[jira] [Commented] (QPID-7867) Authentication using expired certificate
[
https://issues.apache.org/jira/browse/QPID-7867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16115891#comment-16115891
]
Keith Wall commented on QPID-7867:
--
The issue was discussed on list here:
http://qpid.2158936.n2.nabble.com/QPID-7867-Java-Broker-Authentication-using-self-signed-expired-certificates-td7665246.html
The agreement was that this was not a security issue but a new feature would be
added to the Java Broker to help this specific use-case.
> Authentication using expired certificate
>
>
> Key: QPID-7867
> URL: https://issues.apache.org/jira/browse/QPID-7867
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
>Affects Versions: qpid-java-broker-7.0.0
> Environment: * qpid-jms-client version 0.23.0
> * java qpid broker 7.0.0
>Reporter: Martin Krasa
>
> Using qpid-jms-client version 0.23.0 and (as of July 17 2017) expired
> self-signed certificate (Valid until: Sat Dec 17 10:46:56 CET 2016) user can
> _successfully authenticate_ against the java qpid broker 7.0.0
> {code:title=extract from Java broker log file|borderStyle=solid} 2017-07-14
> 16:34:58,022 INFO [Broker-Config] (q.m.c.open) - [con:0(/XXX.XX.XX.XX:54268)]
> CON-1001 : Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version
> : 1.0 : SSL 2017-07-14 16:34:58,093 INFO [IO-/172.23.38.21:54268]
> (q.m.c.open) - [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)] CON-1001 :
> Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version : 1.0 :
> SSL : Client ID : ID:6303ba8b-2055-49e5-9bf8-80336865a672:1 : Client Version
> : 0.23.0 : Client Product : QpidJMS 2017-07-14 16:34:58,124 INFO
> [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) -
> [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:0] CHN-1001 : Create
> 2017-07-14 16:34:58,155 INFO [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) -
> [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:1] CHN-1001 : Create
> {code} {color:blue}*NOTE:* The same behaviour rings true with expired node
> certificate{color}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-1412) Add fuzzers to proton-c tests
[ https://issues.apache.org/jira/browse/PROTON-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16115692#comment-16115692 ] ASF GitHub Bot commented on PROTON-1412: Github user jdanekrh commented on the issue: https://github.com/apache/qpid-proton/pull/95 BTW: adding fuzzers to qpid-proton will not automatically enable fuzzing in OSS-Fuzz. For that, somebody would then have to commit a Dockerfile and a shell script to the OSS-Fuzz repository. Which can be postponed until qpid-dispatch is ready for that. (Unless somebody just goes ahead and does it; but they could add it anyways, they would just have to keep the fuzzers in their own repository and enhance the bash script to apply them as a patch, or something...) > Add fuzzers to proton-c tests > - > > Key: PROTON-1412 > URL: https://issues.apache.org/jira/browse/PROTON-1412 > Project: Qpid Proton > Issue Type: Wish > Components: proton-c >Reporter: Jiri Danek >Assignee: Andrew Stitcher >Priority: Minor > Original Estimate: 48h > Remaining Estimate: 48h > > Add fuzzers to proton-c test suite in order to be able to perform fuzz > testing of qpid-proton. > This would then allow including qpid-proton to > https://github.com/google/oss-fuzz, a service that executes fuzzers for > opensource projects. > I intend to propose a patch to do this today or tomorrow by cleaning up my > proof-of-concept > https://github.com/jdanekrh/qpid-proton-fuzz/tree/master/proton-c/src/tests. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[GitHub] qpid-proton issue #95: PROTON-1412 Add fuzzers to proton-c tests
Github user jdanekrh commented on the issue: https://github.com/apache/qpid-proton/pull/95 BTW: adding fuzzers to qpid-proton will not automatically enable fuzzing in OSS-Fuzz. For that, somebody would then have to commit a Dockerfile and a shell script to the OSS-Fuzz repository. Which can be postponed until qpid-dispatch is ready for that. (Unless somebody just goes ahead and does it; but they could add it anyways, they would just have to keep the fuzzers in their own repository and enhance the bash script to apply them as a patch, or something...) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
