activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey B (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (AMQCPP-530) SSL does not find hostname in cert with multiple cn's in dn
Date Thu, 16 Jan 2014 18:13:22 GMT

     [ https://issues.apache.org/jira/browse/AMQCPP-530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jeffrey B updated AMQCPP-530:
-----------------------------

    Summary: SSL does not find hostname in cert with multiple cn's in dn  (was: SSL does not
find hostname in cert with multiple cn's in dc)

> SSL does not find hostname in cert with multiple cn's in dn
> -----------------------------------------------------------
>
>                 Key: AMQCPP-530
>                 URL: https://issues.apache.org/jira/browse/AMQCPP-530
>             Project: ActiveMQ C++ Client
>          Issue Type: Bug
>          Components: Decaf
>    Affects Versions: 3.8.2
>         Environment: unix
>            Reporter: Jeffrey B
>            Assignee: Timothy Bish
>            Priority: Minor
>              Labels: ssl
>         Attachments: OpenSSLSocket.cpp
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The SSL certs that we use contain multiple cn's in the dn, such as 
> dn="cn=%1, cn=hostname, cn=app, cn=project, ou=team, o=company, c=ww"
> I do not know why they are created in this way. It is probably something legacy related.
Anyway, with this ActiveMQ cpp will not find the hostname from the dn and fail dual ssl authentication.
> Here is a page on openssl that states the specific limitation of the method used in the
code http://www.openssl.org/docs/crypto/X509_NAME_get_index_by_NID.html
> And this link shows an example usage of the suggested method
> http://h71000.www7.hp.com/doc/83final/ba554_90007/rn02re186.html



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message