Re: Review Request 23616: QPID-5894 - Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given

Thu, 17 Jul 2014 09:59:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23616/#review48018
-----------------------------------------------------------


This patch looks good, except it has been applied to an older version of the 
code.  Attempting to apply the patch against the latest trunk fails.

Can you port the patch to qpid trunk and retest?

thanks,

- Kenneth Giusti


On July 17, 2014, 4:05 p.m., Ernie Allen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23616/
> -----------------------------------------------------------
> 
> (Updated July 17, 2014, 4:05 p.m.)
> 
> 
> Review request for qpid, Kenneth Giusti and Rafael Schloming.
> 
> 
> Repository: qpid
> 
> 
> Description
> -------
> 
> When the user explicitly sets ssl-skip-hostname-check to "false" in the 
> connection options, but does not supply a trustfile, an insecure connection 
> is created without an error or warning.
> 
> The patch assumes that when ssl-skip-hostname-check is explicitly set, a 
> secure connection is desired. If no trustfile is given, then an exception 
> will be raised. 
> 
> This patch distinguishes between the cases where the ssl-skip-hostname-check 
> is set to "false" by the user, and where ssl-skip-hostname-check is defaulted 
> to "false" because it was not specified. The exception is raised only in the 
> former case and only when the trustfile is not supplied.
>  
> 
> 
> Diffs
> -----
> 
>   /trunk/qpid/python/qpid/messaging/endpoints.py 1605080 
>   /trunk/qpid/python/qpid/messaging/transports.py 1605080 
> 
> Diff: https://reviews.apache.org/r/23616/diff/
> 
> 
> Testing
> -------
> 
> Verified exception is raised when ssl-skip-hostname-check is set to false in 
> the connection options but the trustfile is absent.
> Verified exception is not raised when ssl-skip-hostname-check is set to false 
> in the connection options and trustfile is present.
> Verified exception is not raised when ssl-skip-hostname-check in absent and 
> trustfile is absent.
> 
> 
> Thanks,
> 
> Ernie Allen
> 
>

Reply via email to