You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Markus Jung | Ogitix (JIRA)" <ji...@apache.org> on 2011/01/24 10:58:44 UTC
[jira] Created: (AMQNET-311) Stomp SSL: No certificates loaded from
key-store
Stomp SSL: No certificates loaded from key-store
------------------------------------------------
Key: AMQNET-311
URL: https://issues.apache.org/jira/browse/AMQNET-311
Project: ActiveMQ .Net
Issue Type: Bug
Components: Stomp
Affects Versions: 1.5.1
Environment: Windows
Reporter: Markus Jung | Ogitix
Assignee: Jim Gomes
Priority: Minor
Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
The reason is, the store must be opened (and closed):
Changing the lines in LoadCertificates to:
X509Store store = new X509Store(name, location);
store.Open(OpenFlags.ReadOnly);
collection = store.Certificates;
store.Close();
the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (AMQNET-311) Stomp SSL: No certificates loaded
from key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish reopened AMQNET-311:
---------------------------------
missed a part of the fix in the apply.
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: ActiveMQ, Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 1.5.1
>
> Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQNET-311) Stomp SSL: No certificates loaded
from key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQNET-311.
---------------------------------
Resolution: Fixed
Assignee: Timothy Bish (was: Jim Gomes)
Fixed in trunk for both NMS.Stomp and NMS.ActiveMQ. Fix merged to NMS.Stomp 1.5.x branch.
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: ActiveMQ, Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 1.5.1
>
> Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQNET-311) Stomp SSL: No certificates loaded from
key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQNET-311:
--------------------------------
Affects Version/s: (was: 1.5.1)
1.5.0
1.5.1 hasn't been released
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Jim Gomes
> Priority: Minor
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQNET-311) Stomp SSL: No certificates loaded
from key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12985621#action_12985621 ]
Timothy Bish commented on AMQNET-311:
-------------------------------------
Please provide a test case that demonstrates the issue.
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: Stomp
> Affects Versions: 1.5.1
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Jim Gomes
> Priority: Minor
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQNET-311) Stomp SSL: No certificates loaded
from key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish resolved AMQNET-311.
---------------------------------
Resolution: Fixed
Added the missing line. Fixed in Trunk and 1.5.x fixes.
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: ActiveMQ, Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Timothy Bish
> Priority: Minor
> Fix For: 1.5.1
>
> Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQNET-311) Stomp SSL: No certificates loaded from
key-store
Posted by "Timothy Bish (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy Bish updated AMQNET-311:
--------------------------------
Component/s: ActiveMQ
Fix Version/s: 1.5.1
Similar code issue in NMS.ActiveMQ's SslTransport
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: ActiveMQ, Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Jim Gomes
> Priority: Minor
> Fix For: 1.5.1
>
> Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQNET-311) Stomp SSL: No certificates loaded from
key-store
Posted by "Markus Jung | Ogitix (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Markus Jung | Ogitix updated AMQNET-311:
----------------------------------------
Attachment: example_app.cs
Hopefully everything is translated correctly from german to english:
>From startmenu run certmgr.msc
Regarding http://activemq.apache.org/how-do-i-use-ssl.html:
Import client_cert to "My Certificates"
Import broker_cert to "Trusted Root Certification Authority"
Beware of, that the broker's certificate name property must match the hostname you will use in your connection-url. In my example: devweb
Create a new console-app using a reference to your stomp project: See attachment.
Add a breakpoint below this line
collection = store.Certificates;
in Apache.NMS.Stomp.Transport.Tcp.SslTransport LoadCertificates of your source.
The collection is empty. Expected is 1. Better: As much as you can see in the MMC.
Add the lines I suggested, and it is 1.
> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
> Key: AMQNET-311
> URL: https://issues.apache.org/jira/browse/AMQNET-311
> Project: ActiveMQ .Net
> Issue Type: Bug
> Components: Stomp
> Affects Versions: 1.5.0
> Environment: Windows
> Reporter: Markus Jung | Ogitix
> Assignee: Jim Gomes
> Priority: Minor
> Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport method LoadCertificates.
> But the collection store.Certificates is always empty, causing SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But maybe with an unexpected behavior if one is going to use the clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
> X509Store store = new X509Store(name, location);
> store.Open(OpenFlags.ReadOnly);
> collection = store.Certificates;
> store.Close();
> the collection is not empty anymore.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.