[jira] [Commented] (DISPATCH-2259) server_name set by Dispatch Router contains illegal characters

Tue, 26 Oct 2021 06:23:08 -0700 


    [ 
https://issues.apache.org/jira/browse/DISPATCH-2259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17434358#comment-17434358
 ] 

ASF GitHub Bot commented on DISPATCH-2259:
------------------------------------------

grs closed pull request #1393:
URL: https://github.com/apache/qpid-dispatch/pull/1393


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> server_name set by Dispatch Router contains illegal characters
> --------------------------------------------------------------
>
>                 Key: DISPATCH-2259
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-2259
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Router Node
>    Affects Versions: 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.16.1
>            Reporter: Kai Hudalla
>            Priority: Major
>
> When the dispatch router is configured with an Auth Server Plugin that should 
> be accessed via a TLS connection, then the router includes the TLS Server 
> Name Indication extension ([https://datatracker.ietf.org/doc/html/rfc6066]) 
> in its TLS ServerHello message but sets the host_name to a value that is not 
> a domain name as mandated by the RFC. Instead, it sets the host_name to a 
> combination of the server name and the port configured for the Auth Server 
> Plugin. So, for Auth Server Plugin configuration
> ["authServicePlugin",
> { "name": "My Auth Server", "host": "my-auth-server.host}
> ",
>  "port": 5671,
>  "sslProfile": "external"
>  }]
> the host_name set in the server_name extension is
> my-auth-server.host:5671
> which is not a valid domain name.
> The TLS implementation that comes with Java 17 will fail the TLS handshake 
> with the dispatch router due to an illegal character in the host_name.
> I believe that this problem may also arise with other outbound connections 
> that the router creates.
> FMPOV the port suffix simply needs to be removed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to