activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiram Chirino" <hi...@hiramchirino.com>
Subject Re: SSL authentication/authorization patch
Date Fri, 22 Sep 2006 01:02:25 GMT
On 9/21/06, Kelly Campbell <kelly.a.campbell@gmail.com> wrote:
> Thanks for getting this submitted Sepand, and thanks for patching it in Hiram.
>
> I'm looking at how best to configure the keystore settings more
> dynamically without using the default system properties or anything in
> the URL. It looks like I'd need to be able to pass in a
> javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able
> to pass these in so I can provide an implementation that does some
> extra security checks, e.g. checking that the server's DN is what we
> expect, turning off weak ciphers.
>

It would be nice if they were properties on the ssl transport server
so that you can configure them using the URI... like:

ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts

> The part I'm struggling with now is where to create this API for the
> client. Should it be a new constructor on ActiveMQConnectionFactory,
> or should I add a new overridden ActiveMQSecureConnectionFactory? Or
> should I just override it in my own code base, and not have this in
> the activemq code at all?

Just add properties to the SslTransportServer and make sure they have setters.

>
> Thanks,
> Kelly
>
> On 9/11/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > starting to look into it now. thx for the patch!
> >
> > On 9/5/06, Sepand M <sepandm@gmail.com> wrote:
> > > Hey guys,
> > >
> > > The patch is done.
> > > It's here: https://issues.apache.org/activemq/browse/AMQ-912
> > > Hope you like it.
> > > It would be really great if you could give an estimate of when you will
> > > decide if it goes in or not (although I doubt you can =) ).
> > >
> > > Regards,
> > > Sepand
> > >
> > >
> >
> >
> > --
> > Regards,
> > Hiram
> >
> > Blog: http://hiramchirino.com
> >
>


-- 
Regards,
Hiram

Blog: http://hiramchirino.com

Mime
View raw message