activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Mittler" <nathan.mitt...@gmail.com>
Subject Re: activemq-cpp and ssl support
Date Tue, 16 Oct 2007 00:47:45 GMT
Excellent - contributions are always welcome!  Here's the scoop on ssl ...

We haven't begun work on it as of yet.  We've been putting it off because we
were waiting for official ssl support in apr.  By the looks of things, ssl
support is still only in their trunk (
http://apr.apache.org/docs/apr-util/trunk/).  So if you'd like to take a
shot at it, I would start by working from the apr-trunk.  If apr still
doesn't have a release with ssl by the time we're ready, we can just make a
branch to hold the ssl code.

>From the user perspective, we want all of the SSL configuration embedded in
the connection uri (e.g. "ssl://localhost:12121?sslProperty1=yadda").  The
way I envisioned SSL fitting into the architecture was by making a SSLSocket
class, similar to the one in the JDK (
http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html).  We
have already defined a Socket interface, which is implemented by TcpSocket.
SSLSocket might extend TcpSocket or might simply be another socket
altogether.

We'll use the first bit of the connection uri (e.g. ssl://) to determine
which transport/socket to create.  I think we'll have to create a new
SSLTransportFactory class that registers itself for the protocol "ssl" (see
TcpTransportFactory).  Alternatively, you could register TcpTransportFactory
once for each "tcp" and "ssl".

When created, TcpTransport (
https://svn.apache.org/repos/asf/activemq/activemq-cpp/trunk/src/main/activemq/transport/filters/TcpTransport.cpp)
passes in the transport URI parameter (now will be one of "tcp" or "ssl")
into SocketFactory (
https://svn.apache.org/repos/asf/activemq/activemq-cpp/trunk/src/main/activemq/network/SocketFactory.cpp).
Some extra logic can be added to SocketFactory to decide whether to create a
TcpSocket or a new SSLSocket.

Once all of this is in place, the IOTransport (
https://svn.apache.org/repos/asf/activemq/activemq-cpp/trunk/src/main/activemq/transport/IOTransport.cpp)
should work just as it would with a TcpSocket - no changes there.

That's all I can think of right now.  You can start by just digging around
through the classes I pointed out and get a feel for how everything fits
together.  If you have any questions, feel free to ask.

Thanks,
Nate


On 10/15/07, Teemu Torma <teemu@torma.org> wrote:
>
> I known ssl support is targeted for 2.2 release, but we have a need for
> one rather sooner.  I am wondering if there are yet development plans
> to see how to proceed.
>
> We could implement something internal and trash it once activemq-cpp
> supports ssl natively, or develop something "real" and contribute it
> back.
>
> If latter, are there any thoughts about the design and the api to manage
> certificates, keys, verification and like?
>
> Teemu
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message