qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-5960) ssl_verify_hostname should default to true rather than false
Date Wed, 06 Aug 2014 12:01:16 GMT

    [ https://issues.apache.org/jira/browse/QPID-5960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14087584#comment-14087584
] 

Keith Wall commented on QPID-5960:
----------------------------------

Rob said: For convenience for those upgrading from earlier versions, would it make sense to
add a system property to be able to set the global default, in addition to the existing ability
to set at the individual connection level?  In this way those who do not want to have to edit
a number of connection URLs could simply set a system property to restore the previous (broken)
behaviour.

> ssl_verify_hostname should default to true rather than false
> ------------------------------------------------------------
>
>                 Key: QPID-5960
>                 URL: https://issues.apache.org/jira/browse/QPID-5960
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Client
>            Reporter: Keith Wall
>             Fix For: 0.29
>
>
> The Java Client's connection url option ssl_verify_hostname has traditionally defaulted
to false meaning that during the SSL negotiation the Java client ignores hostname errors.
  This is weak: by default the client should validate the hostname.  If users should be forced
to turn host name verification off if desired.
> I believe this will also bring the behaviour of the Java client in line with the CPP
client (QPID-5841)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message