activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Teemu Torma (JIRA)" <>
Subject [jira] Updated: (AMQCPP-140) Add SSL transport
Date Mon, 22 Oct 2007 23:12:24 GMT


Teemu Torma updated AMQCPP-140:

    Attachment: amqcpp-ssl.patch2

Second draft, also tested only on Linux.  This adds many connection properties and some more
final tuning.  Configuration is still missing.

Supported properties:

sslCAFile=pem - CA certificate
sslCAPath=dir - CA certificate directory.
sslCertFile=pem - the client certificate
sslKeyFile=pem - the client private key (if not given assume cert contains it.)
sslPassword=pass - the certificate/key password.  If one is needed and the property is not
given openssl will prompt one interactively.
sslVerifyPeer=boolean - If peer certificate and name should be verified (need CA certificate
for that.)
sslVerifyName=name - the CN to match in the peer certificate (hostname is the default.)
sslCiphers=ciphers - the openssl string to specify the chipers to use.

I am sure the names will change and people will have differing opinions.  So far I used most
native openssl terms.

One thing that would be really, really useful in a real life is to build some kind of extension
for setting certificates from some other source than files (ldap for example.)  I do not suggest
that anything else would be supported by activemq-cpp itself, but some extension mechanism
that would allow tweaking it without touching activemq-cpp code itself.  

I don't right now have any good solution for that, and good ideas would be appreciated.

> Add SSL transport
> -----------------
>                 Key: AMQCPP-140
>                 URL:
>             Project: ActiveMQ C++ Client
>          Issue Type: New Feature
>    Affects Versions: 2.2
>            Reporter: Nathan Mittler
>            Assignee: Nathan Mittler
>             Fix For: 2.2
>         Attachments: amqcpp-ssl.patch1, amqcpp-ssl.patch2
> Need a secure transport for activemq-cpp.  Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets.  An attractive option, given that we're
already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support, then use
those classes to make an SSLTransport in activemq-cpp.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message