Marko Hrastovec created PROTON-2663:
---------------------------------------
Summary: class ssl_client_options does not have a constructor for
a custom client certificate, and default certificate trust database
Key: PROTON-2663
URL: https://issues.apache.org/jira/browse/PROTON-2663
Project: Qpid Proton
Issue Type: Improvement
Components: cpp-binding
Affects Versions: proton-c-0.37.0
Environment: Linux 64bit
Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended for
production)
Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64
Reporter: Marko Hrastovec
Fix For: proton-c-0.37.0
Class ssl_client_options does not have a constructor for a custom client
certificate, and default certificate trust database.
Out application has to present a custom certificate to the server, but the
server uses a certificate signed by a certificate authority (CA) that is
present in the systems default certificate trust database.
Curently, our only option to connect is to supply a dummy certificate trust
database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In
that way, we skip an important check for a secure connection. That is
unacceptable for a production version of our application. Until we come to a
production version we must resolve that issue. That is why I marked it as a
blocker.
I have a patch, but I am not sure how to contribute it. I guess reporting is a
first step?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
