activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Mueller (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1157) Do not update ssl client keystore/truststore path on topology update
Date Fri, 12 May 2017 07:17:04 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007732#comment-16007732
] 

Stefan Mueller commented on ARTEMIS-1157:
-----------------------------------------

Hi Justin, thanks for the tip but that does not seem to solve the problem, as other client-side
SSL settings will still be overwritten by the server-side configuration (for example keystore-passwords
among others). It just does not feel right to take over any SSL settings from the server-side
to the client-side transport configurations.


> Do not update ssl client keystore/truststore path on topology update
> --------------------------------------------------------------------
>
>                 Key: ARTEMIS-1157
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1157
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>    Affects Versions: 2.0.0
>            Reporter: Philipp Aeschlimann
>         Attachments: ArtemisMqCrashDemoClient.java, broker.xml
>
>
> We have a 2 node cluster where clients and the refrenced connectors in the cluster-connection
do use ssl client auth (all working so far). Now if a failover ocures - live server goes down
- the clients try to re-connect with the client keystore path that is defined on the connector
in the server.
> We know that it is possible to overwrite this behavoir by using org.apache.activemq.ssl.keyStore
system property. But we have multiple keystores and want to use them. Would it be possible,
that this settings:
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_*
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_*
> will not be updated from the server? I can not think of a scenario, where it would make
sense that the server tells the client where the client has to look for his keystore and truststore
settings.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message