activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Tully <gary.tu...@gmail.com>
Subject Re: SSL without the JAVA_OPTS
Date Mon, 16 Jul 2012 12:15:20 GMT
fix is now on trunk, will make 5.7:
https://issues.apache.org/jira/browse/AMQ-3785?focusedCommentId=13415046&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13415046

On 13 July 2012 16:43, Alistair Young <Alistair.Young@uhi.ac.uk> wrote:
> aha, seems it's already on the radar. failover uri masks out ssl uri.
> Workaround is to force it to use the keystore and truststore via Java OPTS.
>
> http://activemq.2283324.n4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConnectionFactory-does-not-detect-ssl-request-in-failover-URIs-whens-td4501530.html
>
>
> Alistair
>
>
>
> mov eax,1
> mov ebx,0
> int 80h
>
>>>> "Alistair Young" 13/07/12 4:32 PM >>>
>
> the problem is with failover ssl. Using ssl://localhost:61617 works fine
> with ActiveMQSslConnectionFactory and client auth.
>
> failover:(ssl://localhost:61617) or failover:ssl://localhost:61617 breaks
> ActiveMQSslConnectionFactory in that the keystore and truststore set in it
> are ignored and you have to use the Java OPTS to get the connection to work.
>
> Is this how it's meant to work?
>
> Alistair
>
>
>
> mov eax,1
> mov ebx,0
> int 80h
>
>>>> "Alistair Young" 13/07/12 1:46 PM >>>
> Not sure about this one but it's weird. If I use this code in a unit test
> against an embedded SslBrokerService with client authentication enabled:
>
> connectionFactory.setKeyStore(keystorePath);
> connectionFactory.setKeyStorePassword(keystorePassword);
> connectionFactory.setTrustStore(truststorePath);
> connectionFactory.setTrustStorePassword(truststorePassword);
> connectionFactory.createConnection();
>
> it works fine. If I use the exact same code from a tomcat webapp,
> connectionFactory seems to ignore both the keystore and the truststore and
> instead I have to set these:
>
> javax.net.ssl.keyStore
> javax.net.ssl.trustStore
> etc
>
> otherwise I get 'certificate_unknown' at the broker.
>
> Is there any explanation for this?
>
> thanks,
>
> Alistair
>
>
>
> mov eax,1
> mov ebx,0
> int 80h
>



-- 
http://fusesource.com
http://blog.garytully.com

Mime
View raw message