qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-401) qdstat and qdmanage client tools do not verify host name when using SSL
Date Mon, 11 Jul 2016 16:48:11 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371135#comment-15371135
] 

ASF GitHub Bot commented on DISPATCH-401:
-----------------------------------------

Github user ganeshmurthy closed the pull request at:

    https://github.com/apache/qpid-dispatch/pull/91


> qdstat and qdmanage client tools do not verify host name when using SSL
> -----------------------------------------------------------------------
>
>                 Key: DISPATCH-401
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-401
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.6.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>
> qdstat and qdmanage tools do not ensure that when initiating an SSL connection the host
name in the URL to which qdstat and qdmanage connect to matches the host name in the digital
certificate that the peer sends back as part of the SSL connection.
> Enable host name verification by default on qdstat and qdmanage. Add a command line option
called --no-verify-host-name which allows the host name to not match. Add a warning to this
command line option saying that it is insecure and should not be used in production environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message