You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by cl...@apache.org on 2016/06/30 18:54:28 UTC
qpid-proton git commit: PROTON-1233: PROTON-1228: for 0.13.1,
make schannel hostname behaviour like openssl
Repository: qpid-proton
Updated Branches:
refs/heads/0.13.x fd9d961b6 -> ad532c392
PROTON-1233: PROTON-1228: for 0.13.1, make schannel hostname behaviour like openssl
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/ad532c39
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/ad532c39
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/ad532c39
Branch: refs/heads/0.13.x
Commit: ad532c392816dff3129e03e90e2e07cefe94618c
Parents: fd9d961
Author: Clifford Jansen <cl...@apache.org>
Authored: Thu Jun 30 11:47:54 2016 -0700
Committer: Clifford Jansen <cl...@apache.org>
Committed: Thu Jun 30 11:52:29 2016 -0700
----------------------------------------------------------------------
proton-c/src/windows/schannel.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/ad532c39/proton-c/src/windows/schannel.c
----------------------------------------------------------------------
diff --git a/proton-c/src/windows/schannel.c b/proton-c/src/windows/schannel.c
index fa9c2d1..0201034 100644
--- a/proton-c/src/windows/schannel.c
+++ b/proton-c/src/windows/schannel.c
@@ -767,6 +767,13 @@ pn_ssl_t *pn_ssl(pn_transport_t *transport)
transport->ssl = ssl;
+ // Set up hostname from any bound connection
+ if (transport->connection) {
+ if (pn_string_size(transport->connection->hostname)) {
+ pn_ssl_set_peer_hostname((pn_ssl_t *) transport, pn_string_get(transport->connection->hostname));
+ }
+ }
+
SecInvalidateHandle(&ssl->cred_handle);
SecInvalidateHandle(&ssl->ctxt_handle);
ssl->state = CREATED;
@@ -2210,6 +2217,11 @@ static HRESULT verify_peer(pni_ssl_t *ssl, HCERTSTORE root_store, const char *se
error = SEC_E_WRONG_PRINCIPAL;
break;
}
+ else if (ssl->verify_mode == PN_SSL_VERIFY_PEER_NAME && !server_name) {
+ ssl_log_error("Error: configuration error: PN_SSL_VERIFY_PEER_NAME configured, but no peer hostname set!");
+ error = SEC_E_WRONG_PRINCIPAL;
+ break;
+ }
} while (0);
if (tracing && !error)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org