qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-401) qdstat and qdmanage client tools do not verify host name when using SSL
Date Mon, 11 Jul 2016 18:11:11 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371318#comment-15371318
] 

ASF subversion and git services commented on DISPATCH-401:
----------------------------------------------------------

Commit d7dc541a4ed325548571b7aed4bbc8175dd3bf4b in qpid-dispatch's branch refs/heads/master
from [~ganeshmurthy]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=d7dc541 ]

DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. Added new option --ssl-disable-peer-name-verify
to disable peer name verification


> qdstat and qdmanage client tools do not verify host name when using SSL
> -----------------------------------------------------------------------
>
>                 Key: DISPATCH-401
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-401
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.6.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>
> qdstat and qdmanage tools do not ensure that when initiating an SSL connection the host
name in the URL to which qdstat and qdmanage connect to matches the host name in the digital
certificate that the peer sends back as part of the SSL connection.
> Enable host name verification by default on qdstat and qdmanage. Add a command line option
called --no-verify-host-name which allows the host name to not match. Add a warning to this
command line option saying that it is insecure and should not be used in production environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message