diff options
| author | Gordon Sim <gsim@apache.org> | 2010-03-05 16:51:22 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2010-03-05 16:51:22 +0000 |
| commit | fc7e4587de72e6b12e6281ab56aa7493eb24943e (patch) | |
| tree | 3b97dc702d717def304a32e3522bdbc3ab4bbdba /qpid/cpp/src/Makefile.am | |
| parent | c1ada4b8fb1e6bc0a70e2972d4d7a1d708d624ad (diff) | |
| download | qpid-python-fc7e4587de72e6b12e6281ab56aa7493eb24943e.tar.gz | |
QPID-2412: Support for EXTERNAL mechanism on client-authenticated SSL connections.
On SSL connection where the clients certificate is authenticated (requires the --ssl-require-client-authentication option at present), the clients identity will be taken from that certificate (it will be the CN with any DCs present appended as the domain, e.g. CN=bob,DC=acme,DC=com would result in an identity of bob@acme.com). This will enable the EXTERNAL mechanism when cyrus sasl is in use.
The client can still negotiate their desired mechanism. There is a new option on the ssl module (--ssl-sasl-no-dict) that allows the options on ssl connections to be restricted to those that are not vulnerable to dictionary attacks (EXTERNAL being the primary example).
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@919487 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/src/Makefile.am')
| -rw-r--r-- | qpid/cpp/src/Makefile.am | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/qpid/cpp/src/Makefile.am b/qpid/cpp/src/Makefile.am index ba1ffabf5f..4fe5d7b85b 100644 --- a/qpid/cpp/src/Makefile.am +++ b/qpid/cpp/src/Makefile.am @@ -463,6 +463,7 @@ libqpidcommon_la_SOURCES += \ qpid/sys/Runnable.cpp \ qpid/sys/ScopedIncrement.h \ qpid/sys/SecurityLayer.h \ + qpid/sys/SecuritySettings.h \ qpid/sys/Semaphore.h \ qpid/sys/Shlib.cpp \ qpid/sys/Shlib.h \ |