[
https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280563#comment-13280563
]
Andrew Stitcher commented on QPID-4013:
---------------------------------------
This change adds a new ssl related option to qpidd:
--ssl-cert-store-location
with possible values CurrentUser, LocalMachine, CurrentService
This can be used to set the certificate store location that qpidd uses to find
the server certificate it uses.
> Windows Broker SSL is more difficult to use than necessary and possibly less
> secure than possible
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-4013
> URL: https://issues.apache.org/jira/browse/QPID-4013
> Project: Qpid
> Issue Type: Improvement
> Components: C++ Broker
> Affects Versions: 0.14, 0.16, 0.17
> Environment: Windows
> Reporter: Andrew Stitcher
> Assignee: Andrew Stitcher
> Priority: Minor
> Fix For: 0.17
>
>
> The current Windows Broker SSL code always uses the LocalMachine certificate
> store opened read/write. This has a number of drawbacks:
> * Opening read/write means that the broker has to run as administrator to use
> the certificates in the store. The broker only reads from the store so this
> is actually unnecessary.
> * Forcing use of LocalMachine for the certificates means that they are
> readable by every user on the machine which might be a security issue. As it
> would allow any process on the machine to impersonate the qpid broker.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
