[
https://issues.apache.org/jira/browse/QPID-7894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Richardson updated QPID-7894:
-----------------------------------
Description:
When 2 connections are made using ssl-client-auth within the same process using
the ssl-cert-name property to specify the user (via their cert), the second
connection uses the same cert as the first one.
This means that ACL rules will not be applied as expected.
The expected behaviour is that connections should be authorised using the cert
specified in the ssl-cert-name connection property.
The attached archive contains a script and example c++ program which set up
this scenario from scratch and demonstrate the error (NB: script recursively
deletes certain subdirectories from wherever it is run).
was:
When 2 connections are made using ssl-client-auth within the same process using
the ssl-cert-name property to specify the user (via their cert), the second
connection uses the same cert as the first one.
This means that ACL rules will not be applied as expected.
The expected behaviour is that connections should be authorised using the cert
specified in the ssl-cert-name connection property.
The attached archive contains a script and demo c++ program which set up this
scenario from scratch and demonstrate the error (NB: script recursively deletes
certain subdirectories from wherever it is run).
> SSL client auth with multiple connections does not properly use ssl_cert_name
> connection property
> -------------------------------------------------------------------------------------------------
>
> Key: QPID-7894
> URL: https://issues.apache.org/jira/browse/QPID-7894
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: qpid-cpp-1.36.0
> Environment: Ubuntu
> Reporter: Chris Richardson
> Attachments: qpid-multiuser-test.tar.gz
>
>
> When 2 connections are made using ssl-client-auth within the same process
> using the ssl-cert-name property to specify the user (via their cert), the
> second connection uses the same cert as the first one.
> This means that ACL rules will not be applied as expected.
> The expected behaviour is that connections should be authorised using the
> cert specified in the ssl-cert-name connection property.
> The attached archive contains a script and example c++ program which set up
> this scenario from scratch and demonstrate the error (NB: script recursively
> deletes certain subdirectories from wherever it is run).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
