You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@activemq.apache.org by "Jeffrey B (JIRA)" <ji...@apache.org> on 2014/01/16 19:07:22 UTC

[jira] [Created] (AMQCPP-530) SSL does not find hostname in cert with multiple cn's in dc

Jeffrey B created AMQCPP-530:
--------------------------------

             Summary: SSL does not find hostname in cert with multiple cn's in dc
                 Key: AMQCPP-530
                 URL: https://issues.apache.org/jira/browse/AMQCPP-530
             Project: ActiveMQ C++ Client
          Issue Type: Bug
          Components: Decaf
    Affects Versions: 3.8.2
         Environment: unix
            Reporter: Jeffrey B
            Assignee: Timothy Bish
            Priority: Minor


The SSL certs that we use contain multiple cn's in the dn, such as 
dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"

I do not know why they are created in this way. It is probably something legacy related. Anyway, with this ActiveMQ cpp will not find the hostname from the dn and fail dual ssl authentication.

Here is a page on openssl that states the specific limitation of the method used in the code http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html

And this link shows an example usage of the suggested method
http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html





--
This message was sent by Atlassian JIRA
(v6.1.5#6160)