Refs #33496 - set the peers host name to be able to verify it

instead of not checking the name in the cert, correctly set it, so that it actually can be verified I have no idea why qpid_proton doesn't automatically parse this from the URL.
Katello · Sep 16, 2021 · e637ed9 · e637ed9
1 parent 4e80f88
commit e637ed9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/app/lib/katello/qpid/connection.rb b/app/lib/katello/qpid/connection.rb
@@ -74,12 +74,12 @@ def on_message(_delivery, message)
       def initialize(url:, ssl_cert_file:, ssl_key_file:, ssl_ca_file:)
         @url = url
         ssl_domain = ::Qpid::Proton::SSLDomain.new(::Qpid::Proton::SSLDomain::MODE_CLIENT)
-        ssl_domain.peer_authentication(::Qpid::Proton::SSLDomain::ANONYMOUS_PEER)
         ssl_domain.credentials(ssl_cert_file, ssl_key_file, nil) if ssl_cert_file && ssl_key_file
         ssl_domain.trusted_ca_db(ssl_ca_file) if ssl_ca_file
         @connection_options = {
           ssl_domain: ssl_domain,
-          sasl_allowed_mechs: 'external'
+          sasl_allowed_mechs: 'external',
+          virtual_host: URI::parse(url).host
         }
       end