Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-c-0.37.0, proton-c-0.38.0
-
Linux 64bit
Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended for production)
Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64
-
Patch, Important
Description
Class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database.
Out application has to present a custom certificate to the server, but the server uses a certificate signed by a certificate authority (CA) that is present in the systems default certificate trust database.
Curently, our only option to connect is to supply a dummy certificate trust database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In that way, we skip an important check for a secure connection. That is unacceptable for a production version of our application. Until we come to a production version we must resolve that issue. That is why I marked it as a blocker.
I have a patch, but I am not sure how to contribute it. I guess reporting is a first step?