You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cs...@apache.org on 2018/09/04 10:39:32 UTC
[1/2] activemq git commit: Add support for hostname verification
Repository: activemq
Updated Branches:
refs/heads/activemq-5.15.x 2373aa132 -> 02971a40e
Add support for hostname verification
(cherry picked from commit 69fad2a135689f6c31fbada1c397f2e0dfd90d3c)
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/bde7097f
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/bde7097f
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/bde7097f
Branch: refs/heads/activemq-5.15.x
Commit: bde7097fb8173cf871827df7811b3865679b963d
Parents: 2373aa1
Author: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Authored: Tue Aug 21 09:05:42 2018 -0400
Committer: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Committed: Tue Sep 4 06:39:05 2018 -0400
----------------------------------------------------------------------
.../transport/amqp/AmqpTestSupport.java | 4 +-
.../amqp/auto/JMSClientAutoSslAuthTest.java | 2 +-
.../transport/nio/AutoInitNioSSLTransport.java | 7 ++++
.../activemq/transport/nio/NIOSSLTransport.java | 16 ++++++++
.../activemq/transport/tcp/SslTransport.java | 40 ++++++++++++++++++++
.../transport/tcp/SslTransportServer.java | 2 +
.../activemq/transport/tcp/TcpTransport.java | 3 +-
.../transport/tcp/TcpTransportServer.java | 13 +++++++
.../mqtt/auto/MQTTAutoSslAuthTest.java | 2 +-
.../transport/stomp/StompSslAuthTest.java | 6 +--
.../stomp/auto/StompAutoSslAuthTest.java | 2 +-
.../org/apache/activemq/bugs/AMQ4126Test.java | 2 +-
.../org/apache/activemq/bugs/AMQ6599Test.java | 2 +-
.../network/NetworkReconnectSslNioTest.java | 4 +-
.../transport/auto/AutoSslAuthTest.java | 4 +-
.../auto/AutoTransportConnectionsTest.java | 6 +++
.../activemq/transport/nio/NIOSSLBasicTest.java | 33 ++++++++++++----
.../activemq/transport/nio/NIOSSLLoadTest.java | 3 +-
.../transport/nio/NIOSSLWindowSizeTest.java | 20 +++++-----
.../transport/tcp/SslTransportFactoryTest.java | 8 ++++
...InconsistentConnectorPropertiesBehaviour.xml | 12 +++---
.../bugs/amq4126/JaasStompSSLBroker.xml | 8 ++--
.../JaasDualAuthenticationNetworkBridge.xml | 2 +-
...aasDualAuthenticationNetworkBridgeNioSsl.xml | 2 +-
24 files changed, 157 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
----------------------------------------------------------------------
diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
index 69d1998..8fb26f2 100644
--- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
+++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
@@ -185,7 +185,7 @@ public class AmqpTestSupport {
}
if (isUseSslConnector()) {
connector = brokerService.addConnector(
- "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
+ "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpSslPort = connector.getConnectUri().getPort();
amqpSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+ssl port " + amqpSslPort);
@@ -199,7 +199,7 @@ public class AmqpTestSupport {
}
if (isUseNioPlusSslConnector()) {
connector = brokerService.addConnector(
- "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
+ "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpNioPlusSslPort = connector.getConnectUri().getPort();
amqpNioPlusSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
index 40c1eb3..d611ee6 100644
--- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
+++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
@@ -79,7 +79,7 @@ public class JMSClientAutoSslAuthTest extends JMSClientTestSupport {
@Override
protected String getAdditionalConfig() {
- return "?transport.needClientAuth=true";
+ return "?transport.needClientAuth=true&transport.verifyHostName=false";
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java b/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
index 449c7ae..9301b65 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java
@@ -30,6 +30,7 @@ import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLParameters;
import org.apache.activemq.thread.TaskRunnerFactory;
import org.apache.activemq.util.IOExceptionSupport;
@@ -89,6 +90,12 @@ public class AutoInitNioSSLTransport extends NIOSSLTransport {
sslEngine = sslContext.createSSLEngine();
}
+ if (verifyHostName) {
+ SSLParameters sslParams = new SSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslEngine.setSSLParameters(sslParams);
+ }
+
sslEngine.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslEngine.setEnabledCipherSuites(enabledCipherSuites);
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
index 64e96be..74aa342 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
@@ -36,6 +36,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
@@ -56,6 +57,7 @@ public class NIOSSLTransport extends NIOTransport {
protected boolean wantClientAuth;
protected String[] enabledCipherSuites;
protected String[] enabledProtocols;
+ protected boolean verifyHostName = true;
protected SSLContext sslContext;
protected SSLEngine sslEngine;
@@ -119,6 +121,12 @@ public class NIOSSLTransport extends NIOTransport {
sslEngine = sslContext.createSSLEngine();
}
+ if (verifyHostName) {
+ SSLParameters sslParams = new SSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslEngine.setSSLParameters(sslParams);
+ }
+
sslEngine.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslEngine.setEnabledCipherSuites(enabledCipherSuites);
@@ -543,4 +551,12 @@ public class NIOSSLTransport extends NIOTransport {
public void setEnabledProtocols(String[] enabledProtocols) {
this.enabledProtocols = enabledProtocols;
}
+
+ public boolean isVerifyHostName() {
+ return verifyHostName;
+ }
+
+ public void setVerifyHostName(boolean verifyHostName) {
+ this.verifyHostName = verifyHostName;
+ }
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
index 0c2fab9..91ba42c 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
@@ -17,11 +17,14 @@
package org.apache.activemq.transport.tcp;
import java.io.IOException;
+import java.net.Socket;
+import java.net.SocketException;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -43,6 +46,8 @@ import org.apache.activemq.wireformat.WireFormat;
*/
public class SslTransport extends TcpTransport {
+ private Boolean verifyHostName = null;
+
/**
* Connect to a remote node such as a Broker.
*
@@ -73,6 +78,37 @@ public class SslTransport extends TcpTransport {
}
}
+ @Override
+ protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
+ //This needs to default to null because this transport class is used for both a server transport
+ //and a client connection and if we default it to a value it might override the transport server setting
+ //that was configured inside TcpTransportServer
+
+ //The idea here is that if this is a server transport then verifyHostName will be set by the setter
+ //below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName
+ //then it will be null and we can check socketOptions
+
+ //Unfortunately we have to do this to stay consistent because every other SSL option on the client
+ //side is configured using socket. but this particular option isn't actually part of the socket
+ //so it makes it tricky
+ if (verifyHostName == null) {
+ if (socketOptions != null && socketOptions.containsKey("verifyHostName")) {
+ verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
+ socketOptions.remove("verifyHostName");
+ } else {
+ verifyHostName = true;
+ }
+ }
+
+ if (verifyHostName) {
+ SSLParameters sslParams = new SSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ ((SSLSocket)this.socket).setSSLParameters(sslParams);
+ }
+
+ super.initialiseSocket(sock);
+ }
+
/**
* Initialize from a ServerSocket. No access to needClientAuth is given
* since it is already set within the provided socket.
@@ -108,6 +144,10 @@ public class SslTransport extends TcpTransport {
super.doConsume(command);
}
+ public void setVerifyHostName(Boolean verifyHostName) {
+ this.verifyHostName = verifyHostName;
+ }
+
/**
* @return peer certificate chain associated with the ssl socket
*/
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
index bfd6318..5106e4f 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java
@@ -100,6 +100,7 @@ public class SslTransportServer extends TcpTransportServer {
*
* @throws IOException passed up from TcpTransportServer.
*/
+ @Override
public void bind() throws IOException {
super.bind();
if (needClientAuth) {
@@ -119,6 +120,7 @@ public class SslTransportServer extends TcpTransportServer {
* @return The newly return (SSL) Transport.
* @throws IOException
*/
+ @Override
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
return new SslTransport(format, (SSLSocket)socket);
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
index 04d1636..e85cbaf 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java
@@ -133,7 +133,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
protected final AtomicReference<CountDownLatch> stoppedLatch = new AtomicReference<CountDownLatch>();
protected volatile int receiveCounter;
- private Map<String, Object> socketOptions;
+ protected Map<String, Object> socketOptions;
private int soLinger = Integer.MIN_VALUE;
private Boolean keepAlive;
private Boolean tcpNoDelay;
@@ -751,6 +751,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
return true;
}
+ @Override
public WireFormat getWireFormat() {
return wireFormat;
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
index 6f3651f..61aec1d 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
@@ -40,6 +40,7 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ServerSocketFactory;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import org.apache.activemq.Service;
@@ -79,6 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
protected int minmumWireFormatVersion;
protected boolean useQueueForAccept = true;
protected boolean allowLinkStealing;
+ protected boolean verifyHostName = true;
/**
* trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer
@@ -172,6 +174,16 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
// see: https://issues.apache.org/jira/browse/AMQ-4582
//
if (socket instanceof SSLServerSocket) {
+ if (transportOptions.containsKey("verifyHostName")) {
+ verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString());
+ }
+
+ if (verifyHostName) {
+ SSLParameters sslParams = new SSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ ((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
+ }
+
if (transportOptions.containsKey("enabledCipherSuites")) {
Object cipherSuites = transportOptions.remove("enabledCipherSuites");
@@ -180,6 +192,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
"Invalid transport options {enabledCipherSuites=%s}", cipherSuites));
}
}
+
}
//AMQ-6599 - don't strip out set properties on the socket as we need to set them
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java b/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
index 4fae9c4..3fb67a4 100644
--- a/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
+++ b/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
@@ -55,7 +55,7 @@ public class MQTTAutoSslAuthTest extends MQTTTestSupport {
*/
public MQTTAutoSslAuthTest(String protocol) {
this.protocol = protocol;
- protocolConfig = "transport.needClientAuth=true";
+ protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&";
}
@Override
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
index 9b4d1c4..d295dfb 100644
--- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
+++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
@@ -54,13 +54,13 @@ public class StompSslAuthTest extends StompTest {
@Override
public void addOpenWireConnector() throws Exception {
- TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?needClientAuth=true");
- cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString());
+ TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false");
}
@Override
protected String getAdditionalConfig() {
- return "?needClientAuth=true";
+ return "?needClientAuth=true&transport.verifyHostName=false";
}
// NOOP - These operations handled by jaas cert login module
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java
index f878cf2..20f5edb 100644
--- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java
+++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java
@@ -102,7 +102,7 @@ public class StompAutoSslAuthTest extends StompTestSupport {
@Override
protected String getAdditionalConfig() {
- return "?transport.needClientAuth=true";
+ return "?transport.needClientAuth=true&transport.verifyHostName=false";
}
@Override
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java
index 4d6d39c..60245f0 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java
@@ -121,7 +121,7 @@ public class AMQ4126Test {
public void openwireConnectTo(String connectorName, String username, String password) throws Exception {
URI brokerURI = broker.getConnectorByName(connectorName).getConnectUri();
- String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort();
+ String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort() + "?socket.verifyHostName=false";
ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory(uri);
cf.setTrustStore("org/apache/activemq/security/broker1.ks");
cf.setTrustStorePassword("password");
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
index 72c9b88..3de3ee9 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
@@ -71,7 +71,7 @@ public class AMQ6599Test {
brokerService.setPersistent(false);
TransportConnector connector = brokerService.addConnector(protocol +
- "://localhost:0?transport.soTimeout=3500");
+ "://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false");
connector.setName("connector");
uri = connector.getPublishableConnectString();
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
index 0c3b1ed..b97fdcf 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
@@ -47,14 +47,14 @@ public class NetworkReconnectSslNioTest {
remote.setSslContext(sslContext);
remote.setUseJmx(false);
remote.setPersistent(false);
- final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0");
+ final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false");
remote.start();
BrokerService local = new BrokerService();
local.setSslContext(sslContext);
local.setUseJmx(false);
local.setPersistent(false);
- final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + ")?useExponentialBackOff=false&initialReconnectDelay=10");
+ final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + "?socket.verifyHostName=false" + ")?useExponentialBackOff=false&initialReconnectDelay=10");
local.start();
assertTrue("Bridge created", Wait.waitFor(new Wait.Condition() {
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
index be6043b..f24620d 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
@@ -75,7 +75,7 @@ public class AutoSslAuthTest {
BrokerService brokerService = new BrokerService();
brokerService.setPersistent(false);
- TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true");
+ TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
connector.setName("auto");
uri = connector.getPublishableConnectString();
@@ -126,7 +126,7 @@ public class AutoSslAuthTest {
@Test(timeout = 60000)
public void testConnect() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory();
- factory.setBrokerURL(uri);
+ factory.setBrokerURL(uri + "?socket.verifyHostName=false");
//Create 5 connections to make sure all are properly set
for (int i = 0; i < 5; i++) {
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
index 02a72cf..1de13ac 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
@@ -103,8 +103,14 @@ public class AutoTransportConnectionsTest {
}
public void configureConnectorAndStart(String bindAddress) throws Exception {
+ if (bindAddress.contains("ssl")) {
+ bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false";
+ }
connector = service.addConnector(bindAddress);
connectionUri = connector.getPublishableConnectString();
+ if (connectionUri.contains("ssl")) {
+ connectionUri += connectionUri.contains("?") ? "&socket.verifyHostName=false" : "?socket.verifyHostName=false";
+ }
service.start();
service.waitUntilStarted();
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
index 473d785..d9ea3ae 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
@@ -17,14 +17,14 @@
package org.apache.activemq.transport.nio;
import javax.jms.Connection;
+import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageConsumer;
import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.TextMessage;
-
-import junit.framework.TestCase;
+import javax.net.ssl.SSLHandshakeException;
import org.apache.activemq.ActiveMQConnectionFactory;
import org.apache.activemq.broker.BrokerService;
@@ -33,6 +33,8 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import junit.framework.TestCase;
+
public class NIOSSLBasicTest {
public static final String KEYSTORE_TYPE = "jks";
@@ -78,25 +80,40 @@ public class NIOSSLBasicTest {
@Test
public void basicConnector() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true");
- basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledCipherSuites() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
- basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false");
+ basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledProtocols() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2");
- basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false");
+ basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
+ //Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name
+ @Test(expected = Exception.class)
+ public void verifyHostNameError() throws Exception {
+ BrokerService broker = null;
+ try {
+ broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true");
+ basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
+ } finally {
+ if (broker != null) {
+ stopBroker(broker);
+ }
+ }
+ }
+
+
public void basicSendReceive(String uri) throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri);
Connection connection = factory.createConnection();
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
index 4751c9f..4a92d66 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
@@ -74,7 +74,7 @@ public class NIOSSLLoadTest {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
- connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
+ connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
broker.start();
broker.waitUntilStarted();
@@ -113,6 +113,7 @@ public class NIOSSLLoadTest {
}
Wait.waitFor(new Wait.Condition() {
+ @Override
public boolean isSatisified() throws Exception {
return getReceived() == PRODUCER_COUNT * MESSAGE_COUNT;
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
index 17cdc41..e92b4fe 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
@@ -30,11 +30,11 @@ import javax.jms.Session;
@SuppressWarnings("javadoc")
public class NIOSSLWindowSizeTest extends TestCase {
-
+
BrokerService broker;
Connection connection;
Session session;
-
+
public static final String KEYSTORE_TYPE = "jks";
public static final String PASSWORD = "password";
public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore";
@@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase {
public static final int MESSAGE_SIZE = 65536;
byte[] messageData;
-
+
@Override
protected void setUp() throws Exception {
System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE);
@@ -59,19 +59,19 @@ public class NIOSSLWindowSizeTest extends TestCase {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
- TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true");
+ TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
broker.start();
broker.waitUntilStarted();
-
+
messageData = new byte[MESSAGE_SIZE];
for (int i = 0; i < MESSAGE_SIZE; i++)
{
messageData[i] = (byte) (i & 0xff);
}
-
+
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort());
connection = factory.createConnection();
- session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
connection.start();
}
@@ -100,14 +100,14 @@ public class NIOSSLWindowSizeTest extends TestCase {
prod.send(msg);
} finally {
prod.close();
- }
+ }
MessageConsumer cons = null;
- try
+ try
{
cons = session.createConsumer(dest);
assertNotNull(cons.receive(30000L));
} finally {
cons.close();
- }
+ }
}
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
index af9d672..cfe1f25 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java
@@ -33,10 +33,12 @@ public class SslTransportFactoryTest extends TestCase {
private SslTransportFactory factory;
private boolean verbose;
+ @Override
protected void setUp() throws Exception {
factory = new SslTransportFactory();
}
+ @Override
protected void tearDown() throws Exception {
super.tearDown();
}
@@ -96,6 +98,12 @@ public class SslTransportFactoryTest extends TestCase {
// -1 since the option range is [-1,1], not [0,2].
optionSettings[j] = getMthNaryDigit(i, j, 3) - 1;
+ //We now always set options to a default we default verifyHostName to true
+ //so we setSSLParameters so make the not set value = 0
+ if (optionSettings[j] == -1) {
+ optionSettings[j] = 0;
+ }
+
if (optionSettings[j] != -1) {
options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false");
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
index c672f6d..0241f67 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml
@@ -36,12 +36,12 @@
</sslContext>
<transportConnectors>
- <transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true" />
- <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true" />
- <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
+ <transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
</transportConnectors>
</broker>
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
index 70af5fa..3778173 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
@@ -36,10 +36,10 @@
</sslContext>
<transportConnectors>
- <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" />
- <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
+ <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
</transportConnectors>
</broker>
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
index faae4db..e2eddb9 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
@@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
- <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
+ <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
</transportConnectors>
</broker>
</beans>
http://git-wip-us.apache.org/repos/asf/activemq/blob/bde7097f/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
index 9e5e7d1..eb3d2fd 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
@@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
- <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
+ <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
</transportConnectors>
</broker>
</beans>
[2/2] activemq git commit: AMQ-7047 - Switch default for hostname
verification to be false for server
Posted by cs...@apache.org.
AMQ-7047 - Switch default for hostname verification to be false for
server
For the client it makes sense to have it true by default but for the
server it makes sense to have it false by default
(cherry picked from commit 1e31df9800fc2db258f2458628bd9863c11b2846)
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/02971a40
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/02971a40
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/02971a40
Branch: refs/heads/activemq-5.15.x
Commit: 02971a40e281713a8397d3a1809c164b594abfbb
Parents: bde7097
Author: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Authored: Fri Aug 31 13:04:14 2018 -0400
Committer: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Committed: Tue Sep 4 06:39:13 2018 -0400
----------------------------------------------------------------------
.../transport/amqp/AmqpTestSupport.java | 4 ++--
.../amqp/auto/JMSClientAutoSslAuthTest.java | 2 +-
.../activemq/transport/nio/NIOSSLTransport.java | 2 +-
.../activemq/transport/tcp/SslTransport.java | 1 +
.../transport/tcp/TcpTransportServer.java | 4 +++-
.../mqtt/auto/MQTTAutoSslAuthTest.java | 2 +-
.../transport/stomp/StompSslAuthTest.java | 2 +-
.../org/apache/activemq/bugs/AMQ6599Test.java | 2 +-
.../network/NetworkReconnectSslNioTest.java | 2 +-
.../transport/auto/AutoSslAuthTest.java | 4 ++--
.../auto/AutoTransportConnectionsTest.java | 3 ---
.../activemq/transport/nio/NIOSSLBasicTest.java | 11 +++++------
.../activemq/transport/nio/NIOSSLLoadTest.java | 2 +-
.../transport/nio/NIOSSLWindowSizeTest.java | 20 ++++++++++----------
.../bugs/amq4126/JaasStompSSLBroker.xml | 8 ++++----
.../JaasDualAuthenticationNetworkBridge.xml | 2 +-
...aasDualAuthenticationNetworkBridgeNioSsl.xml | 2 +-
17 files changed, 36 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
----------------------------------------------------------------------
diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
index 8fb26f2..69d1998 100644
--- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
+++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java
@@ -185,7 +185,7 @@ public class AmqpTestSupport {
}
if (isUseSslConnector()) {
connector = brokerService.addConnector(
- "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
+ "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpSslPort = connector.getConnectUri().getPort();
amqpSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+ssl port " + amqpSslPort);
@@ -199,7 +199,7 @@ public class AmqpTestSupport {
}
if (isUseNioPlusSslConnector()) {
connector = brokerService.addConnector(
- "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
+ "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpNioPlusSslPort = connector.getConnectUri().getPort();
amqpNioPlusSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
index d611ee6..40c1eb3 100644
--- a/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
+++ b/activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java
@@ -79,7 +79,7 @@ public class JMSClientAutoSslAuthTest extends JMSClientTestSupport {
@Override
protected String getAdditionalConfig() {
- return "?transport.needClientAuth=true&transport.verifyHostName=false";
+ return "?transport.needClientAuth=true";
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
index 74aa342..9f5e65d 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java
@@ -57,7 +57,7 @@ public class NIOSSLTransport extends NIOTransport {
protected boolean wantClientAuth;
protected String[] enabledCipherSuites;
protected String[] enabledProtocols;
- protected boolean verifyHostName = true;
+ protected boolean verifyHostName = false;
protected SSLContext sslContext;
protected SSLEngine sslEngine;
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
index 91ba42c..f512cce 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
@@ -96,6 +96,7 @@ public class SslTransport extends TcpTransport {
verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
socketOptions.remove("verifyHostName");
} else {
+ //If null and not set then this is a client so default to true
verifyHostName = true;
}
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
index 61aec1d..6d642c0 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java
@@ -80,7 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
protected int minmumWireFormatVersion;
protected boolean useQueueForAccept = true;
protected boolean allowLinkStealing;
- protected boolean verifyHostName = true;
+ protected boolean verifyHostName = false;
/**
* trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer
@@ -176,6 +176,8 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
if (socket instanceof SSLServerSocket) {
if (transportOptions.containsKey("verifyHostName")) {
verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString());
+ } else {
+ transportOptions.put("verifyHostName", verifyHostName);
}
if (verifyHostName) {
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java b/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
index 3fb67a4..4fae9c4 100644
--- a/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
+++ b/activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java
@@ -55,7 +55,7 @@ public class MQTTAutoSslAuthTest extends MQTTTestSupport {
*/
public MQTTAutoSslAuthTest(String protocol) {
this.protocol = protocol;
- protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&";
+ protocolConfig = "transport.needClientAuth=true";
}
@Override
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
index d295dfb..03c24c4 100644
--- a/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
+++ b/activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java
@@ -54,7 +54,7 @@ public class StompSslAuthTest extends StompTest {
@Override
public void addOpenWireConnector() throws Exception {
- TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true");
cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false");
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
index 3de3ee9..72c9b88 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java
@@ -71,7 +71,7 @@ public class AMQ6599Test {
brokerService.setPersistent(false);
TransportConnector connector = brokerService.addConnector(protocol +
- "://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false");
+ "://localhost:0?transport.soTimeout=3500");
connector.setName("connector");
uri = connector.getPublishableConnectString();
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
index b97fdcf..95309a3 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java
@@ -47,7 +47,7 @@ public class NetworkReconnectSslNioTest {
remote.setSslContext(sslContext);
remote.setUseJmx(false);
remote.setPersistent(false);
- final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false");
+ final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0");
remote.start();
BrokerService local = new BrokerService();
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
index f24620d..be6043b 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java
@@ -75,7 +75,7 @@ public class AutoSslAuthTest {
BrokerService brokerService = new BrokerService();
brokerService.setPersistent(false);
- TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true");
connector.setName("auto");
uri = connector.getPublishableConnectString();
@@ -126,7 +126,7 @@ public class AutoSslAuthTest {
@Test(timeout = 60000)
public void testConnect() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory();
- factory.setBrokerURL(uri + "?socket.verifyHostName=false");
+ factory.setBrokerURL(uri);
//Create 5 connections to make sure all are properly set
for (int i = 0; i < 5; i++) {
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
index 1de13ac..46f82d4 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java
@@ -103,9 +103,6 @@ public class AutoTransportConnectionsTest {
}
public void configureConnectorAndStart(String bindAddress) throws Exception {
- if (bindAddress.contains("ssl")) {
- bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false";
- }
connector = service.addConnector(bindAddress);
connectionUri = connector.getPublishableConnectString();
if (connectionUri.contains("ssl")) {
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
index d9ea3ae..6444d2c 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java
@@ -80,28 +80,28 @@ public class NIOSSLBasicTest {
@Test
public void basicConnector() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledCipherSuites() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false");
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledProtocols() throws Exception {
- BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false");
+ BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
- //Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name
+ //Client is missing verifyHostName=false so it should fail as cert doesn't have right host name
@Test(expected = Exception.class)
- public void verifyHostNameError() throws Exception {
+ public void verifyHostNameErrorClient() throws Exception {
BrokerService broker = null;
try {
broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true");
@@ -113,7 +113,6 @@ public class NIOSSLBasicTest {
}
}
-
public void basicSendReceive(String uri) throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri);
Connection connection = factory.createConnection();
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
index 4a92d66..0e50f44 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java
@@ -74,7 +74,7 @@ public class NIOSSLLoadTest {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
- connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
+ connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
broker.start();
broker.waitUntilStarted();
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
index e92b4fe..17cdc41 100644
--- a/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
+++ b/activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java
@@ -30,11 +30,11 @@ import javax.jms.Session;
@SuppressWarnings("javadoc")
public class NIOSSLWindowSizeTest extends TestCase {
-
+
BrokerService broker;
Connection connection;
Session session;
-
+
public static final String KEYSTORE_TYPE = "jks";
public static final String PASSWORD = "password";
public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore";
@@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase {
public static final int MESSAGE_SIZE = 65536;
byte[] messageData;
-
+
@Override
protected void setUp() throws Exception {
System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE);
@@ -59,19 +59,19 @@ public class NIOSSLWindowSizeTest extends TestCase {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
- TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
+ TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true");
broker.start();
broker.waitUntilStarted();
-
+
messageData = new byte[MESSAGE_SIZE];
for (int i = 0; i < MESSAGE_SIZE; i++)
{
messageData[i] = (byte) (i & 0xff);
}
-
+
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort());
connection = factory.createConnection();
- session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
connection.start();
}
@@ -100,14 +100,14 @@ public class NIOSSLWindowSizeTest extends TestCase {
prod.send(msg);
} finally {
prod.close();
- }
+ }
MessageConsumer cons = null;
- try
+ try
{
cons = session.createConsumer(dest);
assertNotNull(cons.receive(30000L));
} finally {
cons.close();
- }
+ }
}
}
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
index 3778173..70af5fa 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml
@@ -36,10 +36,10 @@
</sslContext>
<transportConnectors>
- <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
- <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
- <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
- <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" />
+ <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
+ <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
+ <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" />
+ <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
</transportConnectors>
</broker>
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
index e2eddb9..faae4db 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml
@@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
- <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
+ <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
</transportConnectors>
</broker>
</beans>
http://git-wip-us.apache.org/repos/asf/activemq/blob/02971a40/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
----------------------------------------------------------------------
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
index eb3d2fd..9e5e7d1 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml
@@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
- <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/>
+ <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/>
</transportConnectors>
</broker>
</beans>