You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Piotr Klimczak (JIRA)" <ji...@apache.org> on 2014/07/29 22:04:40 UTC
[jira] [Created] (AMQ-5295) HTTPSClientTransport uses wrong
SSLSocketFactory
Piotr Klimczak created AMQ-5295:
-----------------------------------
Summary: HTTPSClientTransport uses wrong SSLSocketFactory
Key: AMQ-5295
URL: https://issues.apache.org/jira/browse/AMQ-5295
Project: ActiveMQ
Issue Type: Bug
Components: Connector
Affects Versions: 5.9.0
Environment: JBoss Fuse 6.1
Reporter: Piotr Klimczak
HttpsClientTransport is getting wrong SSLSocketFactory.
The problem is here:
{code}
private SchemeRegistry createSchemeRegistry() {
SchemeRegistry schemeRegistry = new SchemeRegistry();
try {
// register the default socket factory so that it looks at the javax.net.ssl.keyStore,
// javax.net.ssl.trustStore, etc, properties by default
SSLSocketFactory sslSocketFactory =
new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
return schemeRegistry;
} catch (Exception e) {
throw new IllegalStateException("Failure trying to create scheme registry", e);
}
}
{code}
The problem with that code is, that it never take SSLSocketFactory from spring context. So the one defined in XML is ignored.
So it's code have to be replaced with:
{code}
private SchemeRegistry createSchemeRegistry() {
SchemeRegistry schemeRegistry = new SchemeRegistry();
try {
// register the default socket factory so that it looks at the javax.net.ssl.keyStore,
// javax.net.ssl.trustStore, etc, properties by default
SSLSocketFactory sslSocketFactory = createSocketFactory();
schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
return schemeRegistry;
} catch (Exception e) {
throw new IllegalStateException("Failure trying to create scheme registry", e);
}
}
{code}
And then new method should be added:
{code}
/**
* Creates a new SSL SocketFactory. The given factory will use user-provided
* key and trust managers (if the user provided them).
*
* @return Newly created (Ssl)SocketFactory.
* @throws IOException
*/
protected SocketFactory createSocketFactory() throws IOException {
if (SslContext.getCurrentSslContext() != null) {
SslContext ctx = SslContext.getCurrentSslContext();
try {
return ctx.getSSLContext().getSocketFactory();
} catch (Exception e) {
throw IOExceptionSupport.create(e);
}
} else {
return SSLSocketFactory.getDefault();
}
}
{code}
This is consistent solution with other transports.
I will prepare patches and tests for this scenerio.
Greetings
Piotr Klimczak
--
This message was sent by Atlassian JIRA
(v6.2#6252)