You are viewing a plain text version of this content. The canonical link for it is here.

Posted to proton@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2013/11/05 15:49:20 UTC

[jira] [Commented] (PROTON-302) Messenger does not verify the hostname in the peer's SSL certificate.

    [ https://issues.apache.org/jira/browse/PROTON-302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13813952#comment-13813952 ] 

ASF subversion and git services commented on PROTON-302:
--------------------------------------------------------

Commit 1539013 from rhs@apache.org in branch 'proton/trunk'
[ https://svn.apache.org/r1539013 ]

PROTON-302: added negative testing for messenger ssl; added proper validation of messenger credentials; fixed the java work queue and transport work queue implementation; added the missing Delivery.clear() method to proton-j

> Messenger does not verify the hostname in the peer's SSL certificate.
> ---------------------------------------------------------------------
>
>                 Key: PROTON-302
>                 URL: https://issues.apache.org/jira/browse/PROTON-302
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>    Affects Versions: 0.5
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>            Priority: Blocker
>             Fix For: 0.6
>
>
> When Messenger is configured to use SSL, and a CA database is provided (via set_trusted_certificates), messenger fails to check that the CommonName/Subject Alternate Name provided in the peer's certificate.  Currently, it merely validates that the certificate is signed correctly.



--
This message was sent by Atlassian JIRA
(v6.1#6144)