Ganesh Murthy created DISPATCH-401:
--------------------------------------
Summary: qdstat and qdmanage client tools do not verify host name
when using SSL
Key: DISPATCH-401
URL: https://issues.apache.org/jira/browse/DISPATCH-401
Project: Qpid Dispatch
Issue Type: Bug
Components: Container
Affects Versions: 0.6.0
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
qdstat and qdmanage tools do not ensure that when initiating an SSL connection
the host name in the URL to which qdstat and qdmanage connect to matches the
host name in the digital certificate that the peer sends back as part of the
SSL connection.
Enable host name verification by default on qdstat and qdmanage. Add a command
line option called --no-verify-host-name which allows the host name to not
match. Add a warning to this command line option saying that it is insecure and
should not be used in production environments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
