qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stitcher" <astitc...@apache.org>
Subject Re: Review Request 36315: PROTON-939: allow pn_ssl_set_peer_hostname to override connection's hostname.
Date Wed, 08 Jul 2015 18:10:01 GMT


> On July 8, 2015, 5:17 p.m., Andrew Stitcher wrote:
> > I think this is probably the correct semantic for the SSL hostname, if you have
multiple ways of setting it. However my original intention was to deprecate the separate SSL
way to set the peer hostname (I should probably add a deprecated note to the doctext).
> > 
> > Is there actually a case where you would ever want the SASL peer hostname ever to
be different from the SSL hostname? I can't think of any reason myself.
> 
> Andrew Stitcher wrote:
>     An alternate implementation (perhaps better) would e to ensure that the hostnames
set by different APIs are the same or return an error. This might be more in line with the
intent to deprecate the SSL API.
> 
> Kenneth Giusti wrote:
>     I was thinking of an app that needs to match against a particular Subject Alternate
Name, instead of the CN/DNS name itself.  Multiple server certs for different DNS names, all
sharing a single SAN alias.

Ok, if there is a good reason then shouldn't be deprecated - However perhaps there shold be
a note to say the primary way to do this is the pn_connection_hostname() API?


- Andrew


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/36315/#review90912
-----------------------------------------------------------


On July 8, 2015, 4:08 p.m., Kenneth Giusti wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/36315/
> -----------------------------------------------------------
> 
> (Updated July 8, 2015, 4:08 p.m.)
> 
> 
> Review request for qpid and Andrew Stitcher.
> 
> 
> Bugs: proton-939
>     https://issues.apache.org/jira/browse/proton-939
> 
> 
> Repository: qpid-proton-git
> 
> 
> Description
> -------
> 
> Prevents the connection's hostname setting overriding one set via pn_ssl_set_peer_hostname
> 
> 
> Diffs
> -----
> 
>   proton-c/include/proton/ssl.h b250e6a 
>   proton-c/src/transport/transport.c e5e8276 
>   tests/python/proton_tests/ssl.py f3c7f1f 
> 
> Diff: https://reviews.apache.org/r/36315/diff/
> 
> 
> Testing
> -------
> 
> new unit tests added
> 
> 
> Thanks,
> 
> Kenneth Giusti
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message