You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "clebert suconic (JIRA)" <ji...@apache.org> on 2019/01/18 02:21:08 UTC
[jira] [Closed] (ARTEMIS-1919) artemis-core-client TLS SNI and
verifyHost operation are not independent
[ https://issues.apache.org/jira/browse/ARTEMIS-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
clebert suconic closed ARTEMIS-1919.
------------------------------------
> artemis-core-client TLS SNI and verifyHost operation are not independent
> ------------------------------------------------------------------------
>
> Key: ARTEMIS-1919
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1919
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.6.0
> Environment: Fedora 27
> OpenJDK 1.8.0_171
> Artemis master i.e. 2.7.0-SNAPSHOT build
> OCP 3.9 running the default haproxy implementation
> Reporter: Roddie Kieley
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.7.0, 2.6.4
>
>
> In testing connecting to the broker using the core client via ./bin/artemis producer through a haproxy configured with a tls passthrough configuration that requires sni it is observed that SNI information is not passed unless verifyHost is true even if sniHost is set on the URI.
> It is noted that with sniHost specified at the haproxy waypoint the if verifyHost=false haproxy bounces the traffic to the no sni backend. If verifyHost=true then haproxy passes it to the tcp backend and the traffic reaches the broker at which point the connectivity fails.
> As a point of comparison, testing using the Qpid JMS client over AMQP with verifyHost = false this works without problem.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)