qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Giusti <kgiu...@redhat.com>
Subject Re: If not call set_trusted_ca_db, does proton attempt to read ca cert from somewhere?
Date Mon, 13 Mar 2017 13:42:11 GMT


----- Original Message -----
> From: "cqi" <qcxhome@gmail.com>
> To: users@qpid.apache.org
> Sent: Monday, March 13, 2017 5:20:47 AM
> Subject: If not call set_trusted_ca_db, does proton attempt to read ca cert from somewhere?
> 
> I need to connect a broker and peers need to be verified over SSL.
> set_trusted_ca_db function should be called to specify the part to the crt
> file. However, if this function is not called, does proto attempt to find
> and read certificate from somewhere automatically?
>

No it does not.  If no CA is given to proton it defaults to using anonymous ciphers which
do not perform authentication (and are thus prone to MITM attacks).

See the explanation of 'aNULL' ciphers in https://www.openssl.org/docs/man1.0.2/apps/ciphers.html


> 
> 
> 
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/If-not-call-set-trusted-ca-db-does-proton-attempt-to-read-ca-cert-from-somewhere-tp7660510.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
> 

-- 
-K

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message