Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
0.14, 0.16, 0.17
-
None
-
Windows
Description
The current Windows Broker SSL code always uses the LocalMachine certificate store opened read/write. This has a number of drawbacks:
- Opening read/write means that the broker has to run as administrator to use the certificates in the store. The broker only reads from the store so this is actually unnecessary.
- Forcing use of LocalMachine for the certificates means that they are readable by every user on the machine which might be a security issue. As it would allow any process on the machine to impersonate the qpid broker.