Bug 1017743 - Posibility to disable the SSL hostname verification in C++ Linux clients
Posibility to disable the SSL hostname verification in C++ Linux clients
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: qpid-cpp (Show other bugs)
2.3
All Linux
medium Severity medium
: 3.1
: ---
Assigned To: Gordon Sim
Zdenek Kraus
: FutureFeature, Triaged
: 1017739 (view as bug list)
Depends On:
Blocks: 1112850
  Show dependency treegraph
 
Reported: 2013-10-10 08:28 EDT by Pavel Moravec
Modified: 2015-04-14 09:47 EDT (History)
8 users (show)

See Also:
Fixed In Version: qpid-cpp-0.30-2
Doc Type: Enhancement
Doc Text:
It is now possible to disable hostname verification when connecting over SSL. In some circumstances, the certificate in use does not match the hostname used, yet there is no concern over spoofing due to other network controls. Disabling the verification performed by the qpid::messaging client is convenient in this circumstance. If a connection option 'ignore_ssl_hostname_verification_failure' is set to True, then when establishing an ssl connection, the client will not attempt to verify that the hostname of the server matches that included in the certificate.
Story Points: ---
Clone Of:
: 1112850 (view as bug list)
Environment:
Last Closed: 2015-04-14 09:47:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-5841 None None None Never

  None (edit)
Comment 1 Justin Ross 2013-10-10 11:51:40 EDT
Pavel, is bug 1017739 a duplicate?
Comment 2 Pavel Moravec 2013-10-10 12:29:49 EDT
*** Bug 1017739 has been marked as a duplicate of this bug. ***
Comment 3 Pavel Moravec 2013-10-10 12:32:43 EDT
(In reply to Justin Ross from comment #1)
> Pavel, is bug 1017739 a duplicate?

Yes, already closed.

Lesson learned: Never click to "back" button during filing BZ, even though the BZ has not been created yet so far (and even though bugzilla suggests to do so).
Comment 5 Justin Ross 2014-06-23 14:22:04 EDT
Gordon, do you have any ideas for Pavel?
Comment 6 Gordon Sim 2014-06-23 17:04:15 EDT
Suggested fix: https://reviews.apache.org/r/22890/
Comment 7 Gordon Sim 2014-06-24 12:21:56 EDT
Fixed upstream for linux/NSS (https://svn.apache.org/r1605127).

I have created separate upstream JIRA to track the equivalent option on windows. Do we want to track that as a separate BZ also, or have this one track the option on all supported platforms?
Comment 8 Justin Ross 2014-06-24 13:18:56 EDT
A separate bz, please.  It may have a different priority on Windows.

(In reply to Gordon Sim from comment #7)
> Fixed upstream for linux/NSS (https://svn.apache.org/r1605127).
> 
> I have created separate upstream JIRA to track the equivalent option on
> windows. Do we want to track that as a separate BZ also, or have this one
> track the option on all supported platforms?
Comment 10 Zdenek Kraus 2015-01-13 17:11:11 EST
this was tested on RHEL 6.6 i686 and x86_64 with following packages:
python-qpid-0.30-3
python-qpid-qmf-0.30-3
qpid-cpp-client-0.30-5
qpid-cpp-client-devel-0.30-5
qpid-cpp-client-rdma-0.30-5
qpid-cpp-debuginfo-0.30-5
qpid-cpp-server-0.30-5
qpid-cpp-server-devel-0.30-5
qpid-cpp-server-ha-0.30-5
qpid-cpp-server-linearstore-0.30-5
qpid-cpp-server-rdma-0.30-5
qpid-cpp-server-xml-0.30-5
qpid-java-client-0.30-3
qpid-java-common-0.30-3
qpid-java-example-0.30-3
qpid-jca-0.22-2
qpid-jca-xarecovery-0.22-2
qpid-proton-c-0.7-4
qpid-qmf-0.30-3
qpid-tools-0.30-3

feature works as expected.
-> VERIFIED
Comment 15 errata-xmlrpc 2015-04-14 09:47:04 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-0805.html

Note You need to log in before you can comment on or make changes to this bug.