You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org> on 2010/03/13 04:41:27 UTC
[jira] Created: (QPID-2444) MS client does not verify that the
hostname connected to matches that specified in the servers certificate
MS client does not verify that the hostname connected to matches that specified in the servers certificate
----------------------------------------------------------------------------------------------------------
Key: QPID-2444
URL: https://issues.apache.org/jira/browse/QPID-2444
Project: Qpid
Issue Type: Bug
Components: Java Client
Affects Versions: 0.6
Reporter: Rajith Attapattu
Assignee: Rajith Attapattu
Fix For: 0.7
The JMS client will succeed in connecting to a broker whose certificate has a
random string as the common name. It should (at least as an option) verify that
the CN matches the hostname it believes it has connected to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Updated: (QPID-2444) JMS client does not verify that the
hostname connected to matches that specified in the servers certificate
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajith Attapattu updated QPID-2444:
-----------------------------------
Summary: JMS client does not verify that the hostname connected to matches that specified in the servers certificate (was: MS client does not verify that the hostname connected to matches that specified in the servers certificate)
> JMS client does not verify that the hostname connected to matches that specified in the servers certificate
> -----------------------------------------------------------------------------------------------------------
>
> Key: QPID-2444
> URL: https://issues.apache.org/jira/browse/QPID-2444
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: 0.6
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
>
> The JMS client will succeed in connecting to a broker whose certificate has a
> random string as the common name. It should (at least as an option) verify that
> the CN matches the hostname it believes it has connected to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Resolved: (QPID-2444) JMS client does not verify that the
hostname connected to matches that specified in the servers certificate
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajith Attapattu resolved QPID-2444.
------------------------------------
Resolution: Fixed
The SSLTest has "testVerifyHostName" , "testVerifyLocalHost' and "testVerifyLocalHostLocalDomain" as test cases for this feature.
This feature has been verified manually as well.
> JMS client does not verify that the hostname connected to matches that specified in the servers certificate
> -----------------------------------------------------------------------------------------------------------
>
> Key: QPID-2444
> URL: https://issues.apache.org/jira/browse/QPID-2444
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: 0.6
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
>
> The JMS client will succeed in connecting to a broker whose certificate has a
> random string as the common name. It should (at least as an option) verify that
> the CN matches the hostname it believes it has connected to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
[jira] Commented: (QPID-2444) JMS client does not verify that the
hostname connected to matches that specified in the servers certificate
Posted by "Rajith Attapattu (JIRA)" <qp...@incubator.apache.org>.
[ https://issues.apache.org/jira/browse/QPID-2444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849220#action_12849220 ]
Rajith Attapattu commented on QPID-2444:
----------------------------------------
In order to enable hostname verification, you need to use ssl_verify_hostname='true' in the broker URL.
Ex "amqp://guest:guest@test/?brokerlist='tcp://<hostname>:5671?ssl='true'&ssl_verify_hostname='true''"
> JMS client does not verify that the hostname connected to matches that specified in the servers certificate
> -----------------------------------------------------------------------------------------------------------
>
> Key: QPID-2444
> URL: https://issues.apache.org/jira/browse/QPID-2444
> Project: Qpid
> Issue Type: Bug
> Components: Java Client
> Affects Versions: 0.6
> Reporter: Rajith Attapattu
> Assignee: Rajith Attapattu
> Fix For: 0.7
>
>
> The JMS client will succeed in connecting to a broker whose certificate has a
> random string as the common name. It should (at least as an option) verify that
> the CN matches the hostname it believes it has connected to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org