[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-dev
Subject: [jira] [Updated] (AMQ-5295) HTTPS Network Connector doesn't work with Mutual authentication- HTTPSCl
From: "Piotr Klimczak (JIRA)" <jira () apache ! org>
Date: 2014-07-30 9:23:38
Message-ID: JIRA.12730591.1406664255080.74396.1406712218979 () arcas
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/AMQ-5295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Piotr Klimczak updated AMQ-5295:
--------------------------------
Summary: HTTPS Network Connector doesn't work with Mutual authentication- \
HTTPSClientTransport uses wrong SSLSocketFactory (was: HTTPSClientTransport uses \
wrong SSLSocketFactory)
> HTTPS Network Connector doesn't work with Mutual authentication- \
> HTTPSClientTransport uses wrong SSLSocketFactory
> -----------------------------------------------------------------------------------------------------------------
>
> Key: AMQ-5295
> URL: https://issues.apache.org/jira/browse/AMQ-5295
> Project: ActiveMQ
> Issue Type: Bug
> Components: Connector
> Affects Versions: 5.9.0
> Environment: JBoss Fuse 6.1
> Reporter: Piotr Klimczak
> Labels: SSL, TLS, mutualSSL
> Original Estimate: 16h
> Remaining Estimate: 16h
>
> HttpsClientTransport is getting wrong SSLSocketFactory.
> The problem is here:
> {code}
> private SchemeRegistry createSchemeRegistry() {
> SchemeRegistry schemeRegistry = new SchemeRegistry();
> try {
> // register the default socket factory so that it looks at the \
> javax.net.ssl.keyStore, // javax.net.ssl.trustStore, etc, properties by default
> SSLSocketFactory sslSocketFactory =
> new SSLSocketFactory((javax.net.ssl.SSLSocketFactory) \
> javax.net.ssl.SSLSocketFactory.getDefault(), \
> SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); schemeRegistry.register(new \
> Scheme("https", getRemoteUrl().getPort(), sslSocketFactory)); return \
> schemeRegistry; } catch (Exception e) {
> throw new IllegalStateException("Failure trying to create scheme registry", e);
> }
> }
> {code}
> The problem with that code is, that it never take SSLSocketFactory from spring \
> context. So the one defined in XML is ignored. So it's code have to be replaced \
> with: {code}
> private SchemeRegistry createSchemeRegistry() {
> SchemeRegistry schemeRegistry = new SchemeRegistry();
> try {
> // register the default socket factory so that it looks at the \
> javax.net.ssl.keyStore, // javax.net.ssl.trustStore, etc, properties by default
> SSLSocketFactory sslSocketFactory = createSocketFactory();
> schemeRegistry.register(new Scheme("https", getRemoteUrl().getPort(), \
> sslSocketFactory)); return schemeRegistry;
> } catch (Exception e) {
> throw new IllegalStateException("Failure trying to create scheme registry", e);
> }
> }
> {code}
> And then new method should be added:
> {code}
> /**
> * Creates a new SSL SocketFactory. The given factory will use user-provided
> * key and trust managers (if the user provided them).
> *
> * @return Newly created (Ssl)SocketFactory.
> * @throws IOException
> */
> protected SocketFactory createSocketFactory() throws IOException {
> if (SslContext.getCurrentSslContext() != null) {
> SslContext ctx = SslContext.getCurrentSslContext();
> try {
> return ctx.getSSLContext().getSocketFactory();
> } catch (Exception e) {
> throw IOExceptionSupport.create(e);
> }
> } else {
> return SSLSocketFactory.getDefault();
> }
> }
> {code}
> This is consistent solution with other transports.
> I will prepare patches and tests for this scenerio.
> Greetings
> Piotr Klimczak
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic