You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Lorenz Quack (JIRA)" <ji...@apache.org> on 2016/05/11 13:56:12 UTC
[jira] [Created] (QPID-7258) [Python Client for AMQP 0-8...0-9-1]
Perform hostname verification of ssl/tls connections
Lorenz Quack created QPID-7258:
----------------------------------
Summary: [Python Client for AMQP 0-8...0-9-1] Perform hostname verification of ssl/tls connections
Key: QPID-7258
URL: https://issues.apache.org/jira/browse/QPID-7258
Project: Qpid
Issue Type: Bug
Components: Java Client
Reporter: Lorenz Quack
Currently, the Python client for AMQP 0-8...0-9-1 does not perform hostname verification of tls connections. this opens the possibility of Man-in-the-Middle attacks.
We should enhance the client to have this ability, make it configurable and turn the feature on by default.
It should respect hostnames from both CN and SANs, and support wildcards.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org