You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Robbie Gemmell (Jira)" <ji...@apache.org> on 2023/04/11 14:28:00 UTC

[jira] [Assigned] (PROTON-2663) class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database

     [ https://issues.apache.org/jira/browse/PROTON-2663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robbie Gemmell reassigned PROTON-2663:
--------------------------------------

    Assignee: Andrew Stitcher

> class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database 
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: PROTON-2663
>                 URL: https://issues.apache.org/jira/browse/PROTON-2663
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: cpp-binding
>    Affects Versions: proton-c-0.37.0
>         Environment: Linux 64bit
> Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended for production)
> Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64
>            Reporter: Marko Hrastovec
>            Assignee: Andrew Stitcher
>            Priority: Blocker
>              Labels: ssl
>             Fix For: proton-c-0.39.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database.
> Out application has to present a custom certificate to the server, but the server uses a certificate signed by a certificate authority (CA) that is present in the systems default certificate trust database.
> Curently, our only option to connect is to supply a dummy certificate trust database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In that way, we skip an important check for a secure connection. That is unacceptable for a production version of our application. Until we come to a production version we must resolve that issue. That is why I marked it as a blocker.
> I have a patch, but I am not sure how to contribute it. I guess reporting is a first step?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org