qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Stitcher <astitc...@redhat.com>
Subject RE: SSL Connection under Windows [Was: Qpid Enquiry]
Date Mon, 21 May 2012 19:20:12 GMT
On Mon, 2012-05-21 at 14:08 -0500, Steve Huston wrote:
> Hi Andrew,
> 
> I wrote the code originally, so I'll chime in.
> 
> As for the "why" questions, they may have been misinformed, bad decisions. I 
> was most likely thinking "broker" instead of client, which is why I chose to 
> open the store for local machine, not current user. It was also before 
> running the broker as a service was really worked on seriously. I may have 
> misunderstood advice on MSDN re that arg and the store path. I might have 
> just gotten it wrong.

A point of clarification - I'm haven't considered the client side at all
in any of this, I've only been working to get a broker up with ssl. I've
actually been connecting to it from linux. In fact if I read the code
correctly the client side doesn't open the certificate store at all (at
least explicitly).

I didn't really emphasise this, but I think that using LocalMachine
store is probably more insecure than necessary in that it allows anyone
with access to the machine access to the certificate to impersonate the
broker. So I'd like to change the default, however that wouldn't be
backward compatible - would that be an issue do you think?



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message