Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 14235 invoked from network); 24 Oct 2008 15:43:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 24 Oct 2008 15:43:37 -0000 Received: (qmail 5928 invoked by uid 500); 24 Oct 2008 15:43:40 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 5733 invoked by uid 500); 24 Oct 2008 15:43:39 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 5722 invoked by uid 99); 24 Oct 2008 15:43:39 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Oct 2008 08:43:39 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of gary.tully@gmail.com designates 74.125.46.153 as permitted sender) Received: from [74.125.46.153] (HELO yw-out-1718.google.com) (74.125.46.153) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Oct 2008 15:42:29 +0000 Received: by yw-out-1718.google.com with SMTP id 6so300140ywa.86 for ; Fri, 24 Oct 2008 08:43:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=7JttqNYCVDeLOBESB6q56n0so4ZSgnHApJe1piInJ+8=; b=sCA0tAvq3tyyxrRk2SQHj5fESTc1A6OLGzERI/Tfml1CpXjgfowR7rapmhA3AeNhy8 I1V9s2LvXJRz8nsMjV2p3Iaj+NccUVNVtDbPTbCy+MxxCSGUZF0827L6ZaNldsRzqNcy rNUqgGj/RhsI0LTywrjdp3ateIUlihnFP0Fgs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=olZBXVRxtHdhViNpzYVDTcP8610Rc8JQMi7dTCydJmn73HUfvlJMtEOAgyqelJCqbV sdXNpZA/6gFjVU/2dLN7RIeRIL82JRN4sv7WikfNiwLKwwAThvF4x6rFW1gOpSaa9H5J EJEcvbXwArhr/Ge3BnrLFAhEtZ+JVmQaJz4xg= Received: by 10.150.152.17 with SMTP id z17mr1428159ybd.192.1224862987970; Fri, 24 Oct 2008 08:43:07 -0700 (PDT) Received: by 10.150.138.18 with HTTP; Fri, 24 Oct 2008 08:43:07 -0700 (PDT) Message-ID: <3a73c17c0810240843m218a58fak27d6b9e7a80a1f97@mail.gmail.com> Date: Fri, 24 Oct 2008 16:43:07 +0100 From: "Gary Tully" To: dev@activemq.apache.org Subject: Re: [VOTE] ActiveMQ 5.2.0 - RC2 In-Reply-To: <20042634.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <3a73c17c0810080152u159779a4j6f6806b7163b47e3@mail.gmail.com> <20042634.post@talk.nabble.com> X-Virus-Checked: Checked by ClamAV on apache.org 2008/10/18 honeybun : > > A few issues when using the new sslContext support. > > - the default client.ks/broker.ks are self signed, fails I get PKIX > validation exceptions on startup (I think). If I use proper certs (signed > by a CA) then no exceptions. > the default certs are really only used (sufficient) for unit testing. > - The under seems to be evaluated immediately when > the bean is read in, rather than when it is used to start the broker. This > makes it difficult to have a sslContext params that comes out of a database > (which I tried to do). If the sslcontext was evaluated lazily, the > application could lookup some of the parameters from the DB and modify the > bean before trying to start the embedded broker. > The context is lazily initialised, on the first call to getSSLContext, which will be called the first time an ssl transport factory does some work. see source: https://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/SslContext.java