activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: Rfresh org.apache.activemq.broker.SslContext from disk/jks content
Date Thu, 25 Jun 2015 13:32:17 GMT
Matteo, if you'd like to be able to do this (in a future version of
ActiveMQ), I encourage you to submit an enhancement request in JIRA,
including Gary's description of approximately what would be required to
implement it.
On Jun 25, 2015 4:40 AM, "Gary Tully" <gary.tully@gmail.com> wrote:

> it is a limitation. the thread local allows the different connectors
> to find the brokers context, so that network connector and discovered
> transports can find an appropriate context.
> This makes it simple to configure (broker wide) but difficult to
> modify and difficult to have per endpoint ssl options.
>
> The connectors and ssl factories need to be be refactored to have
> their own sslcontext and only delegate to the broker context in the
> absence of a specialisation.
>
> On 22 June 2015 at 13:07, matteor <matteo.rulli@abodata.com> wrote:
> > Dear all,
> > I have the following configuration for the BrokerService object:
> >
> >
> >
> > The custom implementation of SslContext allows me to reload the
> truststore
> > when a new certificate is added in the jks file. Everything works fine
> when
> > I have my clients directly connected to the broker but it mysteriously
> fails
> > when I add a proxy connector in between. So I'm trying to debug the
> process
> > when I have the following topology:
> >
> >
> > I started from the
> >
> */org.apache.activemq.transport.nio.NIOSSLTransportFactory.createSocketFactory()/
> > *method, within the proxy broker and I see that the
> > */SslContext.getCurrentSslContext()/* always returns null: this is due to
> > the fact that org.apache.activemq.broker.SslContext has two different ssl
> > contexts management: the first one based on static ThreadLocal /current/
> > variable and the other one based on non-static /sslContext/ variable.
> >
> > Apparently, I can refresh the latter but not the first one.
> Unfortunately,
> > the /NIOSSLTransportFactory.createSocketFactory()/ uses the /current/
> > variable: as a result my new certificate is never used in the ssl
> handshake.
> >
> > Is this analysis correct? Could you explain why it is structured in this
> > way? Is there a way to get around this?
> >
> > Thank you very much,
> > matteo
> >
> >
> >
> > --
> > View this message in context:
> http://activemq.2283324.n4.nabble.com/Rfresh-org-apache-activemq-broker-SslContext-from-disk-jks-content-tp4698040.html
> > Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message