You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ernest Allen (JIRA)" <ji...@apache.org> on 2014/07/14 18:29:05 UTC
[jira] [Created] (QPID-5894) Python client SSL authentication
passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not
given
Ernest Allen created QPID-5894:
----------------------------------
Summary: Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given
Key: QPID-5894
URL: https://issues.apache.org/jira/browse/QPID-5894
Project: Qpid
Issue Type: Bug
Components: Python Client
Affects Versions: 0.22
Reporter: Ernest Allen
Priority: Minor
If the flag "ssl_skip_hostname_check" is explicity set to "false", but no trustfile is given, the python client create an insecure connection without a warning or error.
The following command line illustrates the problem:
spout.py --broker <hostname>:5671 --connection-options "{ username : 'guest', ssl_certfile : <path_to_client.pem>, protocol : 'amqp0-10', sasl_mechanisms : 'DIGEST-MD5', ssl_skip_hostname_check : 'false', password : 'guest', transport : 'ssl' }" --count 1 --sync-mode None "amq.topic;{}"
No trustfile was given, but ssl_skip_hostname_check was set to false. This implies that the user wants to check the hostname. But without a valid trustfile, that is not possible. In this case, the connection should not silently succeed with an insecure connection.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org