QPID-5842: Allow SSL hostname verification to be disabled on windows client. Windows related changes for QPID-5841 and https://reviews.apache.org/r/22890

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1655837 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 16 insertions, 2 deletions

diff --git a/qpid/cpp/src/qpid/client/windows/SslConnector.cpp b/qpid/cpp/src/qpid/client/windows/SslConnector.cpp
index d0be818df0..dc82ece9d1 100644
--- a/qpid/cpp/src/qpid/client/windows/SslConnector.cpp
+++ b/qpid/cpp/src/qpid/client/windows/SslConnector.cpp
@@ -115,7 +115,9 @@ SslConnector::SslConnector(boost::shared_ptr<qpid::sys::Poller> p,
                            ConnectionImpl* cimpl)
     : TCPConnector(p, ver, settings, cimpl), shim(0), poller(p)
 {
-
+    if (settings.sslIgnoreHostnameVerificationFailure) {
+        sslCredential.ignoreHostnameVerificationFailure();
+    }
     const std::string& name = (settings.sslCertName != "") ?
         settings.sslCertName : qpid::sys::ssl::SslOptions::global.certName;
     certLoaded = sslCredential.load(name);
diff --git a/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp b/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
index ad47fd98d9..5dbc13175f 100644
--- a/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
+++ b/qpid/cpp/src/qpid/messaging/amqp/windows/SslTransport.cpp
@@ -94,6 +94,9 @@ void SslTransport::negotiationDone(SECURITY_STATUS status)
 SslTransport::SslTransport(TransportContext& c, boost::shared_ptr<Poller> p) : TcpTransport(c, p)
 {
     const ConnectionOptions* options = context.getOptions();
+    if (options->sslIgnoreHostnameVerificationFailure) {
+        sslCredential.ignoreHostnameVerificationFailure();
+    }
     const std::string& name = (options->sslCertName != "") ?
         options->sslCertName : qpid::sys::ssl::SslOptions::global.certName;
     certLoaded = sslCredential.load(name);
diff --git a/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp b/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp
index 667f0f1ef0..de8f10b0e9 100644
--- a/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp
+++ b/qpid/cpp/src/qpid/sys/windows/SslCredential.cpp
@@ -34,7 +34,7 @@ namespace sys {
 namespace windows {
 
 
-SslCredential::SslCredential() : certStore(0), cert(0)
+SslCredential::SslCredential() : certStore(0), cert(0), hostnameVerification(true)
 {
     SecInvalidateHandle(&credHandle);
     memset(&cred, 0, sizeof(cred));
@@ -60,6 +60,8 @@ bool SslCredential::load(const std::string& certName)
         cred.paCred = &cert;
         cred.cCreds = 1;
     }
+    if (!hostnameVerification)
+        cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK;
 
     SECURITY_STATUS status = ::AcquireCredentialsHandle(NULL,
                                                         UNISP_NAME,
@@ -89,6 +91,10 @@ std::string SslCredential::error()
     return loadError.error;
 }
 
+void SslCredential::ignoreHostnameVerificationFailure(){
+    hostnameVerification = false;
+}
+
 void SslCredential::loadPrivCertStore()
 {
     //  Get a handle to the system store or pkcs#12 file
diff --git a/qpid/cpp/src/qpid/sys/windows/SslCredential.h b/qpid/cpp/src/qpid/sys/windows/SslCredential.h
index ba16dcdab5..25d174a2fa 100644
--- a/qpid/cpp/src/qpid/sys/windows/SslCredential.h
+++ b/qpid/cpp/src/qpid/sys/windows/SslCredential.h
@@ -53,6 +53,8 @@ public:
     QPID_COMMON_EXTERN bool load(const std::string& certName);
     QPID_COMMON_EXTERN CredHandle handle();
     QPID_COMMON_EXTERN std::string error();
+    /** Proceed with connect inspite of hostname verifcation failures*/
+    QPID_COMMON_EXTERN void ignoreHostnameVerificationFailure();
 
 private:
     struct SavedError {
@@ -70,6 +72,7 @@ private:
     CredHandle credHandle;
     TimeStamp credExpiry;
     SavedError loadError;
+    bool hostnameVerification;
 
     PCCERT_CONTEXT findCertificate(const std::string& name);
     void loadPrivCertStore();