[ https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371127#comment-15371127 ]
ASF GitHub Bot commented on DISPATCH-401: ----------------------------------------- GitHub user ganeshmurthy opened a pull request: https://github.com/apache/qpid-dispatch/pull/91 DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. … …Added new option --ssl-disable-peer-name-verify to disable peer name verification You can merge this pull request into a Git repository by running: $ git pull https://github.com/ganeshmurthy/qpid-dispatch DISPATCH-401-3 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/qpid-dispatch/pull/91.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #91 ---- commit 23729780d4907bebc0b6fcc528bb2a74542c69a5 Author: Ganesh Murthy <gmur...@redhat.com> Date: 2016-07-11T16:42:05Z DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. Added new option --ssl-disable-peer-name-verify to disable peer name verification ---- > qdstat and qdmanage client tools do not verify host name when using SSL > ----------------------------------------------------------------------- > > Key: DISPATCH-401 > URL: https://issues.apache.org/jira/browse/DISPATCH-401 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Affects Versions: 0.6.0 > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > > qdstat and qdmanage tools do not ensure that when initiating an SSL > connection the host name in the URL to which qdstat and qdmanage connect to > matches the host name in the digital certificate that the peer sends back as > part of the SSL connection. > Enable host name verification by default on qdstat and qdmanage. Add a > command line option called --no-verify-host-name which allows the host name > to not match. Add a warning to this command line option saying that it is > insecure and should not be used in production environments. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org