[ https://issues.apache.org/jira/browse/QPID-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13280563#comment-13280563 ]
Andrew Stitcher commented on QPID-4013: --------------------------------------- This change adds a new ssl related option to qpidd: --ssl-cert-store-location with possible values CurrentUser, LocalMachine, CurrentService This can be used to set the certificate store location that qpidd uses to find the server certificate it uses. > Windows Broker SSL is more difficult to use than necessary and possibly less > secure than possible > ------------------------------------------------------------------------------------------------- > > Key: QPID-4013 > URL: https://issues.apache.org/jira/browse/QPID-4013 > Project: Qpid > Issue Type: Improvement > Components: C++ Broker > Affects Versions: 0.14, 0.16, 0.17 > Environment: Windows > Reporter: Andrew Stitcher > Assignee: Andrew Stitcher > Priority: Minor > Fix For: 0.17 > > > The current Windows Broker SSL code always uses the LocalMachine certificate > store opened read/write. This has a number of drawbacks: > * Opening read/write means that the broker has to run as administrator to use > the certificates in the store. The broker only reads from the store so this > is actually unnecessary. > * Forcing use of LocalMachine for the certificates means that they are > readable by every user on the machine which might be a security issue. As it > would allow any process on the machine to impersonate the qpid broker. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org