activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <jbert...@apache.com>
Subject Re: Client Reconnect/failover problem via Core API with HA Configuration when configured with SSL
Date Wed, 01 Feb 2017 00:47:07 GMT
I tried this on master so it would be beyond 1.5.2.  That said, not much has changed with the
SSL implementation stuff in quite some time so I wouldn't expect that to make a difference.

As far as getting things down to the smallest set, I don't see any way around that.  Until
you can eliminate all non-essential elements you can't really understand the problem.

I didn't use 2 different physical machines as the example just runs on a single box.  However,
2 different Artemis instances were used and each had their own unique certificate which was,
in turn, imported into the client's truststore.  Therefore I think it is a valid test of your
assumption.


Justin

----- Original Message -----
From: "funkyjive" <david.bennion@gmx.com>
To: users@activemq.apache.org
Sent: Tuesday, January 31, 2017 6:00:22 PM
Subject: Re: Client Reconnect/failover problem via Core API with HA Configuration when configured
with SSL

Did you try this with the latest 1.5.2?  Or with 1.4.0?  If you "just worked"
with 1.5.2, maybe I'll try that first.

There is a bit of work to do to extract everything enough to reproduce this
and get it down to its smallest set.

A couple of important questions:  Did you actually use two different
machines on the SSL?  And was there two different certificates in your trust
store?

I think this may be an essential feature because if this was done completely
on the same machine with the same certificate, just using a different port
-- there is every reason to suspect the SSL Context settings would be fine
being exactly the same.  

If you did it on one machine and it worked for the above reason, it would be
consistent with my analysis that the ssl settings could be copied and while
valid for the initial machine, would be invalid for the second connection.  
(Where if it was the same machine and same cert, that would simply work). 

Let me see what it will take to do a simple reproduction.




--
View this message in context: http://activemq.2283324.n4.nabble.com/Client-Reconnect-failover-problem-via-Core-API-with-HA-Configuration-when-configured-with-SSL-tp4721435p4721450.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message