[PROTON-2663] class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: proton-c-0.37.0, proton-c-0.38.0
Fix Version/s: proton-c-0.39.0
Component/s: cpp-binding
Labels:
- ssl
Environment:
Linux 64bit
Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended for production)
Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64

Flags:

Patch, Important
Language:
- C++

Description

Class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database.

Out application has to present a custom certificate to the server, but the server uses a certificate signed by a certificate authority (CA) that is present in the systems default certificate trust database.

Curently, our only option to connect is to supply a dummy certificate trust database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In that way, we skip an important check for a secure connection. That is unacceptable for a production version of our application. Until we come to a production version we must resolve that issue. That is why I marked it as a blocker.

I have a patch, but I am not sure how to contribute it. I guess reporting is a first step?

Attachments

Activity

People

Assignee:: Andrew Stitcher

Reporter:: Marko Hrastovec

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 21/Dec/22 07:59

Updated:: 07/Jun/23 12:18

Resolved:: 13/Jan/23 17:01

Time Tracking

Estimated:

24h

Remaining:

24h

Logged:

Not Specified