From users-return-31292-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org Fri Jul 13 15:43:35 2012 Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 91EF4D6B5 for ; Fri, 13 Jul 2012 15:43:35 +0000 (UTC) Received: (qmail 53878 invoked by uid 500); 13 Jul 2012 15:43:35 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 53847 invoked by uid 500); 13 Jul 2012 15:43:34 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 53836 invoked by uid 99); 13 Jul 2012 15:43:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jul 2012 15:43:34 +0000 X-ASF-Spam-Status: No, hits=1.9 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 194.35.218.66 is neither permitted nor denied by domain of Alistair.Young@uhi.ac.uk) Received: from [194.35.218.66] (HELO gwsmtp.uhi.ac.uk) (194.35.218.66) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jul 2012 15:43:27 +0000 Received: from UHI-OUT-MTA by gwsmtp.uhi.ac.uk with Novell_GroupWise; Fri, 13 Jul 2012 16:43:07 +0100 Message-Id: <500050150200008A0004E2ED@gwsmtp.uhi.ac.uk> X-Mailer: Novell GroupWise Internet Agent 8.0.2 Date: Fri, 13 Jul 2012 16:43:01 +0100 From: "Alistair Young" To: Subject: Re: SSL without the JAVA_OPTS Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=__Part6F5E3215.0__=" --=__Part6F5E3215.0__= Content-Type: multipart/alternative; boundary="=__Part6F5E3215.1__=" --=__Part6F5E3215.1__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable aha, seems it's already on the radar. failover uri masks out ssl uri. = Workaround is to force it to use the keystore and truststore via Java = OPTS. http://activemq.2283324.n4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConn= ectionFactory-does-not-detect-ssl-request-in-failover-URIs-whens-td4501530.= html Alistair mov eax,1 mov ebx,0 int 80h >>> "Alistair Young" 13/07/12 4:32 PM >>> the problem is with failover ssl. Using ssl://localhost:61617 works fine = with ActiveMQSslConnectionFactory and client auth. failover:(ssl://localhost:61617) or failover:ssl://localhost:61617 breaks = ActiveMQSslConnectionFactory in that the keystore and truststore set in it = are ignored and you have to use the Java OPTS to get the connection to = work. Is this how it's meant to work? Alistair mov eax,1 mov ebx,0 int 80h >>> "Alistair Young" 13/07/12 1:46 PM >>> Not sure about this one but it's weird. If I use this code in a unit test = against an embedded SslBrokerService with client authentication enabled: connectionFactory.setKeyStore(keystorePath); connectionFactory.setKeyStorePassword(keystorePassword); connectionFactory.setTrustStore(truststorePath); connectionFactory.setTrustStorePassword(truststorePassword); connectionFactory.createConnection(); it works fine. If I use the exact same code from a tomcat webapp, = connectionFactory seems to ignore both the keystore and the truststore and = instead I have to set these: javax.net.ssl.keyStore javax.net.ssl.trustStore etc otherwise I get 'certificate_unknown' at the broker. Is there any explanation for this? thanks, Alistair mov eax,1 mov ebx,0 int 80h --=__Part6F5E3215.1__= Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Description: HTML aha, seems it's already on the radar. failover uri = masks out ssl uri. Workaround is to force it to use the keystore and = truststore via Java OPTS.

http://activemq.2283324.n= 4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConnectionFactory-does-not-de= tect-ssl-request-in-failover-URIs-whens-td4501530.html

Alistair<= br>


mov eax,1
mov ebx,0
int = 80h

>>> "Alistair Young" = 13/07/12 4:32 PM >>>
the = problem is with failover ssl. Using ssl://localhost:61617 works fine with = ActiveMQSslConnectionFactory and client auth.

failover:(ssl://localh= ost:61617) or failover:ssl://localhost:61617 breaks ActiveMQSslConnectionFa= ctory in that the keystore and truststore set in it are ignored and you = have to use the Java OPTS to get the connection to work.

Is this = how it's meant to work?

Alistair



mov eax,1
mov ebx,0
int 80h

>>> "Alistair = Young" 13/07/12 1:46 PM >>>
Not sure about = this one but it's weird. If I use this code in a unit test against an = embedded SslBrokerService with client authentication enabled:

connec= tionFactory.setKeyStore(keystorePath);
connectionFactory.setKeyStorePass= word(keystorePassword);
connectionFactory.setTrustStore(truststorePath);=
connectionFactory.setTrustStorePassword(truststorePassword);
connect= ionFactory.createConnection();

it works fine. If I use the exact = same code from a tomcat webapp, connectionFactory seems to ignore both the = keystore and the truststore and instead I have to set these:

javax.n= et.ssl.keyStore
javax.net.ssl.trustStore
etc

otherwise I get = 'certificate_unknown' at the broker.

Is there any explanation for = this?

thanks,

Alistair



mov eax,1
mov ebx,0
int 80h

--=__Part6F5E3215.1__=-- --=__Part6F5E3215.0__=--