You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2021/12/19 07:07:10 UTC

[activemq] branch activemq-5.16.x updated: AMQ-8275 eliminate use of reflection for SNI on SslTransport

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.16.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.16.x by this push:
     new 369c05f  AMQ-8275 eliminate use of reflection for SNI on SslTransport
369c05f is described below

commit 369c05fe7783ed39542e63243d0e7f0ebff57f7e
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue Sep 14 12:53:35 2021 +0100

    AMQ-8275 eliminate use of reflection for SNI on SslTransport
    
    (cherry picked from commit 34c4e186fe3d71c82866e89afd2706a3619ca2b4)
---
 .../activemq/transport/tcp/SslTransport.java       | 23 ++++++++++------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
index 0d57d92..6e24558 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
@@ -22,8 +22,9 @@ import java.net.SocketException;
 import java.net.URI;
 import java.net.UnknownHostException;
 import java.security.cert.X509Certificate;
-import java.util.HashMap;
+import java.util.Collections;
 
+import javax.net.ssl.SNIHostName;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
@@ -31,7 +32,6 @@ import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
 import org.apache.activemq.command.ConnectionInfo;
-import org.apache.activemq.util.IntrospectionSupport;
 import org.apache.activemq.wireformat.WireFormat;
 
 /**
@@ -70,15 +70,6 @@ public class SslTransport extends TcpTransport {
         super(wireFormat, socketFactory, remoteLocation, localLocation);
         if (this.socket != null) {
             ((SSLSocket)this.socket).setNeedClientAuth(needClientAuth);
-
-            // Lets try to configure the SSL SNI field.  Handy in case your using
-            // a single proxy to route to different messaging apps.
-
-            // On java 1.7 it seems like it can only be configured via reflection.
-            // TODO: find out if this will work on java 1.8
-            HashMap props = new HashMap();
-            props.put("host", remoteLocation.getHost());
-            IntrospectionSupport.setProperties(this.socket, props);
         }
     }
 
@@ -127,12 +118,18 @@ public class SslTransport extends TcpTransport {
             }
         }
 
+        // Lets try to configure the SSL SNI field.  Handy in case your using
+        // a single proxy to route to different messaging apps.
+        final SSLParameters sslParams = new SSLParameters();
+        if (remoteLocation != null) {
+            sslParams.setServerNames(Collections.singletonList(new SNIHostName(remoteLocation.getHost())));
+        }
+
         if (verifyHostName) {
-            SSLParameters sslParams = new SSLParameters();
             sslParams.setEndpointIdentificationAlgorithm("HTTPS");
-            ((SSLSocket)this.socket).setSSLParameters(sslParams);
         }
 
+        ((SSLSocket)this.socket).setSSLParameters(sslParams);
         super.initialiseSocket(sock);
     }