You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Ernest Allen (JIRA)" <ji...@apache.org> on 2014/07/14 18:29:05 UTC

[jira] [Created] (QPID-5894) Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given

Ernest Allen created QPID-5894:
----------------------------------

             Summary: Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given
                 Key: QPID-5894
                 URL: https://issues.apache.org/jira/browse/QPID-5894
             Project: Qpid
          Issue Type: Bug
          Components: Python Client
    Affects Versions: 0.22
            Reporter: Ernest Allen
            Priority: Minor


If the flag "ssl_skip_hostname_check" is explicity set to "false", but no trustfile is given, the python client create an insecure connection without a warning or error.

The following command line illustrates the problem:
spout.py  --broker <hostname>:5671 --connection-options "{  username : 'guest', ssl_certfile : <path_to_client.pem>, protocol : 'amqp0-10', sasl_mechanisms : 'DIGEST-MD5', ssl_skip_hostname_check : 'false', password : 'guest', transport : 'ssl' }" --count 1 --sync-mode None "amq.topic;{}"

No trustfile was given, but ssl_skip_hostname_check was set to false. This implies that the user wants to check the hostname. But without a valid trustfile, that is not possible. In this case, the connection should not silently succeed with an insecure connection.







--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org