activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQCPP-438) ssl doesnt match the hostname when there are multiple CN's
Date Thu, 29 Nov 2012 20:08:58 GMT

    [ https://issues.apache.org/jira/browse/AMQCPP-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13506741#comment-13506741
] 

Jeffrey B commented on AMQCPP-438:
----------------------------------

I simply changed the certificated to have the hostname as the last CN and that make this work
as is.  Still it would be nice to have the option to disable the hostname check on certificates.
                
> ssl doesnt match the hostname when there are multiple CN's
> ----------------------------------------------------------
>
>                 Key: AMQCPP-438
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-438
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: Decaf
>    Affects Versions: 3.4.4
>         Environment: HPUX 11.31, but this is not likely important
>            Reporter: Jeffrey B
>            Assignee: Timothy Bish
>              Labels: decaf, hostname, ssl
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> If the ssl certificate on the server has its hostname in the cn field to be compatable,
but it also has other cn's on the same entry, which openssl allows and we always use for all
of our certificates, the file OpenSSLSocket.cpp finds that they do not match.
> It is only checking one item, so it is not iterating through different cn's.  This sometimes
returns the error that the servers certificate did not match the hostname, and sometimes it
simply says that peer did not send his wireformat.  This has no doesnt have an option to diable
it like in NMS, at least not that I ahave found.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message