[
https://issues.apache.org/jira/browse/PROTON-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13504688#comment-13504688
]
Rafael H. Schloming commented on PROTON-161:
--------------------------------------------
What amount of plug-ability to you anticipate needing here? I'd like to be able
to provide up front configuration to cover the majority of scenarios here, not
only for convenience, but also because there's a significant technical obstacle
to doing callbacks across language boundaries. Do you think wildcard matching
would cover 90% of the cases? Are there significant other scenarios we
could/should account for up front?
> SSL impl does not allow verification of the peer's identity
> -----------------------------------------------------------
>
> Key: PROTON-161
> URL: https://issues.apache.org/jira/browse/PROTON-161
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.3
> Reporter: Ken Giusti
> Assignee: Ken Giusti
> Priority: Blocker
>
> The current SSL implementation validates the peer's certificate, and will not
> permit the connection to come up if the certificate is invalid.
> However - it does not provide a way to check if the peer's identity as
> provided in the certificate is the expected identity (eg, the same hostname
> used to set up the TCP connection). While a certificate may be valid (that
> is, signed by a CA trusted by the client), it may not belong to the intended
> destination.
> RFC2818 explains how this should be done - see section 3.1 Server Identity.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
