[jira] [Updated] (QPID-5815) Broker reports EXTERNAL mech. not supported if CN is empty
[ https://issues.apache.org/jira/browse/QPID-5815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Irina Boverman updated QPID-5815: - Issue Type: Improvement (was: Bug) Broker reports EXTERNAL mech. not supported if CN is empty -- Key: QPID-5815 URL: https://issues.apache.org/jira/browse/QPID-5815 Project: Qpid Issue Type: Improvement Components: C++ Broker Affects Versions: 0.26 Environment: Linux/RHEL 6. Reporter: Irina Boverman Priority: Trivial If EXTERNAL sasl mechanism is used for client authentication, the broker will extract the CN from the client's ssl certificate and use it as an 'authId' for sasl authentication. In a case when the client certificate is malformed (for example, a subject of the form C=FR,O=SUNGARD,OU=CLEARVISION CN=GLKXV_GLKXVALBBDBGEN1), the broker reports that it does not support EXTERNAL mechanism (this is a valid behaviour). However it would be helpful to see a message explaining why EXTERNAL mechanism is not available. -- This message was sent by Atlassian JIRA (v6.2#6252) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-5815) Broker reports EXTERNAL mech. not supported if CN is empty
[ https://issues.apache.org/jira/browse/QPID-5815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Irina Boverman updated QPID-5815: - Attachment: patch.txt Added warning message to SaslAuthenticator.cpp. Broker reports EXTERNAL mech. not supported if CN is empty -- Key: QPID-5815 URL: https://issues.apache.org/jira/browse/QPID-5815 Project: Qpid Issue Type: Improvement Components: C++ Broker Affects Versions: 0.26 Environment: Linux/RHEL 6. Reporter: Irina Boverman Priority: Trivial Fix For: Future Attachments: patch.txt If EXTERNAL sasl mechanism is used for client authentication, the broker will extract the CN from the client's ssl certificate and use it as an 'authId' for sasl authentication. In a case when the client certificate is malformed (for example, a subject of the form C=FR,O=SUNGARD,OU=CLEARVISION CN=GLKXV_GLKXVALBBDBGEN1), the broker reports that it does not support EXTERNAL mechanism (this is a valid behaviour). However it would be helpful to see a message explaining why EXTERNAL mechanism is not available. -- This message was sent by Atlassian JIRA (v6.2#6252) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-5815) Broker reports EXTERNAL mech. not supported if CN is empty
[ https://issues.apache.org/jira/browse/QPID-5815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Irina Boverman updated QPID-5815: - Fix Version/s: Future Broker reports EXTERNAL mech. not supported if CN is empty -- Key: QPID-5815 URL: https://issues.apache.org/jira/browse/QPID-5815 Project: Qpid Issue Type: Improvement Components: C++ Broker Affects Versions: 0.26 Environment: Linux/RHEL 6. Reporter: Irina Boverman Priority: Trivial Fix For: Future Attachments: patch.txt If EXTERNAL sasl mechanism is used for client authentication, the broker will extract the CN from the client's ssl certificate and use it as an 'authId' for sasl authentication. In a case when the client certificate is malformed (for example, a subject of the form C=FR,O=SUNGARD,OU=CLEARVISION CN=GLKXV_GLKXVALBBDBGEN1), the broker reports that it does not support EXTERNAL mechanism (this is a valid behaviour). However it would be helpful to see a message explaining why EXTERNAL mechanism is not available. -- This message was sent by Atlassian JIRA (v6.2#6252) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-5815) Broker reports EXTERNAL mech. not supported if CN is empty
[ https://issues.apache.org/jira/browse/QPID-5815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Irina Boverman updated QPID-5815: - Attachment: SSL.patch Added example of EXTERNAL client authentication and removed perftest references in qpid/cpp/SSL file. Broker reports EXTERNAL mech. not supported if CN is empty -- Key: QPID-5815 URL: https://issues.apache.org/jira/browse/QPID-5815 Project: Qpid Issue Type: Improvement Components: C++ Broker Affects Versions: 0.26 Environment: Linux/RHEL 6. Reporter: Irina Boverman Priority: Trivial Fix For: Future Attachments: SSL.patch, patch.txt If EXTERNAL sasl mechanism is used for client authentication, the broker will extract the CN from the client's ssl certificate and use it as an 'authId' for sasl authentication. In a case when the client certificate is malformed (for example, a subject of the form C=FR,O=SUNGARD,OU=CLEARVISION CN=GLKXV_GLKXVALBBDBGEN1), the broker reports that it does not support EXTERNAL mechanism (this is a valid behaviour). However it would be helpful to see a message explaining why EXTERNAL mechanism is not available. -- This message was sent by Atlassian JIRA (v6.2#6252) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Updated] (QPID-5815) Broker reports EXTERNAL mech. not supported if CN is empty
[ https://issues.apache.org/jira/browse/QPID-5815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Ross updated QPID-5815: -- Assignee: michael goulish Broker reports EXTERNAL mech. not supported if CN is empty -- Key: QPID-5815 URL: https://issues.apache.org/jira/browse/QPID-5815 Project: Qpid Issue Type: Improvement Components: C++ Broker Affects Versions: 0.26 Environment: Linux/RHEL 6. Reporter: Irina Boverman Assignee: michael goulish Priority: Trivial Fix For: Future Attachments: SSL.patch, patch.txt If EXTERNAL sasl mechanism is used for client authentication, the broker will extract the CN from the client's ssl certificate and use it as an 'authId' for sasl authentication. In a case when the client certificate is malformed (for example, a subject of the form C=FR,O=SUNGARD,OU=CLEARVISION CN=GLKXV_GLKXVALBBDBGEN1), the broker reports that it does not support EXTERNAL mechanism (this is a valid behaviour). However it would be helpful to see a message explaining why EXTERNAL mechanism is not available. -- This message was sent by Atlassian JIRA (v6.2#6252) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org