[
https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15344984#comment-15344984
]
ASF GitHub Bot commented on DISPATCH-401:
-----------------------------------------
Github user grs commented on a diff in the pull request:
https://github.com/apache/qpid-dispatch/pull/83#discussion_r68114603
--- Diff: python/qpid_dispatch_internal/tools/command.py ---
@@ -83,6 +83,11 @@ def connection_options(options, title="Connection
Options"):
help="Trusted Certificate Authority Database file
(PEM Format)")
group.add_option("--ssl-password", action="store", type="string",
metavar="PASSWORD",
help="Certificate password, will be prompted if not
specifed.")
+ group.add_option("--no-verify-host-name", action="store_true",
default=False,
--- End diff --
Maybe add 'ssl' to the option also.
> qdstat and qdmanage client tools do not verify host name when using SSL
> -----------------------------------------------------------------------
>
> Key: DISPATCH-401
> URL: https://issues.apache.org/jira/browse/DISPATCH-401
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.6.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
>
> qdstat and qdmanage tools do not ensure that when initiating an SSL
> connection the host name in the URL to which qdstat and qdmanage connect to
> matches the host name in the digital certificate that the peer sends back as
> part of the SSL connection.
> Enable host name verification by default on qdstat and qdmanage. Add a
> command line option called --no-verify-host-name which allows the host name
> to not match. Add a warning to this command line option saying that it is
> insecure and should not be used in production environments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
