[
https://issues.apache.org/jira/browse/PROTON-1256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15378220#comment-15378220
]
ASF subversion and git services commented on PROTON-1256:
---------------------------------------------------------
Commit 391685a9e922eb56ee2fd220ee3e904b2e28f5f6 in qpid-proton's branch
refs/heads/master from [~astitcher]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=391685a ]
PROTON-1256: Track and check auto-detected protocol layers
> Proton-c is very lax about allowing amqp and ssl protocol layers
> ----------------------------------------------------------------
>
> Key: PROTON-1256
> URL: https://issues.apache.org/jira/browse/PROTON-1256
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.13.1
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
>
> The protocol auto detection code which is used when the proton-c transport is
> in server mode does not verify that the sequence of protocol layers it allows
> makes sense.
> For instance it would recognise an AMQP_SASL header and process the layer and
> then allow any other layer to follow that even another AMQP_SASL layer.
> As far as I know there are only a few legal sequences of protocol layers:
> SSL; SASL; AMQP
> SSL; AMQP
> SASL; AMQP
> SASL; AMQP_SSL; AMQP [Not sure if this is legal, seems to be]
> AMQP_SSL; SASL; AMQP
> AMQP_SSL; AMQP
> AMQP
> Any other sequence is non-sensical at best,
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
