[jira] [Commented] (QPID-7867) Authentication using expired certificate

Mon, 07 Aug 2017 06:08:37 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-7867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16116549#comment-16116549
 ] 

Keith Wall commented on QPID-7867:
----------------------------------

Martin, the feature has been added.  Can you retest?  You'll need to enable 
{{trustAnchorValidityEnforced}} for the truststore.  You can do this through 
the UI or from REST.   Comments welcomed.

> Authentication using expired certificate
> ----------------------------------------
>
>                 Key: QPID-7867
>                 URL: https://issues.apache.org/jira/browse/QPID-7867
>             Project: Qpid
>          Issue Type: New Feature
>          Components: Java Broker
>    Affects Versions: qpid-java-broker-7.0.0
>         Environment: * qpid-jms-client version 0.23.0
> * java qpid broker 7.0.0
>            Reporter: Martin Krasa
>            Assignee: Keith Wall
>             Fix For: qpid-java-broker-7.0.0
>
>
> Using qpid-jms-client version 0.23.0 and (as of July 17 2017) expired 
> self-signed certificate (Valid until: Sat Dec 17 10:46:56 CET 2016) user can 
> _successfully authenticate_ against the java qpid broker 7.0.0 
> {code:title=extract from Java broker log file|borderStyle=solid} 2017-07-14 
> 16:34:58,022 INFO [Broker-Config] (q.m.c.open) - [con:0(/XXX.XX.XX.XX:54268)] 
> CON-1001 : Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version 
> : 1.0 : SSL 2017-07-14 16:34:58,093 INFO [IO-/172.23.38.21:54268] 
> (q.m.c.open) - [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)] CON-1001 : 
> Open : Destination : amqps(XXX.XX.XX.XXX:10202) : Protocol Version : 1.0 : 
> SSL : Client ID : ID:6303ba8b-2055-49e5-9bf8-80336865a672:1 : Client Version 
> : 0.23.0 : Client Product : QpidJMS 2017-07-14 16:34:58,124 INFO 
> [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) - 
> [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:0] CHN-1001 : Create 
> 2017-07-14 16:34:58,155 INFO [IO-/XXX.XX.XX.XX:54268] (q.m.c.create) - 
> [con:0(ACCOUNT_NAME@/XXX.XX.XX.XX:54268/default)/ch:1] CHN-1001 : Create 
> {code} {color:blue}*NOTE:* The same behaviour rings true with expired node 
> certificate{color}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to