qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ernest Allen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-5894) Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given
Date Mon, 14 Jul 2014 16:29:05 GMT
Ernest Allen created QPID-5894:
----------------------------------

             Summary: Python client SSL authentication passes when "ssl_skip_hostname_check"
is "false" and "ssl_trustfile" is not given
                 Key: QPID-5894
                 URL: https://issues.apache.org/jira/browse/QPID-5894
             Project: Qpid
          Issue Type: Bug
          Components: Python Client
    Affects Versions: 0.22
            Reporter: Ernest Allen
            Priority: Minor


If the flag "ssl_skip_hostname_check" is explicity set to "false", but no trustfile is given,
the python client create an insecure connection without a warning or error.

The following command line illustrates the problem:
spout.py  --broker <hostname>:5671 --connection-options "{  username : 'guest', ssl_certfile
: <path_to_client.pem>, protocol : 'amqp0-10', sasl_mechanisms : 'DIGEST-MD5', ssl_skip_hostname_check
: 'false', password : 'guest', transport : 'ssl' }" --count 1 --sync-mode None "amq.topic;{}"

No trustfile was given, but ssl_skip_hostname_check was set to false. This implies that the
user wants to check the hostname. But without a valid trustfile, that is not possible. In
this case, the connection should not silently succeed with an insecure connection.







--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message