activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Shannon <christopher.l.shan...@gmail.com>
Subject Re: Configure activemq-client to trust any SSL certificate from the broker without verifying it
Date Wed, 29 Nov 2017 19:08:56 GMT
In 5.x it isn't quite as simple.

To trust all you'll need to extend ActiveMQSslConnectionFactory and
override the createTrustManager() method.  This should work:
@Override
protected TrustManager[] createTrustManager() throws Exception {
return new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};
}

public void checkClientTrusted(final X509Certificate[] chain, final String
authType)
throws java.security.cert.CertificateException {
}

public void checkServerTrusted(final X509Certificate[] chain, final String
authType)
throws java.security.cert.CertificateException {
}
} };
}

Another example of this is how you can do this with Netty.  Artemis
achieves this by using the InsecureTrustManagerFactory class that is part
of Netty.  See:

https://github.com/apache/activemq-artemis/blob/master/
artemis-core-client/src/main/java/org/apache/activemq/
artemis/core/remoting/impl/ssl/SSLSupport.java
https://github.com/netty/netty/blob/4.1/handler/src/
main/java/io/netty/handler/ssl/util/InsecureTrustManagerFactory.java


To disable verifying host name you need to override the hostname verifier.
You could override the createTransport method.  I think something like this
would work:

@Override
protected Transport createTransport() throws JMSException {

final HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

return super.createTransport();
}


On Wed, Nov 29, 2017 at 5:52 AM, Jiri Danek <jdanek@redhat.com> wrote:

> Hi,
>
> I need to configure activemq-client not to perform broker cerificate
> validation. I need this for testing purposes, because I need to test the
> system over SSL, but I do not yet have certificate distribution solved.
>
> In Artemis, with artemis-jms-client, there is verifyHost=false and
> trustAll=true connection url properties I can use for this purpose. How do
> I achieve the same with ActiveMQ?
>
> Thanks!
> --
> Jiri Daněk
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message