Ken Giusti created PROTON-161:
---------------------------------

             Summary: SSL impl does not allow verification of the peer's 
identity
                 Key: PROTON-161
                 URL: https://issues.apache.org/jira/browse/PROTON-161
             Project: Qpid Proton
          Issue Type: Bug
          Components: proton-c
    Affects Versions: 0.3
            Reporter: Ken Giusti
            Assignee: Ken Giusti
            Priority: Blocker


The current SSL implementation validates the peer's certificate, and will not 
permit the connection to come up if the certificate is invalid.

However - it does not provide a way to check if the peer's identity as provided 
in the certificate is the expected identity (eg, the same hostname used to set 
up the TCP connection).  While a certificate may be valid (that is, signed by a 
CA trusted by the client), it may not belong to the intended destination.

RFC2818 explains how this should be done - see section 3.1 Server Identity. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to