[
https://issues.apache.org/jira/browse/QPID-5894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ernest Allen updated QPID-5894:
-------------------------------
Attachment: QPID-5894.patch
The patch (from Ernie Allen) assumes that if the ssl_skip_hostname_check is
explicitly set to false, a secure connection is required. If the trustfile is
not specified, an exception will be raised.
> Python client SSL authentication passes when "ssl_skip_hostname_check" is
> "false" and "ssl_trustfile" is not given
> ------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-5894
> URL: https://issues.apache.org/jira/browse/QPID-5894
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.22
> Reporter: Ernest Allen
> Priority: Minor
> Attachments: QPID-5894.patch
>
>
> If the flag "ssl_skip_hostname_check" is explicity set to "false", but no
> trustfile is given, the python client create an insecure connection without a
> warning or error.
> The following command line illustrates the problem:
> spout.py --broker <hostname>:5671 --connection-options "{ username :
> 'guest', ssl_certfile : <path_to_client.pem>, protocol : 'amqp0-10',
> sasl_mechanisms : 'DIGEST-MD5', ssl_skip_hostname_check : 'false', password :
> 'guest', transport : 'ssl' }" --count 1 --sync-mode None "amq.topic;{}"
> No trustfile was given, but ssl_skip_hostname_check was set to false. This
> implies that the user wants to check the hostname. But without a valid
> trustfile, that is not possible. In this case, the connection should not
> silently succeed with an insecure connection.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
