----- Original Message ----- > From: "cqi" <[email protected]> > To: [email protected] > Sent: Monday, March 13, 2017 5:20:47 AM > Subject: If not call set_trusted_ca_db, does proton attempt to read ca cert > from somewhere? > > I need to connect a broker and peers need to be verified over SSL. > set_trusted_ca_db function should be called to specify the part to the crt > file. However, if this function is not called, does proto attempt to find > and read certificate from somewhere automatically? >
No it does not. If no CA is given to proton it defaults to using anonymous ciphers which do not perform authentication (and are thus prone to MITM attacks). See the explanation of 'aNULL' ciphers in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/If-not-call-set-trusted-ca-db-does-proton-attempt-to-read-ca-cert-from-somewhere-tp7660510.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- -K --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
