You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2016/09/06 14:18:20 UTC

[jira] [Commented] (AMQ-6418) Peer certificates are not always set when using the auto transports with ssl

    [ https://issues.apache.org/jira/browse/AMQ-6418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15467513#comment-15467513 ] 

ASF subversion and git services commented on AMQ-6418:
------------------------------------------------------

Commit 98c5866c7534c1f26d2e41edbdb372fe21387fe4 in activemq's branch refs/heads/master from [~cshannon]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=98c5866 ]

https://issues.apache.org/jira/browse/AMQ-6418

Properly setting the transport properties on the
AutoNIOSSLTransportServer and fixing the Stomp protocol to set the peer
certs when using auto+ssl


> Peer certificates are not always set when using the auto transports with ssl
> ----------------------------------------------------------------------------
>
>                 Key: AMQ-6418
>                 URL: https://issues.apache.org/jira/browse/AMQ-6418
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.14.0
>            Reporter: Christopher L. Shannon
>            Assignee: Christopher L. Shannon
>
> There are two problems with the auto ssl transport that is causing the peer certificates to not always be available and set on the ConnectionInfo object during connection.  First, for auto+nio+ssl, the auto init transport needs to have transport properties applied.  This is because the initialization transport does the SSL handshake so it needs to know whether or not transport.needClientAuth or transport.wantClientAuth is set.  Right now these properties are not processed so it never gets passed to the SSL socket which means none of the protocols have peer certs available over auto+nio+ssl.  Second, the Stomp transport is not properly setting the peer certs when using auto+ssl and not using NIO.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)