You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2017/08/06 18:30:02 UTC
[jira] [Commented] (QPID-7867) Authentication using expired
certificate
[ https://issues.apache.org/jira/browse/QPID-7867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115891#comment-16115891 ]
Keith Wall commented on QPID-7867:
----------------------------------
The issue was discussed on list here:
http://qpid.2158936.n2.nabble.com/QPID-7867-Java-Broker-Authentication-using-self-signed-expired-certificates-td7665246.html
The agreement was that this was not a security issue but a new feature would be added to the Java Broker to help this specific use-case.
> Authentication using expired certificate
> ----------------------------------------
>
> Key: QPID-7867
> URL: https://issues.apache.org/jira/browse/QPID-7867
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: qpid-java-broker-7.0.0
> Environment: * qpid-jms-client version 0.23.0
> * java qpid broker 7.0.0
> Reporter: Martin Krasa
>
> Using qpid-jms-client version 0.23.0 and (as of July 17 2017) expired self-signed certificate (Valid until: Sat Dec 17 10:46:56 CET 2016) user can _successfully authenticate_ against the java qpid broker 7.0.0 {code:title=extract from Java broker log file|borderStyle=solid} 2017-07-14 16:34:58,022 INFO [Broker-Config] (q.m.c.open) - [con:0(/XXX.XX.XX.XX:54268)] CON-1001 : Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version : 1.0 : SSL 2017-07-14 16:34:58,093 INFO [IO-/172.23.38.21:54268] (q.m.c.open) - [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)] CON-1001 : Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version : 1.0 : SSL : Client ID : ID:6303ba8b-2055-49e5-9bf8-80336865a672:1 : Client Version : 0.23.0 : Client Product : QpidJMS 2017-07-14 16:34:58,124 INFO [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) - [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:0] CHN-1001 : Create 2017-07-14 16:34:58,155 INFO [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) - [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:1] CHN-1001 : Create {code} {color:blue}*NOTE:* The same behaviour rings true with expired node certificate{color}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org