qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chester <knap...@gmail.com>
Subject Re: client certificate and client hostname check
Date Thu, 09 Jun 2016 19:34:04 GMT
At least for the cpp broker, ssl-require-client-authentication=yes will do
the trick. The broker book (
http://qpid.apache.org/releases/qpid-cpp-0.34/cpp-broker/book/chap-Messaging_User_Guide-Security.html#sect-Messaging_User_Guide-Security-Encryption_using_SSL)
is a good resource for SSL options.

As far as the check goes, I think it looks at the Subject Alternative Name,
and falls back to CN if there is no SAN on the cert.


On Thu, Jun 9, 2016 at 1:09 PM, Olivier Mallassi <olivier.mallassi@gmail.com
> wrote:

> All,
>
> The whole idea is
> (1) to build the following chain : clients (Java/c++) <-> dispatcher(s) <->
> java qpid brokers.
> (2) with two ways SSL between all the components........
>
> test are ongoing but I was wondering if there is a way to configure the
> dispatchers and the brokers to check (or not) the client hostname (while
> checking the client certificate)?
> if activated, does it use the CN for hostname?
>
> Thx for your help.
>
> Cheers.
>
> Olivier.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message