[ https://issues.apache.org/jira/browse/DISPATCH-2259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gordon Sim resolved DISPATCH-2259. ---------------------------------- Fix Version/s: 1.18.0 Resolution: Fixed > server_name set by Dispatch Router contains illegal characters > -------------------------------------------------------------- > > Key: DISPATCH-2259 > URL: https://issues.apache.org/jira/browse/DISPATCH-2259 > Project: Qpid Dispatch > Issue Type: Bug > Components: Router Node > Affects Versions: 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.16.1 > Reporter: Kai Hudalla > Priority: Major > Fix For: 1.18.0 > > > When the dispatch router is configured with an Auth Server Plugin that should > be accessed via a TLS connection, then the router includes the TLS Server > Name Indication extension ([https://datatracker.ietf.org/doc/html/rfc6066]) > in its TLS ServerHello message but sets the host_name to a value that is not > a domain name as mandated by the RFC. Instead, it sets the host_name to a > combination of the server name and the port configured for the Auth Server > Plugin. So, for Auth Server Plugin configuration > ["authServicePlugin", > { "name": "My Auth Server", "host": "my-auth-server.host} > ", > "port": 5671, > "sslProfile": "external" > }] > the host_name set in the server_name extension is > my-auth-server.host:5671 > which is not a valid domain name. > The TLS implementation that comes with Java 17 will fail the TLS handshake > with the dispatch router due to an illegal character in the host_name. > I believe that this problem may also arise with other outbound connections > that the router creates. > FMPOV the port suffix simply needs to be removed. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org