[
https://issues.apache.org/jira/browse/AMQCPP-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13506741#comment-13506741
]
Jeffrey B commented on AMQCPP-438:
----------------------------------
I simply changed the certificated to have the hostname as the last CN and that
make this work as is. Still it would be nice to have the option to disable the
hostname check on certificates.
> ssl doesnt match the hostname when there are multiple CN's
> ----------------------------------------------------------
>
> Key: AMQCPP-438
> URL: https://issues.apache.org/jira/browse/AMQCPP-438
> Project: ActiveMQ C++ Client
> Issue Type: Bug
> Components: Decaf
> Affects Versions: 3.4.4
> Environment: HPUX 11.31, but this is not likely important
> Reporter: Jeffrey B
> Assignee: Timothy Bish
> Labels: decaf, hostname, ssl
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> If the ssl certificate on the server has its hostname in the cn field to be
> compatable, but it also has other cn's on the same entry, which openssl
> allows and we always use for all of our certificates, the file
> OpenSSLSocket.cpp finds that they do not match.
> It is only checking one item, so it is not iterating through different cn's.
> This sometimes returns the error that the servers certificate did not match
> the hostname, and sometimes it simply says that peer did not send his
> wireformat. This has no doesnt have an option to diable it like in NMS, at
> least not that I ahave found.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
