activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <jbert...@apache.org>
Subject Re: Artemis CRL
Date Fri, 08 Dec 2017 20:51:57 GMT
FYI - I opened ARTEMIS-1548 [1] for this.


Justin

[1] https://issues.apache.org/jira/browse/ARTEMIS-1548

On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram <jbertram@apache.org> wrote:

> > I  copied the code and the certificates from activemq.
>
> What code and certs did you copy and where did you copy it to?
>
> > My guess is artemis is delegating the ssl infrastructure in Netty and
> netty isn't supporting CRL by default. Not sure about it.
>
> The SSL handshake is done by Netty in Artemis.  However, the SSLContext
> used (which includes the trust manager) is created by Artemis itself in the
> class I specified in my previous email.
>
> > I need ocsp too, i thought i could add copy both features to artemis. No
> luck until now.
>
> I don't think it will be too hard to implement both in Artemis.  I'll give
> it a closer look when I get the chance.
>
>
> Justin
>
> On Thu, Dec 7, 2017 at 4:23 PM, Raul Valdoleiros <
> raul.valdoleiros.oliveira@gmail.com> wrote:
>
>> Hi Justin,
>>
>> I already try it ( i tried before send the e-mail), and didn't work. I
>> copied the code and the certificates from activemq. My guess is artemis is
>> delegating the ssl infrastructure in Netty and netty isn't supporting CRL
>> by default. Not sure about it. I'm assuming activemq don't use netty.
>> I need ocsp too, i thought i could add copy both features to artemis. No
>> luck until now.
>>
>> Thanks in advance,
>> Raul
>>
>>
>> Em 07/12/2017 5:36 p.m., "Justin Bertram" <jbertram@redhat.com> escreveu:
>>
>> Artemis doesn't support CRL.  However, you should be able to adapt what's
>> done in 5.x in org.apache.activemq.spring.SpringSslContext to work in
>> Artemis in org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.
>> Let me know if you're moving forward with this work otherwise I'll take a
>> closer look.
>>
>>
>> Justin
>>
>> On Thu, Dec 7, 2017 at 2:27 AM, Raul Valdoleiros <
>> raul.valdoleiros.oliveira@gmail.com> wrote:
>>
>> > Hi,
>> >
>> > Artemis support certificate revogation list? If not, i'm available to
>> try
>> > implement it if you give some insights about it.
>> >
>> > Thanks in advance,
>> > Raul
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message