Return-Path: 
 <activemq-dev-return-2994-apmail-geronimo-activemq-dev-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-activemq-dev-archive@www.apache.org
Received: (qmail 96569 invoked from network); 22 Sep 2006 01:03:15 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 22 Sep 2006 01:03:15 -0000
Received: (qmail 87588 invoked by uid 500); 22 Sep 2006 01:03:15 -0000
Delivered-To: apmail-geronimo-activemq-dev-archive@geronimo.apache.org
Received: (qmail 87473 invoked by uid 500); 22 Sep 2006 01:03:15 -0000
Mailing-List: contact activemq-dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:activemq-dev-help@geronimo.apache.org>
List-Unsubscribe: <mailto:activemq-dev-unsubscribe@geronimo.apache.org>
List-Post: <mailto:activemq-dev@geronimo.apache.org>
List-Id: <activemq-dev.geronimo.apache.org>
Reply-To: activemq-dev@geronimo.apache.org
Delivered-To: mailing list activemq-dev@geronimo.apache.org
Received: (qmail 87464 invoked by uid 99); 22 Sep 2006 01:03:15 -0000
Received: from idunn.apache.osuosl.org (HELO idunn.apache.osuosl.org)
 (140.211.166.84)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Sep 2006 18:03:15 -0700
Authentication-Results: idunn.apache.osuosl.org header.from=chirino@gmail.com;
 domainkeys=good
Authentication-Results: idunn.apache.osuosl.org smtp.mail=chirino@gmail.com;
 spf=pass
X-ASF-Spam-Status: No, hits=0.5 required=5.0 tests=DNS_FROM_RFC_ABUSE
Received-SPF: pass (idunn.apache.osuosl.org: domain gmail.com designates
 66.249.92.169 as permitted sender)
DomainKey-Status: good
X-DomainKeys: Ecelerity dk_validate implementing
 draft-delany-domainkeys-base-01
Received: from [66.249.92.169] ([66.249.92.169:57719]
 helo=ug-out-1314.google.com)
	by idunn.apache.osuosl.org (ecelerity 2.1.1.8 r(12930)) with ESMTP
	id 9F/33-06791-25633154 for <activemq-dev@geronimo.apache.org>;
 Thu, 21 Sep 2006 18:03:14 -0700
Received: by ug-out-1314.google.com with SMTP id 29so228035ugc
        for <activemq-dev@geronimo.apache.org>;
 Thu, 21 Sep 2006 18:03:11 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=ek3WuYcJgtNcUOjgN/r8FWR00B06rCxzF45N1T0Ml/H8Ucg1d9TjkA5oC3XbTJRfnSEFYL0vC7K9vQsFh1pZA5TOFKU/ER+m7GtEHQOyNaRDFFgqgAixiEX9VPUaOQUrgtFPGhqZfPeqsJh5D5Th2piW5lcEUQ+sJSxEGm78zi0=
Received: by 10.67.105.19 with SMTP id h19mr25459ugm;
        Thu, 21 Sep 2006 18:03:11 -0700 (PDT)
Received: by 10.66.237.5 with HTTP; Thu, 21 Sep 2006 18:03:10 -0700 (PDT)
Message-ID: <af2843cd0609211803x70a9cf7ifacf26f6ba75e9db@mail.gmail.com>
Date: Thu, 21 Sep 2006 18:03:10 -0700
From: "Hiram Chirino" <hiram@hiramchirino.com>
Sender: chirino@gmail.com
To: activemq-dev@geronimo.apache.org
Subject: Re: SSL authentication/authorization patch
In-Reply-To: <af2843cd0609211802g421887c9i3227a21b1709a113@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <bc2b53c50609051609j46bd24a3saa9f03f2e3557211@mail.gmail.com>
	 <af2843cd0609110816n32de8853oddf00b08243ced8b@mail.gmail.com>
	 <653849d10609211155h3599a1cbv907b69297d00768d@mail.gmail.com>
	 <af2843cd0609211802g421887c9i3227a21b1709a113@mail.gmail.com>
X-Google-Sender-Auth: eb0d8ddd61f5646d
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

On 9/21/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> On 9/21/06, Kelly Campbell <kelly.a.campbell@gmail.com> wrote:
> > Thanks for getting this submitted Sepand, and thanks for patching it in Hiram.
> >
> > I'm looking at how best to configure the keystore settings more
> > dynamically without using the default system properties or anything in
> > the URL. It looks like I'd need to be able to pass in a
> > javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able
> > to pass these in so I can provide an implementation that does some
> > extra security checks, e.g. checking that the server's DN is what we
> > expect, turning off weak ciphers.
> >
>
> It would be nice if they were properties on the ssl transport server
> so that you can configure them using the URI... like:
>
> ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts
>
> > The part I'm struggling with now is where to create this API for the
> > client. Should it be a new constructor on ActiveMQConnectionFactory,
> > or should I add a new overridden ActiveMQSecureConnectionFactory? Or
> > should I just override it in my own code base, and not have this in
> > the activemq code at all?
>
> Just add properties to the SslTransportServer and make sure they have setters.
>

And properties to the SslTransport if you want to set those properties
on the client connect URL

> >
> > Thanks,
> > Kelly
> >
> > On 9/11/06, Hiram Chirino <hiram@hiramchirino.com> wrote:
> > > starting to look into it now. thx for the patch!
> > >
> > > On 9/5/06, Sepand M <sepandm@gmail.com> wrote:
> > > > Hey guys,
> > > >
> > > > The patch is done.
> > > > It's here: https://issues.apache.org/activemq/browse/AMQ-912
> > > > Hope you like it.
> > > > It would be really great if you could give an estimate of when you will
> > > > decide if it goes in or not (although I doubt you can =) ).
> > > >
> > > > Regards,
> > > > Sepand
> > > >
> > > >
> > >
> > >
> > > --
> > > Regards,
> > > Hiram
> > >
> > > Blog: http://hiramchirino.com
> > >
> >
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>


-- 
Regards,
Hiram

Blog: http://hiramchirino.com