[ https://issues.apache.org/jira/browse/QPID-5894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ernest Allen updated QPID-5894: ------------------------------- Attachment: QPID-5894.patch The patch (from Ernie Allen) assumes that if the ssl_skip_hostname_check is explicitly set to false, a secure connection is required. If the trustfile is not specified, an exception will be raised. > Python client SSL authentication passes when "ssl_skip_hostname_check" is > "false" and "ssl_trustfile" is not given > ------------------------------------------------------------------------------------------------------------------ > > Key: QPID-5894 > URL: https://issues.apache.org/jira/browse/QPID-5894 > Project: Qpid > Issue Type: Bug > Components: Python Client > Affects Versions: 0.22 > Reporter: Ernest Allen > Priority: Minor > Attachments: QPID-5894.patch > > > If the flag "ssl_skip_hostname_check" is explicity set to "false", but no > trustfile is given, the python client create an insecure connection without a > warning or error. > The following command line illustrates the problem: > spout.py --broker <hostname>:5671 --connection-options "{ username : > 'guest', ssl_certfile : <path_to_client.pem>, protocol : 'amqp0-10', > sasl_mechanisms : 'DIGEST-MD5', ssl_skip_hostname_check : 'false', password : > 'guest', transport : 'ssl' }" --count 1 --sync-mode None "amq.topic;{}" > No trustfile was given, but ssl_skip_hostname_check was set to false. This > implies that the user wants to check the hostname. But without a valid > trustfile, that is not possible. In this case, the connection should not > silently succeed with an insecure connection. -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org