activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roddie Kieley (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ARTEMIS-1919) artemis-core-client TLS SNI and verifyHost operation are not independent
Date Fri, 08 Jun 2018 15:35:00 GMT
Roddie Kieley created ARTEMIS-1919:
--------------------------------------

             Summary: artemis-core-client TLS SNI and verifyHost operation are not independent
                 Key: ARTEMIS-1919
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1919
             Project: ActiveMQ Artemis
          Issue Type: Bug
          Components: Broker
    Affects Versions: 2.6.0
         Environment: Fedora 27

OpenJDK 1.8.0_171

Artemis master i.e. 2.7.0-SNAPSHOT build

OCP 3.9 running the default haproxy implementation
            Reporter: Roddie Kieley


In testing connecting to the broker using the core client via ./bin/artemis producer through
a haproxy configured with a tls passthrough configuration that requires sni it is observed
that SNI information is not passed unless verifyHost is true even if sniHost is set on the
URI.

It is noted that with sniHost specified at the haproxy waypoint the if verifyHost=false haproxy
bounces the traffic to the no sni backend. If verifyHost=true then haproxy passes it to the
tcp backend and the traffic reaches the broker at which point the connectivity fails.

As a point of comparison, testing using the Qpid JMS client over AMQP with verifyHost = false
this works without problem.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message