[jira] Created: (AMQ-2848) JmsBridgeConnectors need to be able to use the broker sslContext

["Straun (JIRA)" <ji...@apache.org>]

JmsBridgeConnectors need to be able to use the broker sslContext
----------------------------------------------------------------

                 Key: AMQ-2848
                 URL: https://issues.apache.org/activemq/browse/AMQ-2848
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Broker, Connector, Transport
    Affects Versions: 5.3.2
         Environment: all
            Reporter: Straun
            Priority: Minor


Currently if you specify a JmsBridgeConnection, with an outbound connection factory where the broker URL is using the SSL transport, the only way you can control its SSL connection details (keystore etc.) is via the VM level SSL_OPTS method. This is because the ActiveMQConnectionFactory is configured outside the broker and so does not use its SslContext which is broker specific. Fundamentally the SSL connection details are related to the connections, rather than the broker or the whole VM; so it would make sense to be able to configure each and every 'connection' in the broker with a potentially different SslContext. JMS bridge connections are highly likely to require SSL connections as they tend to connect distinct networks, client connections are also likely to use SSL and there is no easy way to configure those either.
So, the suggestion is that broker URL parameters be used to provide the details of the path to the keystore, truststore and their password. In this way the SslTransportFactory can decipher the required SslContext. If no connection specific parameters are used then the transport factory should fall back on the broker level SSL context, and if there was none defined then the VM level SSL context would be the default. Named SslContext objects might also be a solution.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.