ActiveMQ C++ Client
  1. ActiveMQ C++ Client
  2. AMQCPP-530

SSL does not find hostname in cert with multiple cn's in dn

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.8.2
    • Fix Version/s: 3.8.3, 3.9.0
    • Component/s: Decaf
    • Labels:
    • Environment:

      unix

    • Patch Info:
      Patch Available

      Description

      The SSL certs that we use contain multiple cn's in the dn, such as
      dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"

      I do not know why they are created in this way. It is probably something legacy related. Anyway, with this ActiveMQ cpp will not find the hostname from the dn and fail dual ssl authentication.

      Here is a page on openssl that states the specific limitation of the method used in the code http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html

      And this link shows an example usage of the suggested method
      http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html

      1. OpenSSLSocket.cpp
        25 kB
        Jeffrey B
      2. unified-diff.txt
        1 kB
        Jeffrey B

        Activity

        Hide
        Jeffrey B added a comment -

        This file is decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp
        I have made a small change at the end to resolve the stated issue using a different openssl method

        Show
        Jeffrey B added a comment - This file is decaf/internal/net/ssl/openssl/OpenSSLSocket.cpp I have made a small change at the end to resolve the stated issue using a different openssl method
        Hide
        Timothy Bish added a comment -

        Could you provide a patch file so we can easily see what you've changed?

        Show
        Timothy Bish added a comment - Could you provide a patch file so we can easily see what you've changed?
        Hide
        Jeffrey B added a comment -

        Here is a unified diff file, Is this a patch?

        Show
        Jeffrey B added a comment - Here is a unified diff file, Is this a patch?
        Hide
        Timothy Bish added a comment -

        Great work, I've applied the patch on trunk and the 3.8.x fixes branch

        Show
        Timothy Bish added a comment - Great work, I've applied the patch on trunk and the 3.8.x fixes branch

          People

          • Assignee:
            Timothy Bish
            Reporter:
            Jeffrey B
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 1h
              1h
              Remaining:
              Remaining Estimate - 1h
              1h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development