[qpid-dispatch] branch master updated: DISPATCH-1296 - Change use of pn_ssl_domain_allow_unsecured_client() to pn_transport_require_encryption() This closes #469 - pn_ssl_domain_unsecured_client() is deprecated and may be removed.

Wed, 20 Mar 2019 09:44:41 -0700 

This is an automated email from the ASF dual-hosted git repository.

tross pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git


The following commit(s) were added to refs/heads/master by this push:
     new 136940b  DISPATCH-1296 - Change use of 
pn_ssl_domain_allow_unsecured_client() to pn_transport_require_encryption() 
This closes #469 - pn_ssl_domain_unsecured_client() is deprecated and may be 
removed.
136940b is described below

commit 136940b55a6c0d269726f27e3c0087deafa492e5
Author: Andrew Stitcher <astitc...@apache.org>
AuthorDate: Mon Mar 18 15:30:38 2019 -0400

    DISPATCH-1296 - Change use of pn_ssl_domain_allow_unsecured_client() to 
pn_transport_require_encryption()
    This closes #469
    - pn_ssl_domain_unsecured_client() is deprecated and may be removed.
---
 src/server.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/server.c b/src/server.c
index 320adfe..4b28ed6 100644
--- a/src/server.c
+++ b/src/server.c
@@ -367,12 +367,6 @@ static qd_error_t listener_setup_ssl(qd_connection_t *ctx, 
const qd_server_confi
         pn_ssl_domain_free(domain);
         return qd_error(QD_ERROR_RUNTIME, "Cannot set SSL credentials");
     }
-    if (!config->ssl_required) {
-        if (pn_ssl_domain_allow_unsecured_client(domain)) {
-            pn_ssl_domain_free(domain);
-            return qd_error(QD_ERROR_RUNTIME, "Cannot allow unsecured client");
-        }
-    }
 
     // for peer authentication:
     if (config->ssl_trusted_certificate_db) {
@@ -414,6 +408,11 @@ static qd_error_t listener_setup_ssl(qd_connection_t *ctx, 
const qd_server_confi
         return qd_error(QD_ERROR_RUNTIME, "Cannot initialize SSL");
     }
 
+    // By default adding ssl to a transport forces encryption to be required, 
so if it's not set that here
+    if (!config->ssl_required) {
+        pn_transport_require_encryption(tport, false);
+    }
+
     pn_ssl_domain_free(domain);
     return QD_ERROR_NONE;
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to