You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/09/02 14:15:00 UTC

[jira] [Commented] (DISPATCH-1762) Setting verifyHostname to false on connector means certificate is not verified at all

    [ https://issues.apache.org/jira/browse/DISPATCH-1762?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17189265#comment-17189265 ] 

ASF GitHub Bot commented on DISPATCH-1762:
------------------------------------------

ChugR opened a new pull request #843:
URL: https://github.com/apache/qpid-dispatch/pull/843


   Errors seen passing ssl protocol settings to Proton were logged but
   the connector was allowed to connect anyway.
   
   The initial complaint in DISPATCH-1762 was about how a bad ca cert
   file name allowed the connection to proceed without using any ca cert
   file. A self test is added to check that this particular case is fixed.
   
   This patch prevents all connector connection attempts if there are
   any configuration errors reported by Proton.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Setting verifyHostname to false on connector means certificate is not verified at all
> -------------------------------------------------------------------------------------
>
>                 Key: DISPATCH-1762
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-1762
>             Project: Qpid Dispatch
>          Issue Type: Bug
>            Reporter: Gordon Sim
>            Priority: Major
>
> You can connect even of the CA path specified does not exist. (Expectation from the configuration option name is that only the hostname verification is disabled, but that the validity of the certificate is still verified).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org