Clifford Jansen created PROTON-2374:
---------------------------------------
Summary: Windows TLS processing rejects valid V1 X509 certificates
Key: PROTON-2374
URL: https://issues.apache.org/jira/browse/PROTON-2374
Project: Qpid Proton
Issue Type: Bug
Components: cpp-binding, proton-c
Affects Versions: proton-c-0.33.0
Environment: Windows
Reporter: Clifford Jansen
Assignee: Clifford Jansen
Proton TLS processing for Windows rejects all Version 1 X509 certificates when
verifying a peer in the opening handshake.
This is inconsistent with the Posix versions which accept Version 1
certificates without fuss.
While some might argue no one should be using V1 certs these days (unless
needed by some ancient legacy application carefully isolated in a VPN), there
is no outright ban on their use. It is easy enough to end up with V1
certificates using OpenSSL tooling.
In the absence of a good argument to exclude V1 certs, this should be fixed and
the current tests expanded to include additional certificate chains containing
one or more V1 certificates.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
