On 26/03/2020 12:40 pm, Fernández Parejo, José Alberto wrote:
Hi all,We are using qpid-cpp using AMQP 1.0 with SSL to connect to an external broker. Broker administrator told us to set the following ssl parameters due to we are getting SSL errors due to verification fails Trust all = true Verify host = false We have set: connection.setOption("ssl-ignore-hostname-verification-failure", "TRUE"); to fullfil Verify host = false. Is this option right?
Yes, that means that even if the certificate is not signed for use as the hostname by which you are connecting, it will not fail. (Of course that does mean that SSL is not guaranteeing you are actually connected to the host you want to connect to.)
Is there any options to set trust all to true?
Not that I know of. The qpid-cpp library uses mozilla's NSS for SSL. Assuming your server is using a self signed cert, and that is the reason for wanting to trust all, you can just add the public cert for the server to your clients cert dab and mark it trusted.
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
