Lorenz Quack created QPID-7258:
----------------------------------
Summary: [Python Client for AMQP 0-8...0-9-1] Perform hostname
verification of ssl/tls connections
Key: QPID-7258
URL: https://issues.apache.org/jira/browse/QPID-7258
Project: Qpid
Issue Type: Bug
Components: Java Client
Reporter: Lorenz Quack
Currently, the Python client for AMQP 0-8...0-9-1 does not perform hostname
verification of tls connections. this opens the possibility of
Man-in-the-Middle attacks.
We should enhance the client to have this ability, make it configurable and
turn the feature on by default.
It should respect hostnames from both CN and SANs, and support wildcards.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
