[ https://issues.apache.org/jira/browse/PROTON-1256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15378220#comment-15378220 ]
ASF subversion and git services commented on PROTON-1256: --------------------------------------------------------- Commit 391685a9e922eb56ee2fd220ee3e904b2e28f5f6 in qpid-proton's branch refs/heads/master from [~astitcher] [ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=391685a ] PROTON-1256: Track and check auto-detected protocol layers > Proton-c is very lax about allowing amqp and ssl protocol layers > ---------------------------------------------------------------- > > Key: PROTON-1256 > URL: https://issues.apache.org/jira/browse/PROTON-1256 > Project: Qpid Proton > Issue Type: Bug > Components: proton-c > Affects Versions: 0.13.1 > Reporter: Andrew Stitcher > Assignee: Andrew Stitcher > > The protocol auto detection code which is used when the proton-c transport is > in server mode does not verify that the sequence of protocol layers it allows > makes sense. > For instance it would recognise an AMQP_SASL header and process the layer and > then allow any other layer to follow that even another AMQP_SASL layer. > As far as I know there are only a few legal sequences of protocol layers: > SSL; SASL; AMQP > SSL; AMQP > SASL; AMQP > SASL; AMQP_SSL; AMQP [Not sure if this is legal, seems to be] > AMQP_SSL; SASL; AMQP > AMQP_SSL; AMQP > AMQP > Any other sequence is non-sensical at best, -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org