You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@qpid.apache.org by cl...@apache.org on 2016/06/30 18:54:28 UTC

qpid-proton git commit: PROTON-1233: PROTON-1228: for 0.13.1, make schannel hostname behaviour like openssl

Repository: qpid-proton
Updated Branches:
  refs/heads/0.13.x fd9d961b6 -> ad532c392


PROTON-1233: PROTON-1228: for 0.13.1, make schannel hostname behaviour like openssl


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/ad532c39
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/ad532c39
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/ad532c39

Branch: refs/heads/0.13.x
Commit: ad532c392816dff3129e03e90e2e07cefe94618c
Parents: fd9d961
Author: Clifford Jansen <cl...@apache.org>
Authored: Thu Jun 30 11:47:54 2016 -0700
Committer: Clifford Jansen <cl...@apache.org>
Committed: Thu Jun 30 11:52:29 2016 -0700

----------------------------------------------------------------------
 proton-c/src/windows/schannel.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ad532c39/proton-c/src/windows/schannel.c
----------------------------------------------------------------------
diff --git a/proton-c/src/windows/schannel.c b/proton-c/src/windows/schannel.c
index fa9c2d1..0201034 100644
--- a/proton-c/src/windows/schannel.c
+++ b/proton-c/src/windows/schannel.c
@@ -767,6 +767,13 @@ pn_ssl_t *pn_ssl(pn_transport_t *transport)
 
   transport->ssl = ssl;
 
+  // Set up hostname from any bound connection
+  if (transport->connection) {
+    if (pn_string_size(transport->connection->hostname)) {
+      pn_ssl_set_peer_hostname((pn_ssl_t *) transport, pn_string_get(transport->connection->hostname));
+    }
+  }
+
   SecInvalidateHandle(&ssl->cred_handle);
   SecInvalidateHandle(&ssl->ctxt_handle);
   ssl->state = CREATED;
@@ -2210,6 +2217,11 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se
       error = SEC_E_WRONG_PRINCIPAL;
       break;
     }
+    else if (ssl->verify_mode == PN_SSL_VERIFY_PEER_NAME && !server_name) {
+      ssl_log_error("Error: configuration error: PN_SSL_VERIFY_PEER_NAME configured, but no peer hostname set!");
+      error = SEC_E_WRONG_PRINCIPAL;
+      break;
+    }
   } while (0);
 
   if (tracing && !error)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org