Re: Review Request 23616: QPID-5894 - Python client SSL authentication passes when "ssl_skip_hostname_check" is "false" and "ssl_trustfile" is not given

Thu, 17 Jul 2014 12:48:42 -0700 


> On July 17, 2014, 4:57 p.m., Kenneth Giusti wrote:
> > This patch looks good, except it has been applied to an older version of 
> > the code.  Attempting to apply the patch against the latest trunk fails.
> > 
> > Can you port the patch to qpid trunk and retest?
> > 
> > thanks,

The patch has been updated to work with trunk.


- Ernie


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/23616/#review48018
-----------------------------------------------------------


On July 17, 2014, 7:47 p.m., Ernie Allen wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/23616/
> -----------------------------------------------------------
> 
> (Updated July 17, 2014, 7:47 p.m.)
> 
> 
> Review request for qpid, Kenneth Giusti and Rafael Schloming.
> 
> 
> Repository: qpid
> 
> 
> Description
> -------
> 
> When the user explicitly sets ssl-skip-hostname-check to "false" in the 
> connection options, but does not supply a trustfile, an insecure connection 
> is created without an error or warning.
> 
> The patch assumes that when ssl-skip-hostname-check is explicitly set, a 
> secure connection is desired. If no trustfile is given, then an exception 
> will be raised. 
> 
> This patch distinguishes between the cases where the ssl-skip-hostname-check 
> is set to "false" by the user, and where ssl-skip-hostname-check is defaulted 
> to "false" because it was not specified. The exception is raised only in the 
> former case and only when the trustfile is not supplied.
>  
> 
> 
> Diffs
> -----
> 
>   /trunk/qpid/python/qpid/messaging/endpoints.py 1611448 
>   /trunk/qpid/python/qpid/messaging/transports.py 1611448 
> 
> Diff: https://reviews.apache.org/r/23616/diff/
> 
> 
> Testing
> -------
> 
> Verified exception is raised when ssl-skip-hostname-check is set to false in 
> the connection options but the trustfile is absent.
> Verified exception is not raised when ssl-skip-hostname-check is set to false 
> in the connection options and trustfile is present.
> Verified exception is not raised when ssl-skip-hostname-check in absent and 
> trustfile is absent.
> 
> 
> Thanks,
> 
> Ernie Allen
> 
>

Reply via email to