> On July 8, 2015, 5:17 p.m., Andrew Stitcher wrote: > > I think this is probably the correct semantic for the SSL hostname, if you > > have multiple ways of setting it. However my original intention was to > > deprecate the separate SSL way to set the peer hostname (I should probably > > add a deprecated note to the doctext). > > > > Is there actually a case where you would ever want the SASL peer hostname > > ever to be different from the SSL hostname? I can't think of any reason > > myself. > > Andrew Stitcher wrote: > An alternate implementation (perhaps better) would e to ensure that the > hostnames set by different APIs are the same or return an error. This might > be more in line with the intent to deprecate the SSL API. > > Kenneth Giusti wrote: > I was thinking of an app that needs to match against a particular Subject > Alternate Name, instead of the CN/DNS name itself. Multiple server certs for > different DNS names, all sharing a single SAN alias.
Ok, if there is a good reason then shouldn't be deprecated - However perhaps there shold be a note to say the primary way to do this is the pn_connection_hostname() API? - Andrew ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36315/#review90912 ----------------------------------------------------------- On July 8, 2015, 4:08 p.m., Kenneth Giusti wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36315/ > ----------------------------------------------------------- > > (Updated July 8, 2015, 4:08 p.m.) > > > Review request for qpid and Andrew Stitcher. > > > Bugs: proton-939 > https://issues.apache.org/jira/browse/proton-939 > > > Repository: qpid-proton-git > > > Description > ------- > > Prevents the connection's hostname setting overriding one set via > pn_ssl_set_peer_hostname > > > Diffs > ----- > > proton-c/include/proton/ssl.h b250e6a > proton-c/src/transport/transport.c e5e8276 > tests/python/proton_tests/ssl.py f3c7f1f > > Diff: https://reviews.apache.org/r/36315/diff/ > > > Testing > ------- > > new unit tests added > > > Thanks, > > Kenneth Giusti > >
