[
https://issues.apache.org/jira/browse/AXIS2C-1700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1700.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
Summary:
- Changed http_client->validate_ssl_hostname default from AXIS2_FALSE to
AXIS2_TRUE
- Updated comment to explain the security rationale
- All tests pass
Impact:
- Axis2/C clients making HTTPS requests will now validate server certificate
hostnames by
default
- Users can disable via AXIS2_SSL_VERIFY_HOST property if needed
- Server-side (mod_axis2/Apache) unaffected
> Enable SSL/TLS peer name validation by default
> ----------------------------------------------
>
> Key: AXIS2C-1700
> URL: https://issues.apache.org/jira/browse/AXIS2C-1700
> Project: Axis2-C
> Issue Type: Bug
> Components: transport/http
> Reporter: Bill Blough
> Priority: Minor
> Fix For: 2.0.0
>
>
> SSL/TLS peer name validation has been added but is disabled by default for
> backwards compatibility.
>
> This should be enabled by default in a future release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
