-c/src/ssl/openssl.c, line 1265
> > <https://reviews.apache.org/r/34229/diff/1/?file=960166#file960166line1265>
> >
> > You probably need
> > if (!subject) return NULL;
> > here too (there may be circumstances in which we can get a certificate without a subject)
Good point.
- Gordon
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
On May 14, 2015, 7:54 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 7:54 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Alan Conway <ac...@redhat.com>.
> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > This looks good to me - essentially what I was starting with.
> >
> > Although we may nned something more specific to interoperate with qpidd as it has a very specific notion of what the authid for sasl external looks like - I need to follow this through more carefully.
>
> Alan Conway wrote:
> IMO what gsim has is fine, and what you are talking about would be an addition like `char* pn_some_long_name_authid(const char* subject)`. We're talking about a few simple parse or transform functions, I don't think we need to introduce a whole new refcounted pn_subject class. If it is qpidd specific then it shouldn't even be in proton.
>
> Andrew Stitcher wrote:
> I'm not suggesting a new pn_subject_t type (although it isn't necessarily a bad idea - X509 names are significantly cpomplex).
>
> Where I do differ from your API sketch is that I would not parse some text form of the subject - we have access to the actual certificate objects so it makes sense to use them - the code wil end up being simpler and more reliable tham have to format a representation of the subject them parsing it then creating a new representation. so something more like:
> char *pn_some_long_name(pn_ssl_t *ssl);
Agreed. We can do both: expose the parsed data and provide the full bytes of the subject.
- Alan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
On May 15, 2015, 9:40 a.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 15, 2015, 9:40 a.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Alan Conway <ac...@redhat.com>.
> On May 14, 2015, 8:17 p.m., Andrew Stitcher wrote:
> > This looks good to me - essentially what I was starting with.
> >
> > Although we may nned something more specific to interoperate with qpidd as it has a very specific notion of what the authid for sasl external looks like - I need to follow this through more carefully.
IMO what gsim has is fine, and what you are talking about would be an addition like `char* pn_some_long_name_authid(const char* subject)`. We're talking about a few simple parse or transform functions, I don't think we need to introduce a whole new refcounted pn_subject class. If it is qpidd specific then it shouldn't even be in proton.
- Alan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
On May 14, 2015, 8:27 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 8:27 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Andrew Stitcher <as...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83829
-----------------------------------------------------------
This looks good to me - essentially what I was starting with.
Although we may nned something more specific to interoperate with qpidd as it has a very specific notion of what the authid for sasl external looks like - I need to follow this through more carefully.
proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134908>
I think _oneline would be closer in format to using flags
XN_FLAGS_ONELINE
proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134906>
You probably need
if (!subject) return NULL;
here too (there may be circumstances in which we can get a certificate without a subject)
proton-c/src/ssl/openssl.c
<https://reviews.apache.org/r/34229/#comment134907>
FWIW I just wrote this code (or near equivalent) for my own purposes and used a direct memcpy here:
...
long len = BIO_get_mem_data(bio, &data);
ssl->subject = (char*) malloc(len+1);
if (ssl->subject) {
memcpy(ssl->subject, data, len);
out[len] = 0;
}
BIO_free(bio);
return ssl->subject;
}
...
Don't know if this is useful or not.
- Andrew Stitcher
On May 14, 2015, 7:54 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 7:54 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>
Re: Review Request 34229: Expose subject from peer's certificate
Posted by Alan Conway <ac...@redhat.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34229/#review83830
-----------------------------------------------------------
Ship it!
Ship It!
- Alan Conway
On May 14, 2015, 7:54 p.m., Gordon Sim wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/34229/
> -----------------------------------------------------------
>
> (Updated May 14, 2015, 7:54 p.m.)
>
>
> Review request for qpid, Andrew Stitcher, Cliff Jansen, Kenneth Giusti, and Rafael Schloming.
>
>
> Bugs: PROTON-861
> https://issues.apache.org/jira/browse/PROTON-861
>
>
> Repository: qpid-proton-git
>
>
> Description
> -------
>
> This is useful e.g. to determine whether a particular connection is authorised for certain actions.
>
> The approach taken here is to expose the full subject as a string. It may be that some subset of that is preferred, perhaps in a slightly different format. However having the full subject is the simplest way to ensure that everyone can get what they need, even if at the expense of a little string manipulation.
>
>
> Diffs
> -----
>
> proton-c/bindings/python/proton/__init__.py bc639e3
> proton-c/include/proton/ssl.h 0ac4aef
> proton-c/src/ssl/openssl.c 2bbdda0
>
> Diff: https://reviews.apache.org/r/34229/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Gordon Sim
>
>