Uploaded image for project: 'ActiveMQ C++ Client'
  1. ActiveMQ C++ Client
  2. AMQCPP-530

SSL does not find hostname in cert with multiple cn's in dn

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.8.2
    • Fix Version/s: 3.8.3, 3.9.0
    • Component/s: Decaf
    • Labels:
    • Environment:

      unix

    • Patch Info:
      Patch Available

      Description

      The SSL certs that we use contain multiple cn's in the dn, such as
      dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"

      I do not know why they are created in this way. It is probably something legacy related. Anyway, with this ActiveMQ cpp will not find the hostname from the dn and fail dual ssl authentication.

      Here is a page on openssl that states the specific limitation of the method used in the code http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html

      And this link shows an example usage of the suggested method
      http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html

        Attachments

        1. OpenSSLSocket.cpp
          25 kB
          Jeffrey B
        2. unified-diff.txt
          1 kB
          Jeffrey B

          Activity

            People

            • Assignee:
              tabish121 Timothy Bish
              Reporter:
              doldrums Jeffrey B
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1h
                1h
                Remaining:
                Remaining Estimate - 1h
                1h
                Logged:
                Time Spent - Not Specified
                Not Specified