qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tr...@apache.org
Subject [qpid-dispatch] branch master updated: DISPATCH-1296 - Change use of pn_ssl_domain_allow_unsecured_client() to pn_transport_require_encryption() This closes #469 - pn_ssl_domain_unsecured_client() is deprecated and may be removed.
Date Wed, 20 Mar 2019 16:44:11 GMT 
This is an automated email from the ASF dual-hosted git repository.

tross pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git


The following commit(s) were added to refs/heads/master by this push:
     new 136940b  DISPATCH-1296 - Change use of pn_ssl_domain_allow_unsecured_client() to
pn_transport_require_encryption() This closes #469 - pn_ssl_domain_unsecured_client() is deprecated
and may be removed.
136940b is described below

commit 136940b55a6c0d269726f27e3c0087deafa492e5
Author: Andrew Stitcher <astitcher@apache.org>
AuthorDate: Mon Mar 18 15:30:38 2019 -0400

    DISPATCH-1296 - Change use of pn_ssl_domain_allow_unsecured_client() to pn_transport_require_encryption()
    This closes #469
    - pn_ssl_domain_unsecured_client() is deprecated and may be removed.
---
 src/server.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/server.c b/src/server.c
index 320adfe..4b28ed6 100644
--- a/src/server.c
+++ b/src/server.c
@@ -367,12 +367,6 @@ static qd_error_t listener_setup_ssl(qd_connection_t *ctx, const qd_server_confi
         pn_ssl_domain_free(domain);
         return qd_error(QD_ERROR_RUNTIME, "Cannot set SSL credentials");
     }
-    if (!config->ssl_required) {
-        if (pn_ssl_domain_allow_unsecured_client(domain)) {
-            pn_ssl_domain_free(domain);
-            return qd_error(QD_ERROR_RUNTIME, "Cannot allow unsecured client");
-        }
-    }
 
     // for peer authentication:
     if (config->ssl_trusted_certificate_db) {
@@ -414,6 +408,11 @@ static qd_error_t listener_setup_ssl(qd_connection_t *ctx, const qd_server_confi
         return qd_error(QD_ERROR_RUNTIME, "Cannot initialize SSL");
     }
 
+    // By default adding ssl to a transport forces encryption to be required, so if it's
not set that here
+    if (!config->ssl_required) {
+        pn_transport_require_encryption(tport, false);
+    }
+
     pn_ssl_domain_free(domain);
     return QD_ERROR_NONE;
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
Mime
View raw message