[jira] [Commented] (QPID-4883) C++ Broker may crash if client provides SSL certificate without CommonName entry.
[ https://issues.apache.org/jira/browse/QPID-4883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13666186#comment-13666186 ] Justin Ross commented on QPID-4883: --- Reviewed by Gordon. Approved for 0.22. C++ Broker may crash if client provides SSL certificate without CommonName entry. - Key: QPID-4883 URL: https://issues.apache.org/jira/browse/QPID-4883 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.23 Reporter: Ken Giusti Assignee: Ken Giusti Priority: Blocker Fix For: 0.23 Broker does not check for a null pointer return value from the Certificate parsing routines. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-4883) C++ Broker may crash if client provides SSL certificate without CommonName entry.
[ https://issues.apache.org/jira/browse/QPID-4883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13665685#comment-13665685 ] Ken Giusti commented on QPID-4883: -- Reviewboard entry that contains a proposed patch: https://reviews.apache.org/r/11354/ C++ Broker may crash if client provides SSL certificate without CommonName entry. - Key: QPID-4883 URL: https://issues.apache.org/jira/browse/QPID-4883 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.23 Reporter: Ken Giusti Assignee: Ken Giusti Priority: Blocker Fix For: 0.23 Broker does not check for a null pointer return value from the Certificate parsing routines. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (QPID-4883) C++ Broker may crash if client provides SSL certificate without CommonName entry.
[ https://issues.apache.org/jira/browse/QPID-4883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13665694#comment-13665694 ] Ken Giusti commented on QPID-4883: -- For testing purposes, I created such a certificate using the following commands: + certutil -R -d /home/kgiusti/work/qpid/build/trunk/TMP/server_db -s O=MyCo,ST=California,C=US -o client.req -f /home/kgiusti/work/qpid/build/trunk/TMP/cert.password -z /bin/sh Generating key. This may take a few moments... + certutil -C -d /home/kgiusti/work/qpid/build/trunk/TMP/CA_db -c Test-CA -i client.req -o client.crt -f /home/kgiusti/work/qpid/build/trunk/TMP/cert.password -m 13949 + certutil -A -d /home/kgiusti/work/qpid/build/trunk/TMP/server_db -n Test-Client -i client.crt -t Pu,, + pk12util -o client_pk12.out -d /home/kgiusti/work/qpid/build/trunk/TMP/server_db -n Test-Client -v -w /home/kgiusti/work/qpid/build/trunk/TMP/cert.password -k /home/kgiusti/work/qpid/build/trunk/TMP/cert.password pk12util: PKCS12 EXPORT SUCCESSFUL + openssl pkcs12 -in ./client_pk12.out -out client_cert_key.pem -passin file:/home/kgiusti/work/qpid/build/trunk/TMP/cert.password MAC verified OK Note the -s parameter to the first command gives a subject field that does not contain a CN= entry. C++ Broker may crash if client provides SSL certificate without CommonName entry. - Key: QPID-4883 URL: https://issues.apache.org/jira/browse/QPID-4883 Project: Qpid Issue Type: Bug Components: C++ Broker Affects Versions: 0.23 Reporter: Ken Giusti Assignee: Ken Giusti Priority: Blocker Fix For: 0.23 Broker does not check for a null pointer return value from the Certificate parsing routines. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org