[ARTEMIS-656] Artemis does not seem to check the hostname on SSL / TLS connect - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.4.0
Component/s: None
Labels:
None

Description

(I am reporting this second hand, please let me know if this bug report doesn't sound right).

Artemis doesn't configure a trust manager when connecting bridges, so there's no attempt to verify that the hostname of the target broker matches the one that triggered the connection. An example fix might be

sslparameters.setEndpointIdentificationAlgorithm("HTTPS")

and then pass the hostname/port into the SSLEngine constructor.

Attachments

Activity

People

Assignee:: Justin Bertram

Reporter:: Mike Hearn

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Jul/16 14:16

Updated:: 03/Nov/16 20:39

Resolved:: 15/Aug/16 20:16