qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kenneth Giusti" <kgiu...@apache.org>
Subject Re: Review Request 36315: PROTON-939: allow pn_ssl_set_peer_hostname to override connection's hostname.
Date Wed, 08 Jul 2015 17:24:52 GMT


> On July 8, 2015, 5:17 p.m., Andrew Stitcher wrote:
> > I think this is probably the correct semantic for the SSL hostname, if you have
multiple ways of setting it. However my original intention was to deprecate the separate SSL
way to set the peer hostname (I should probably add a deprecated note to the doctext).
> > 
> > Is there actually a case where you would ever want the SASL peer hostname ever to
be different from the SSL hostname? I can't think of any reason myself.
> 
> Andrew Stitcher wrote:
>     An alternate implementation (perhaps better) would e to ensure that the hostnames
set by different APIs are the same or return an error. This might be more in line with the
intent to deprecate the SSL API.

I was thinking of an app that needs to match against a particular Subject Alternate Name,
instead of the CN/DNS name itself.  Multiple server certs for different DNS names, all sharing
a single SAN alias.


> On July 8, 2015, 5:17 p.m., Andrew Stitcher wrote:
> > proton-c/src/transport/transport.c, line 665
> > <https://reviews.apache.org/r/36315/diff/1/?file=1002299#file1002299line665>
> >
> >     Nit:
> >     I'm guessing there are tab characters here

woop - good eye, I'll fix that.


- Kenneth


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36315/#review90912
-----------------------------------------------------------


On July 8, 2015, 4:08 p.m., Kenneth Giusti wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36315/
> -----------------------------------------------------------
> 
> (Updated July 8, 2015, 4:08 p.m.)
> 
> 
> Review request for qpid and Andrew Stitcher.
> 
> 
> Bugs: proton-939
>     https://issues.apache.org/jira/browse/proton-939
> 
> 
> Repository: qpid-proton-git
> 
> 
> Description
> -------
> 
> Prevents the connection's hostname setting overriding one set via pn_ssl_set_peer_hostname
> 
> 
> Diffs
> -----
> 
>   proton-c/include/proton/ssl.h b250e6a 
>   proton-c/src/transport/transport.c e5e8276 
>   tests/python/proton_tests/ssl.py f3c7f1f 
> 
> Diff: https://reviews.apache.org/r/36315/diff/
> 
> 
> Testing
> -------
> 
> new unit tests added
> 
> 
> Thanks,
> 
> Kenneth Giusti
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message