[
https://issues.apache.org/jira/browse/PROTON-302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13813952#comment-13813952
]
ASF subversion and git services commented on PROTON-302:
--------------------------------------------------------
Commit 1539013 from r...@apache.org in branch 'proton/trunk'
[ https://svn.apache.org/r1539013 ]
PROTON-302: added negative testing for messenger ssl; added proper validation
of messenger credentials; fixed the java work queue and transport work queue
implementation; added the missing Delivery.clear() method to proton-j
> Messenger does not verify the hostname in the peer's SSL certificate.
> ---------------------------------------------------------------------
>
> Key: PROTON-302
> URL: https://issues.apache.org/jira/browse/PROTON-302
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: 0.5
> Reporter: Ken Giusti
> Assignee: Ken Giusti
> Priority: Blocker
> Fix For: 0.6
>
>
> When Messenger is configured to use SSL, and a CA database is provided (via
> set_trusted_certificates), messenger fails to check that the
> CommonName/Subject Alternate Name provided in the peer's certificate.
> Currently, it merely validates that the certificate is signed correctly.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
