[jira] [Commented] (DISPATCH-401) qdstat and qdmanage client tools do not verify host name when using SSL

Mon, 11 Jul 2016 09:51:38 -0700 

    [ 
https://issues.apache.org/jira/browse/DISPATCH-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15371144#comment-15371144
 ] 

ASF GitHub Bot commented on DISPATCH-401:
-----------------------------------------

GitHub user ganeshmurthy opened a pull request:

    https://github.com/apache/qpid-dispatch/pull/92

    DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. …

    …Added new option --ssl-disable-peer-name-verify to disable peer name 
verification

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ganeshmurthy/qpid-dispatch DISPATCH-401-4

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/qpid-dispatch/pull/92.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #92
    
----
commit d7dc541a4ed325548571b7aed4bbc8175dd3bf4b
Author: Ganesh Murthy <gmur...@redhat.com>
Date:   2016-07-11T16:42:05Z

    DISPATCH-401 - Made qdstat and qdmanage verify peer name by default. Added 
new option --ssl-disable-peer-name-verify to disable peer name verification

----


> qdstat and qdmanage client tools do not verify host name when using SSL
> -----------------------------------------------------------------------
>
>                 Key: DISPATCH-401
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-401
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Container
>    Affects Versions: 0.6.0
>            Reporter: Ganesh Murthy
>            Assignee: Ganesh Murthy
>
> qdstat and qdmanage tools do not ensure that when initiating an SSL 
> connection the host name in the URL to which qdstat and qdmanage connect to 
> matches the host name in the digital certificate that the peer sends back as 
> part of the SSL connection.
> Enable host name verification by default on qdstat and qdmanage. Add a 
> command line option called --no-verify-host-name which allows the host name 
> to not match. Add a warning to this command line option saying that it is 
> insecure and should not be used in production environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to