[ https://issues.apache.org/jira/browse/PROTON-2663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17676698#comment-17676698 ]
ASF subversion and git services commented on PROTON-2663: --------------------------------------------------------- Commit b292237524dbe9f8df4d53bc68295f5b45aa915c in qpid-proton's branch refs/heads/main from Marko Hrastovec [ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=b29223752 ] PROTON-2663: Add a constructor to ssl_client_options class Previously there was no way for the C++ API to specify an SSL certificate whilst leaving the system trusted certificate db > class ssl_client_options does not have a constructor for a custom client > certificate, and default certificate trust database > ----------------------------------------------------------------------------------------------------------------------------- > > Key: PROTON-2663 > URL: https://issues.apache.org/jira/browse/PROTON-2663 > Project: Qpid Proton > Issue Type: Improvement > Components: cpp-binding > Affects Versions: proton-c-0.37.0 > Environment: Linux 64bit > Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended > for production) > Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64 > Reporter: Marko Hrastovec > Priority: Blocker > Labels: ssl > Fix For: proton-c-0.37.0 > > Original Estimate: 24h > Remaining Estimate: 24h > > Class ssl_client_options does not have a constructor for a custom client > certificate, and default certificate trust database. > Out application has to present a custom certificate to the server, but the > server uses a certificate signed by a certificate authority (CA) that is > present in the systems default certificate trust database. > Curently, our only option to connect is to supply a dummy certificate trust > database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In > that way, we skip an important check for a secure connection. That is > unacceptable for a production version of our application. Until we come to a > production version we must resolve that issue. That is why I marked it as a > blocker. > I have a patch, but I am not sure how to contribute it. I guess reporting is > a first step? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org