Qpid
  1. Qpid
  2. QPID-4315

SSL federation doesn't work when used with hostname rather than IP

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.14, 0.16, 0.18
    • Fix Version/s: 0.21
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      The link is established but the link registry is unable to match the link to the connection as the management id used for the connection uses the IP address and not the hostname as specified.

      1. SslSocket.patch
        0.5 kB
        Gordon Sim

        Activity

        Hide
        Gordon Sim added a comment -

        From a quick scan it looks like http://svn.apache.org/viewvc?view=revision&revision=1128067 might be the point at which it broke. The sasl_fed_ex test does test SSL based federation, but uses an IP address and in any case does not properly verify the link is actually established.

        Show
        Gordon Sim added a comment - From a quick scan it looks like http://svn.apache.org/viewvc?view=revision&revision=1128067 might be the point at which it broke. The sasl_fed_ex test does test SSL based federation, but uses an IP address and in any case does not properly verify the link is actually established.
        Hide
        Gordon Sim added a comment -

        Very simple patch that fixes issue (albeit in a rather hacky manner). Need to fix the gap in testing somehow also.

        Show
        Gordon Sim added a comment - Very simple patch that fixes issue (albeit in a rather hacky manner). Need to fix the gap in testing somehow also.
        Hide
        Andrew Stitcher added a comment -

        I'm not sure whether this bug persists on trunk, but the simple patch to fix it will no longer apply since the work unifying SSL and regular tcp sockets.

        Show
        Andrew Stitcher added a comment - I'm not sure whether this bug persists on trunk, but the simple patch to fix it will no longer apply since the work unifying SSL and regular tcp sockets.
        Hide
        Andrew Stitcher added a comment -

        Fixed in trunk r1430573

        Show
        Andrew Stitcher added a comment - Fixed in trunk r1430573
        Hide
        Andrew Stitcher added a comment -

        This issue has been fixed by changing the way that outgoing connections from a broker get their name. They now get their name for the name of the link that brings up the connection. This means that when connection notifications come back to the link registry there is no ambiguity about which link is the correct one to direct the notification to.

        The default generated names of all connections now have "qpid." prepended to avoid user specified names being able to clash (as the user is not allowed to use names starting with "qpid.")

        Show
        Andrew Stitcher added a comment - This issue has been fixed by changing the way that outgoing connections from a broker get their name. They now get their name for the name of the link that brings up the connection. This means that when connection notifications come back to the link registry there is no ambiguity about which link is the correct one to direct the notification to. The default generated names of all connections now have "qpid." prepended to avoid user specified names being able to clash (as the user is not allowed to use names starting with "qpid.")

          People

          • Assignee:
            Andrew Stitcher
            Reporter:
            Gordon Sim
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development