Qpid
  1. Qpid
  2. QPID-2444

JMS client does not verify that the hostname connected to matches that specified in the servers certificate

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.6
    • Fix Version/s: 0.7
    • Component/s: Java Client
    • Labels:
      None

      Description

      The JMS client will succeed in connecting to a broker whose certificate has a
      random string as the common name. It should (at least as an option) verify that
      the CN matches the hostname it believes it has connected to.

        Activity

        Hide
        Rajith Attapattu added a comment -

        The SSLTest has "testVerifyHostName" , "testVerifyLocalHost' and "testVerifyLocalHostLocalDomain" as test cases for this feature.
        This feature has been verified manually as well.

        Show
        Rajith Attapattu added a comment - The SSLTest has "testVerifyHostName" , "testVerifyLocalHost' and "testVerifyLocalHostLocalDomain" as test cases for this feature. This feature has been verified manually as well.
        Hide
        Rajith Attapattu added a comment -

        In order to enable hostname verification, you need to use ssl_verify_hostname='true' in the broker URL.

        Ex "amqp://guest:guest@test/?brokerlist='tcp://<hostname>:5671?ssl='true'&ssl_verify_hostname='true''"

        Show
        Rajith Attapattu added a comment - In order to enable hostname verification, you need to use ssl_verify_hostname='true' in the broker URL. Ex "amqp://guest:guest@test/?brokerlist='tcp://<hostname>:5671?ssl='true'&ssl_verify_hostname='true''"

          People

          • Assignee:
            Rajith Attapattu
            Reporter:
            Rajith Attapattu
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development