You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/09/21 01:02:00 UTC
[jira] [Resolved] (ARTEMIS-1157) Do not update ssl client
keystore/truststore path on topology update
[ https://issues.apache.org/jira/browse/ARTEMIS-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Bertram resolved ARTEMIS-1157.
-------------------------------------
Resolution: Information Provided
> Do not update ssl client keystore/truststore path on topology update
> --------------------------------------------------------------------
>
> Key: ARTEMIS-1157
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1157
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Philipp Aeschlimann
> Priority: Major
> Attachments: ArtemisMqCrashDemoClient.java, broker.xml
>
>
> We have a 2 node cluster where clients and the refrenced connectors in the cluster-connection do use ssl client auth (all working so far). Now if a failover ocures - live server goes down - the clients try to re-connect with the client keystore path that is defined on the connector in the server.
> We know that it is possible to overwrite this behavoir by using org.apache.activemq.ssl.keyStore system property. But we have multiple keystores and want to use them. Would it be possible, that this settings:
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_*
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_*
> will not be updated from the server? I can not think of a scenario, where it would make sense that the server tells the client where the client has to look for his keystore and truststore settings.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)