Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 84768 invoked from network); 22 Oct 2007 23:12:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Oct 2007 23:12:45 -0000 Received: (qmail 70130 invoked by uid 500); 22 Oct 2007 23:12:33 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 70099 invoked by uid 500); 22 Oct 2007 23:12:33 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 70090 invoked by uid 99); 22 Oct 2007 23:12:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2007 16:12:33 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2007 23:12:45 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 27CB9714187 for ; Mon, 22 Oct 2007 16:12:24 -0700 (PDT) Message-ID: <11092033.1193094744159.JavaMail.jira@brutus> Date: Mon, 22 Oct 2007 16:12:24 -0700 (PDT) From: "Teemu Torma (JIRA)" To: dev@activemq.apache.org Subject: [jira] Updated: (AMQCPP-140) Add SSL transport In-Reply-To: <31999891.1186250208903.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Teemu Torma updated AMQCPP-140: ------------------------------- Attachment: amqcpp-ssl.patch2 Second draft, also tested only on Linux. This adds many connection properties and some more final tuning. Configuration is still missing. Supported properties: sslCAFile=pem - CA certificate sslCAPath=dir - CA certificate directory. sslCertFile=pem - the client certificate sslKeyFile=pem - the client private key (if not given assume cert contains it.) sslPassword=pass - the certificate/key password. If one is needed and the property is not given openssl will prompt one interactively. sslVerifyPeer=boolean - If peer certificate and name should be verified (need CA certificate for that.) sslVerifyName=name - the CN to match in the peer certificate (hostname is the default.) sslCiphers=ciphers - the openssl string to specify the chipers to use. I am sure the names will change and people will have differing opinions. So far I used most native openssl terms. One thing that would be really, really useful in a real life is to build some kind of extension for setting certificates from some other source than files (ldap for example.) I do not suggest that anything else would be supported by activemq-cpp itself, but some extension mechanism that would allow tweaking it without touching activemq-cpp code itself. I don't right now have any good solution for that, and good ideas would be appreciated. > Add SSL transport > ----------------- > > Key: AMQCPP-140 > URL: https://issues.apache.org/activemq/browse/AMQCPP-140 > Project: ActiveMQ C++ Client > Issue Type: New Feature > Affects Versions: 2.2 > Reporter: Nathan Mittler > Assignee: Nathan Mittler > Fix For: 2.2 > > Attachments: amqcpp-ssl.patch1, amqcpp-ssl.patch2 > > > Need a secure transport for activemq-cpp. Some options for ssl support: > 1) OpenSSL - fairly robust set of ssl functions > 2) APR - trunk has added support for ssl sockets. An attractive option, given that we're already starting to incorporate API in other areas. > Should create a Java-like set of classes in decaf to add basic ssl support, then use those classes to make an SSLTransport in activemq-cpp. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.