[ https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15344979#comment-15344979 ]
ASF GitHub Bot commented on DISPATCH-401: ----------------------------------------- Github user alanconway commented on a diff in the pull request: https://github.com/apache/qpid-dispatch/pull/83#discussion_r68114202 --- Diff: python/qpid_dispatch_internal/tools/command.py --- @@ -83,6 +83,11 @@ def connection_options(options, title="Connection Options"): help="Trusted Certificate Authority Database file (PEM Format)") group.add_option("--ssl-password", action="store", type="string", metavar="PASSWORD", help="Certificate password, will be prompted if not specifed.") + group.add_option("--no-verify-host-name", action="store_true", default=False, --- End diff -- I'd suggest: --verify-peer-name type=bool, default=true. Bool options with negative names are confusing and "host" is a bit vague - peer is more clearly the _other_ host. Also the help text is very long, maybe "Verify the peer host name matches the certificate. Default true, setting to false is insecure ." > qdstat and qdmanage client tools do not verify host name when using SSL > ----------------------------------------------------------------------- > > Key: DISPATCH-401 > URL: https://issues.apache.org/jira/browse/DISPATCH-401 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Affects Versions: 0.6.0 > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > > qdstat and qdmanage tools do not ensure that when initiating an SSL > connection the host name in the URL to which qdstat and qdmanage connect to > matches the host name in the digital certificate that the peer sends back as > part of the SSL connection. > Enable host name verification by default on qdstat and qdmanage. Add a > command line option called --no-verify-host-name which allows the host name > to not match. Add a warning to this command line option saying that it is > insecure and should not be used in production environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org