You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cs...@apache.org on 2018/09/24 11:35:11 UTC
activemq git commit: AMQ-7047 - clarify documentation
Repository: activemq
Updated Branches:
refs/heads/master 8cbc2080a -> 02c1e6d8f
AMQ-7047 - clarify documentation
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/02c1e6d8
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/02c1e6d8
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/02c1e6d8
Branch: refs/heads/master
Commit: 02c1e6d8f21d3bfc50154815ffb2f5caef05573c
Parents: 8cbc208
Author: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Authored: Mon Sep 24 07:34:36 2018 -0400
Committer: Christopher L. Shannon (cshannon) <ch...@gmail.com>
Committed: Mon Sep 24 07:35:00 2018 -0400
----------------------------------------------------------------------
.../activemq/transport/tcp/SslTransport.java | 48 +++++++++++++++-----
1 file changed, 37 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/activemq/blob/02c1e6d8/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
----------------------------------------------------------------------
diff --git a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
index f512cce..0d57d92 100644
--- a/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
+++ b/activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java
@@ -46,6 +46,10 @@ import org.apache.activemq.wireformat.WireFormat;
*/
public class SslTransport extends TcpTransport {
+ /**
+ * Default to null as there are different defaults between server and client, initialiseSocket
+ * for more details
+ */
private Boolean verifyHostName = null;
/**
@@ -80,18 +84,40 @@ public class SslTransport extends TcpTransport {
@Override
protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
- //This needs to default to null because this transport class is used for both a server transport
- //and a client connection and if we default it to a value it might override the transport server setting
- //that was configured inside TcpTransportServer
-
- //The idea here is that if this is a server transport then verifyHostName will be set by the setter
- //below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName
- //then it will be null and we can check socketOptions
-
- //Unfortunately we have to do this to stay consistent because every other SSL option on the client
- //side is configured using socket. but this particular option isn't actually part of the socket
- //so it makes it tricky
+ /**
+ * This needs to default to null because this transport class is used for both a server transport
+ * and a client connection and we have different defaults for both.
+ * If we default it to a value it might override the transport server setting
+ * that was configured inside TcpTransportServer (which sets a default to false for server side)
+ *
+ * The idea here is that if this is a server transport then verifyHostName will be set by the setter
+ * and not be null as TcpTransportServer will set a default value of false (or a user will set it
+ * using transport.verifyHostName) but if this is a client connection the value will be null by default
+ * and will stay null if the user uses socket.verifyHostName to set the value or doesn't use the setter
+ * If it is null then we can check socketOptions for the value and if not set there then we can
+ * just set a default of true as this will be a client
+ *
+ * Unfortunately we have to do this to stay consistent because every other SSL option on the client
+ * side can be configured using socket. but this particular option isn't actually part of the socket
+ * so it makes it tricky from a user standpoint. For consistency sake I think it makes sense to allow
+ * using the socket. prefix that has been established so users do not get confused (as well as
+ * allow using no prefix which just calls the setter directly)
+ *
+ * Because of this there are actually two ways a client can configure this value, the client can either use
+ * socket.verifyHostName=<value> as mentioned or just simply use verifyHostName=<value> without using the socket.
+ * prefix and that will also work as the value will be set using the setter on the transport
+ *
+ * example server transport config:
+ * ssl://localhost:61616?transport.verifyHostName=true
+ *
+ * example from client:
+ * ssl://localhost:61616?verifyHostName=true
+ * OR
+ * ssl://localhost:61616?socket.verifyHostName=true
+ *
+ */
if (verifyHostName == null) {
+ //Check to see if the user included the value as part of socket options and if so then use that value
if (socketOptions != null && socketOptions.containsKey("verifyHostName")) {
verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
socketOptions.remove("verifyHostName");