[AMQCPP-530] SSL does not find hostname in cert with multiple cn's in dn - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.8.2
Fix Version/s: 3.8.3, 3.9.0
Component/s: Decaf
Labels:
- ssl
Environment:

unix

Patch Info:

Patch Available

Description

The SSL certs that we use contain multiple cn's in the dn, such as
dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"

I do not know why they are created in this way. It is probably something legacy related. Anyway, with this ActiveMQ cpp will not find the hostname from the dn and fail dual ssl authentication.

Here is a page on openssl that states the specific limitation of the method used in the code http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html

And this link shows an example usage of the suggested method
http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OpenSSLSocket.cpp
16/Jan/14 18:11
25 kB
Jeffrey B
unified-diff.txt
16/Jan/14 18:35
1 kB
Jeffrey B

Activity

People

Assignee:: Timothy A. Bish

Reporter:: Jeffrey B

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Jan/14 18:06

Updated:: 16/Jan/14 19:42

Resolved:: 16/Jan/14 19:42

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified