You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Piotr Klimczak (JIRA)" <ji...@apache.org> on 2014/07/29 22:04:40 UTC

[jira] [Created] (AMQ-5295) HTTPSClientTransport uses wrong SSLSocketFactory

Piotr Klimczak created AMQ-5295:
-----------------------------------

             Summary: HTTPSClientTransport uses wrong SSLSocketFactory
                 Key: AMQ-5295
                 URL: https://issues.apache.org/jira/browse/AMQ-5295
             Project: ActiveMQ
          Issue Type: Bug
          Components: Connector
    Affects Versions: 5.9.0
         Environment: JBoss Fuse 6.1
            Reporter: Piotr Klimczak


HttpsClientTransport is getting wrong SSLSocketFactory.

The problem is here:
{code}
    private SchemeRegistry createSchemeRegistry() {

        SchemeRegistry schemeRegistry = new SchemeRegistry();
        try {
            // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
            // javax.net.ssl.trustStore, etc, properties by default
            SSLSocketFactory sslSocketFactory =
                    new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) javax.net.ssl.SSLSocketFactory.getDefault(),
                    SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
            schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
            return schemeRegistry;
        } catch (Exception e) {
            throw new IllegalStateException("Failure trying to create scheme registry", e);
        }
    }
{code}

The problem with that code is, that it never take SSLSocketFactory from spring context. So the one defined in XML is ignored.

So it's code have to be replaced with:

{code}
    private SchemeRegistry createSchemeRegistry() {

        SchemeRegistry schemeRegistry = new SchemeRegistry();
        try {
            // register the default socket factory so that it looks at the javax.net.ssl.keyStore,
            // javax.net.ssl.trustStore, etc, properties by default
            SSLSocketFactory sslSocketFactory = createSocketFactory();
            schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), sslSocketFactory));
            return schemeRegistry;
        } catch (Exception e) {
            throw new IllegalStateException("Failure trying to create scheme registry", e);
        }
    }
{code}

And then new method should be added:

{code}
    /**
     * Creates a new SSL SocketFactory. The given factory will use user-provided
     * key and trust managers (if the user provided them).
     *
     * @return Newly created (Ssl)SocketFactory.
     * @throws IOException
     */
    protected SocketFactory createSocketFactory() throws IOException {
        if (SslContext.getCurrentSslContext() != null) {
            SslContext ctx = SslContext.getCurrentSslContext();
            try {
                return ctx.getSSLContext().getSocketFactory();
            } catch (Exception e) {
                throw IOExceptionSupport.create(e);
            }
        } else {
            return SSLSocketFactory.getDefault();
        }

    }
{code}

This is consistent solution with other transports.

I will prepare patches and tests for this scenerio.

Greetings
Piotr Klimczak



--
This message was sent by Atlassian JIRA
(v6.2#6252)