activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: SSL error as of artemis 2.18.0
Date Mon, 23 Aug 2021 08:34:17 GMT
Technically I updated it in both, I created ARTEMIS-3421 and made the
change against it so its in the next release notes, and also mentioned
ARTEMIS-3367 so it can also be seen by anyone happening across the
original change via there.

I tweaked the default doc and clarified what the setting does a bit. I
think perhaps Justin was thinking something more explicit about what a
failure on mismatch means and what can be done.

Robbie

On Mon, 23 Aug 2021 at 08:01, Dondorp, Erwin <erwin.dondorp@cgi.com> wrote:
>
> Justin,
>
> You just saved me a lot of time, thx!
>
> FYI, I see that Robbie updated the documentation on 18-aug, but in ARTEMIS-3421.
>
> e.
>
> -----Oorspronkelijk bericht-----
> Van: Justin Bertram <jbertram@apache.org>
> Verzonden: maandag 23 augustus 2021 03:51
> Aan: users@activemq.apache.org
> Onderwerp: Re: SSL error as of artemis 2.18.0
>
>
> EXTERNAL SENDER:   Do not click any links or open any attachments unless you trust the
sender and know the content is safe.
> EXPÉDITEUR EXTERNE:    Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe
à moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez l'assurance que
le contenu provient d'une source sûre.
>
> The change in question is from ARTEMIS-3367 [1]. Since the hostname defined in the SSL
cert on your broker can't be verified then you should either get a new cert for your broker
for which the hostname *can* be verified or set verifyHost=false on the connector for the
cluster-connection.
>
> I'll make this more clear in the relevant documentation [1].
>
>
> Justin
>
> [1] https://urldefense.com/v3/__https://issues.apache.org/jira/browse/ARTEMIS-3367__;!!AaIhyw!9jkvRaZw1t4ba7OJzuo06w1EHZjmVsuMXrIaZq_LM9dWoqg252BBlmBkKP1fenty$
> [2]
> https://urldefense.com/v3/__https://activemq.apache.org/components/artemis/documentation/latest/versions.html__;!!AaIhyw!9jkvRaZw1t4ba7OJzuo06w1EHZjmVsuMXrIaZq_LM9dWoqg252BBlmBkKCNafbTO$
>
> On Sun, Aug 22, 2021 at 8:09 PM Dondorp, Erwin <erwin.dondorp@cgi.com>
> wrote:
>
> > Hello!
> >
> > Since Artemis 2.18.0, the broker-broker connections (for clustering)
> > refuse to connect due to "Caused by:
> > java.security.cert.CertificateException: No name matching [hostname]
> > found". I did not try any client connections yet, so these might just
> > have the same problem.
> > My setup is the simplest possible SSL with self-signed certificates
> > since it is a development system.
> > While looking through the release notes (and zooming in on some of the
> > Jira issues), I did not quickly spot a change that would cause this.
> > I did not have this problem when using the snapshot versions of
> > 2.18.0, but the last version I actually checked was
> > apache-artemis-2.18.0-20210730.150450-205-bin.tar.gz.
> > So the question is: what was actually changed? (or is broken? can't
> > believe that).
> >
> > thx,
> > Erwin
> >

Mime
View raw message