activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy Bish (JIRA)" <>
Subject [jira] [Commented] (AMQCPP-438) ssl doesnt match the hostname when there are multiple CN's
Date Tue, 13 Nov 2012 16:48:12 GMT


Timothy Bish commented on AMQCPP-438:

We welcome patches if you'd like to update the OpenSSLSocket class to allow for parsing of
your certificate configurations
> ssl doesnt match the hostname when there are multiple CN's
> ----------------------------------------------------------
>                 Key: AMQCPP-438
>                 URL:
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: Decaf
>    Affects Versions: 3.4.4
>         Environment: HPUX 11.31, but this is not likely important
>            Reporter: Jeffrey B
>            Assignee: Timothy Bish
>              Labels: decaf, hostname, ssl
>   Original Estimate: 48h
>  Remaining Estimate: 48h
> If the ssl certificate on the server has its hostname in the cn field to be compatable,
but it also has other cn's on the same entry, which openssl allows and we always use for all
of our certificates, the file OpenSSLSocket.cpp finds that they do not match.
> It is only checking one item, so it is not iterating through different cn's.  This sometimes
returns the error that the servers certificate did not match the hostname, and sometimes it
simply says that peer did not send his wireformat.  This has no doesnt have an option to diable
it like in NMS, at least not that I ahave found.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message