New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refs #33496 - set the peers host name to be able to verify it #9643
Conversation
FWIW, I've opened https://issues.apache.org/jira/browse/PROTON-2434 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no minimum version on the gem:
Line 40 in 4e80f88
gem.add_dependency "qpid_proton" |
Should there be? I think it'd be nice to guarantee certificate verification. I think that either means setting 0.35 as a minimum version or explicitly enabling peer authentication, right?
Yeah, on 0.34 this would be silently ignored, as it defaults to @jturel what'cha think? |
On the other hand, we're updating all stable branches to 0.35 anyways, so 🤷♀️ |
Considering we're seeing default behavior change, +1 to setting |
instead of not checking the name in the cert, correctly set it, so that it actually can be verified I have no idea why qpid_proton doesn't automatically parse this from the URL. also explicitly ask for VERIFY_PEER_NAME so that it validates on 0.34 too
Updated. |
Is this now a separate Redmine issue? Other than that 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
APJ
I'm good as-is. The redmine could be renamed to reflect the evolution perhaps |
🥦 |
instead of not checking the name in the cert, correctly set it, so that
it actually can be verified
I have no idea why qpid_proton doesn't automatically parse this from the
URL.