[jira] [Commented] (PROTON-2663) class ssl_client_options does not have a constructor for a custom client certificate, and default certificate trust database

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/PROTON-2663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17676698#comment-17676698
 ] 

ASF subversion and git services commented on PROTON-2663:
---------------------------------------------------------

Commit b292237524dbe9f8df4d53bc68295f5b45aa915c in qpid-proton's branch 
refs/heads/main from Marko Hrastovec
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=b29223752 ]

PROTON-2663: Add a constructor to ssl_client_options class

Previously there was no way for the C++ API to specify an SSL
certificate whilst leaving the system trusted certificate db


> class ssl_client_options does not have a constructor for a custom client 
> certificate, and default certificate trust database 
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: PROTON-2663
>                 URL: https://issues.apache.org/jira/browse/PROTON-2663
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: cpp-binding
>    Affects Versions: proton-c-0.37.0
>         Environment: Linux 64bit
> Ubuntu 22.04: libqpid-proton-cpp12 0.22.0-5 (used for testing, not intended 
> for production)
> Redhat, Oracle: qpid-proton-cpp-0.37.0-1.el8.x86_64
>            Reporter: Marko Hrastovec
>            Priority: Blocker
>              Labels: ssl
>             Fix For: proton-c-0.37.0
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Class ssl_client_options does not have a constructor for a custom client 
> certificate, and default certificate trust database.
> Out application has to present a custom certificate to the server, but the 
> server uses a certificate signed by a certificate authority (CA) that is 
> present in the systems default certificate trust database.
> Curently, our only option to connect is to supply a dummy certificate trust 
> database, and use proton::ssl::ANONYMOUS_PEER which disables server check. In 
> that way, we skip an important check for a secure connection. That is 
> unacceptable for a production version of our application. Until we come to a 
> production version we must resolve that issue. That is why I marked it as a 
> blocker.
> I have a patch, but I am not sure how to contribute it. I guess reporting is 
> a first step?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org