Kai Hudalla created DISPATCH-2259:
-------------------------------------
Summary: server_name set by Dispatch Router contains illegal
characters
Key: DISPATCH-2259
URL: https://issues.apache.org/jira/browse/DISPATCH-2259
Project: Qpid Dispatch
Issue Type: Bug
Components: Router Node
Affects Versions: 1.16.1, 1.17.0, 1.16.0, 1.15.0, 1.14.0
Reporter: Kai Hudalla
When the dispatch router is configured with an Auth Server Plugin that should
be accessed via a TLS connection, then the router includes the TLS Server Name
Indication extension (https://datatracker.ietf.org/doc/html/rfc6066) in its TLS
ServerHello message but sets the host_name to a value that is not a domain name
as mandated by the RFC. Instead, it sets the host_name to a combination of the
server name and the port configured for the Auth Server Plugin. So, for Auth
Server Plugin configuration
["authServicePlugin", {
"name": "My Auth Server",
"host": "my-auth-server.host}",
"port": 5671,
"sslProfile": "external"
}]
the host_name set in the server_name extension is
my-auth-server.host:5671
which is not a valid domain name.
The TLS implementation that comes with Java 17 will fail the TLS handshake with
the dispatch router due to an illegal character in the host_name.
FMPOV the port suffix simply needs to be removed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
