You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2021/12/19 07:07:10 UTC
[activemq] branch activemq-5.16.x updated: AMQ-8275 eliminate use of reflection for SNI on SslTransport
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch activemq-5.16.x
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/activemq-5.16.x by this push:
new 369c05f AMQ-8275 eliminate use of reflection for SNI on SslTransport
369c05f is described below
commit 369c05fe7783ed39542e63243d0e7f0ebff57f7e
Author: Jonathan Gallimore <jo...@jrg.me.uk>
AuthorDate: Tue Sep 14 12:53:35 2021 +0100
AMQ-8275 eliminate use of reflection for SNI on SslTransport
(cherry picked from commit 34c4e186fe3d71c82866e89afd2706a3619ca2b4)
---
.../activemq/transport/tcp/SslTransport.java | 23 ++++++++++------------
1 file changed, 10 insertions(+), 13 deletions(-)
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
index 0d57d92..6e24558 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
@@ -22,8 +22,9 @@ import java.net.SocketException;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
-import java.util.HashMap;
+import java.util.Collections;
+import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
@@ -31,7 +32,6 @@ import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.activemq.command.ConnectionInfo;
-import org.apache.activemq.util.IntrospectionSupport;
import org.apache.activemq.wireformat.WireFormat;
/**
@@ -70,15 +70,6 @@ public class SslTransport extends TcpTransport {
super(wireFormat, socketFactory, remoteLocation, localLocation);
if (this.socket != null) {
((SSLSocket)this.socket).setNeedClientAuth(needClientAuth);
-
- // Lets try to configure the SSL SNI field. Handy in case your using
- // a single proxy to route to different messaging apps.
-
- // On java 1.7 it seems like it can only be configured via reflection.
- // TODO: find out if this will work on java 1.8
- HashMap props = new HashMap();
- props.put("host", remoteLocation.getHost());
- IntrospectionSupport.setProperties(this.socket, props);
}
}
@@ -127,12 +118,18 @@ public class SslTransport extends TcpTransport {
}
}
+ // Lets try to configure the SSL SNI field. Handy in case your using
+ // a single proxy to route to different messaging apps.
+ final SSLParameters sslParams = new SSLParameters();
+ if (remoteLocation != null) {
+ sslParams.setServerNames(Collections.singletonList(new SNIHostName(remoteLocation.getHost())));
+ }
+
if (verifyHostName) {
- SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
- ((SSLSocket)this.socket).setSSLParameters(sslParams);
}
+ ((SSLSocket)this.socket).setSSLParameters(sslParams);
super.initialiseSocket(sock);
}