[
https://issues.apache.org/jira/browse/AMQCPP-530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13873699#comment-13873699
]
Timothy Bish commented on AMQCPP-530:
-------------------------------------
Could you provide a patch file so we can easily see what you've changed?
> SSL does not find hostname in cert with multiple cn's in dn
> -----------------------------------------------------------
>
> Key: AMQCPP-530
> URL: https://issues.apache.org/jira/browse/AMQCPP-530
> Project: ActiveMQ C++ Client
> Issue Type: Bug
> Components: Decaf
> Affects Versions: 3.8.2
> Environment: unix
> Reporter: Jeffrey B
> Assignee: Timothy Bish
> Priority: Minor
> Labels: ssl
> Attachments: OpenSSLSocket.cpp
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> The SSL certs that we use contain multiple cn's in the dn, such as
> dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"
> I do not know why they are created in this way. It is probably something
> legacy related. Anyway, with this ActiveMQ cpp will not find the hostname
> from the dn and fail dual ssl authentication.
> Here is a page on openssl that states the specific limitation of the method
> used in the code
> http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html
> And this link shows an example usage of the suggested method
> http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
