[
https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16815629#comment-16815629
]
ASF subversion and git services commented on PROTON-2014:
---------------------------------------------------------
Commit 4aea0fd8502f5e9af7f22fd60645eeec07bce0b2 in qpid-proton's branch
refs/heads/0.27.x from Andrew Stitcher
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd ]
PROTON-2014: [c] Ensure SSL mutual authentication
(cherry picked from commit 97c7733f07712665f3d08091c82c393e4c3adbf7)
> [c] Example broker can silently use anonymous ciphers when misconfigured
> ------------------------------------------------------------------------
>
> Key: PROTON-2014
> URL: https://issues.apache.org/jira/browse/PROTON-2014
> Project: Qpid Proton
> Issue Type: Bug
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Major
> Fix For: proton-c-0.27.1, proton-c-0.28.0
>
>
> The example broker does not check the return value from
> {color:#2e3436}pn_ssl_domain_set_credentials(){color} and if given a bad
> certificate will allow anonymous ciphers without even displaying an error
> message.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
