qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: Specifying SSL information in URL for AMQP 1.0
Date Fri, 04 Oct 2013 14:50:59 GMT
Do you mean multiple brokers using distinct certificates, or multiple
connections (toone or many brokers) using distinct client certificates for
SSL client-auth purposes?

The former would just require adding multiple entries to the configured
truststore, whereas the latter would obviously require either the ability
to set distinct keystores or ability to specify which key should be used
from multiple entries in a single store, which I don't believe the 1.0
client can currently do (mainly as its existance came primarily from
prototying work undertaken during creation of the AMQP 1.0 specification


On 4 October 2013 13:59, mrich <Matthew.Rich@qxlva.com> wrote:

> Hi Robbie,
> Thanks for the clarification, I thought as much (as posted in my 'edited'
> original post), I was just hoping there is some other way of dictating
> this,
> which presumably there is not (without creating my own factory I guess)
> The problem I have is if you think of a scenario where you need to send
> messages to multiple queues that are represented by different clients and
> therefore secured by different certificates meaning I cannot use the global
> (JVM) settings.
> Do you believe that the API should provide a way of customising the
> security
> information on a per connection/factory basis, which would warrant a jira
> issue being raised?
> Thanks for your patient response.
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/Specifying-SSL-information-in-URL-for-AMQP-1-0-tp7598974p7599000.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message