qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-401) qdstat and qdmanage client tools do not verify host name when using SSL
Date Mon, 11 Jul 2016 16:51:11 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371144#comment-15371144
] 

ASF GitHub Bot commented on DISPATCH-401:
-----------------------------------------

GitHub user ganeshmurthy opened a pull request:

    https://github.com/apache/qpid-dispatch/pull/92

    DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. …

    …Added new option --ssl-disable-peer-name-verify to disable peer name verification

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ganeshmurthy/qpid-dispatch DISPATCH-401-4

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/qpid-dispatch/pull/92.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #92
    
----
commit d7dc541a4ed325548571b7aed4bbc8175dd3bf4b
Author: Ganesh Murthy <gmurthy@redhat.com>
Date:   2016-07-11T16:42:05Z

    DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. Added new option
--ssl-disable-peer-name-verify to disable peer name verification

----


> qdstat and qdmanage client tools do not verify host name when using SSL
> -----------------------------------------------------------------------
>
>                 Key: DISPATCH-401
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-401
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.6.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>
> qdstat and qdmanage tools do not ensure that when initiating an SSL connection the host
name in the URL to which qdstat and qdmanage connect to matches the host name in the digital
certificate that the peer sends back as part of the SSL connection.
> Enable host name verification by default on qdstat and qdmanage. Add a command line option
called --no-verify-host-name which allows the host name to not match. Add a warning to this
command line option saying that it is insecure and should not be used in production environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message