From users-return-23230-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org Tue Apr 13 09:03:32 2010 Return-Path: Delivered-To: apmail-activemq-users-archive@www.apache.org Received: (qmail 41126 invoked from network); 13 Apr 2010 09:03:32 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Apr 2010 09:03:32 -0000 Received: (qmail 70719 invoked by uid 500); 13 Apr 2010 09:03:31 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 70648 invoked by uid 500); 13 Apr 2010 09:03:31 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 70640 invoked by uid 99); 13 Apr 2010 09:03:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Apr 2010 09:03:31 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of gary.tully@gmail.com designates 209.85.218.223 as permitted sender) Received: from [209.85.218.223] (HELO mail-bw0-f223.google.com) (209.85.218.223) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Apr 2010 09:03:25 +0000 Received: by bwz23 with SMTP id 23so2784633bwz.6 for ; Tue, 13 Apr 2010 02:03:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:received:message-id:subject:from:to:content-type; bh=SpD3dzfXCEQV3/l5kGNbKg5QTFbjXsbAr0sydz+eSJ8=; b=oERRvW/a4ZGyA/McIx/p94DqKD8IFTow2xH1AW5bJJFMpGpTga1twiAy5yOvjO6tvZ Zq7H68eAMJeC6XLcVBqVJp5oKT/+b9Yh8nS0oR8xLN6VhH+i3C2MZ0QwXqJ8l4rDQvIV mnET1NjXdDpkV92iMYG0FZaxJ1uPYPt6QwlyE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=gfCtH5natGke6ootqdxf8Yn3U4NvhDfUVFUUyE+CSlMfdrYMMV7p8aWxLPmB5TipjO t4eSqY6aB5rTDUUKALZtpXWeDkBtYvLCWw19jGk87ll2VVKR1H5HSPIVots6IYUZBRQT 99YqdvN0yGUwhVCrRogJL27wOcku8sjRX1c8U= MIME-Version: 1.0 Received: by 10.204.65.79 with HTTP; Tue, 13 Apr 2010 02:03:05 -0700 (PDT) In-Reply-To: References: <27563446.post@talk.nabble.com> <36e91d9d1002152346l2a9905c5gb284df0ab965fc16@mail.gmail.com> <27622587.post@talk.nabble.com> <36e91d9d1002170505y39f0410fu702e1ef12400cac5@mail.gmail.com> <28219167.post@talk.nabble.com> Date: Tue, 13 Apr 2010 10:03:05 +0100 Received: by 10.204.2.210 with SMTP id 18mr6407772bkk.15.1271149385086; Tue, 13 Apr 2010 02:03:05 -0700 (PDT) Message-ID: Subject: Re: https From: Gary Tully To: users@activemq.apache.org Content-Type: multipart/alternative; boundary=0015174bf17a8df93804841a8721 X-Virus-Checked: Checked by ClamAV on apache.org --0015174bf17a8df93804841a8721 Content-Type: text/plain; charset=ISO-8859-1 Also note that a more generic way of setting options via reflection will be supported in 5.4. Think this should be the basis for https. see: http://activemq.apache.org/ssl-transport-reference.html#SSLTransportReference-SSLServerSocketoptions On 13 April 2010 09:40, Dejan Bosanac wrote: > Hi, > > this is not yet implemented. We should probably introduce needClientAuth > parameter as we have for SSL transport > http://activemq.apache.org/how-do-i-use-ssl.html. > > Can you raise Jira enhancement request for this? > > Cheers > -- > Dejan Bosanac - http://twitter.com/dejanb > > Open Source Integration - http://fusesource.com/ > ActiveMQ in Action - http://www.manning.com/snyder/ > Blog - http://www.nighttale.net > > > On Mon, Apr 12, 2010 at 7:46 PM, Mike Rawlins wrote: > > > > > I don't know what the original submitter was trying to do, but I have a > > question and it seems as if I might have the same problem. > > > > The HTTPS configuration for the broker seems to enable the client to > > validate the identity of the broker and encrypt the connection. However, > > this may not be enough for my use case. I would also like to have the > > broker validate https connections from clients, and this doesn't seem to > > work. I can connect to the broker from a client without importing the > > client's certificate into the broker's truststore. The connection comes > up > > OK, the client is able to send messages to the broker, and I get no > errors. > > As you note, the needClientAuth option for HTTPS seems to be ignored. > > > > Is the functionality I'm looking for not implemented yet, or is it not > > there > > by design? If it's not there by design, is there another way to > accomplish > > what I would like to do? > > > > Thanks, > > > > Mike > > > > > > Dejan Bosanac wrote: > > > > > > Hi, > > > > > > what exactly are you trying to achieve and what error are you getting? > > > > > > > > > > -- > > View this message in context: > > http://old.nabble.com/https-tp27563446p28219167.html > > Sent from the ActiveMQ - User mailing list archive at Nabble.com. > > > > > -- http://blog.garytully.com Open Source Integration http://fusesource.com --0015174bf17a8df93804841a8721--