Author: buildbot
Date: Mon Sep 10 11:25:28 2018
New Revision: 1034940
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/activemq-5155-release.html
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/ssl-transport-reference.html
Modified: websites/production/activemq/content/activemq-5155-release.html
==============================================================================
--- websites/production/activemq/content/activemq-5155-release.html (original)
+++ websites/production/activemq/content/activemq-5155-release.html Mon Sep 10
11:25:28 2018
@@ -82,10 +82,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><p><br clear="none"></p><div
style="padding-right:20px;float:left;margin-left:-20px;"><p><br
clear="none"></p></div>
-
-
-<p><br clear="none"></p><p> </p><h2
id="ActiveMQ5.15.5Release-ActiveMQ5.15.5Release">ActiveMQ 5.15.5
Release</h2><p>Apache ActiveMQ 5.15.5 includes several resolved<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12343307";> issues</a> and
bug fixes.</p><h3
id="ActiveMQ5.15.5Release-GettingtheBinaryDistributions">Getting the Binary
Distributions</h3><div class="table-wrap"><table
class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Download Link</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p><em>Verify</em></p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>Windows Distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link" href="http
://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.zip&action=download">apache-activemq-5.15.5-bin.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.asc";>ASC</a>,
<a shape="rect" class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.sha512";>SHA512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Unix/Linux/Cygwin
Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a
shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz&action=download";>apache-activemq-5.15.5-bin.tar.gz</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activ
emq-5.15.5-bin.tar.gz.asc">ASC</a>, <a shape="rect" class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz.sha512";>SHA512</a></p></td></tr></tbody></table></div><p></p><h2
id="ActiveMQ5.15.5Release-VerifytheIntegrityofDownloads">Verify the Integrity
of Downloads</h2><p>It is essential that you verify the integrity of the
downloaded files using the PGP or MD5 signatures. The PGP signatures can be
verified using PGP or GPG. Begin by following these steps:</p><ol><li>Download
the <a shape="rect" class="external-link"
href="http://www.apache.org/dist/activemq/KEYS";>KEYS</a></li><li>Download the
asc signature file for the relevant distribution</li><li><p>Verify the
signatures using the following commands, depending on your use of PGP or
GPG:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><h2
id="ActiveMQ5.15.5Release-ActiveMQ5.15.5Release">ActiveMQ 5.15.5
Release</h2><p>Apache ActiveMQ 5.15.5 includes several resolved<a shape="rect"
class="external-link"
href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12343307";> issues</a> and
bug fixes.</p><h3
id="ActiveMQ5.15.5Release-GettingtheBinaryDistributions">Getting the Binary
Distributions</h3><div class="table-wrap"><table
class="confluenceTable"><colgroup span="1"><col span="1"><col span="1"><col
span="1"></colgroup><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Download Link</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p><em>Verify</em></p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>Windows Distribution</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link" href="htt
p://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.zip&action=download">apache-activemq-5.15.5-bin.zip</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.asc";>ASC</a>,
<a shape="rect" class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.zip.sha512";>SHA512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>Unix/Linux/Cygwin
Distribution</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p><a
shape="rect" class="external-link"
href="http://www.apache.org/dyn/closer.cgi?filename=/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz&action=download";>apache-activemq-5.15.5-bin.tar.gz</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-acti
vemq-5.15.5-bin.tar.gz.asc">ASC</a>, <a shape="rect" class="external-link"
href="https://www.apache.org/dist/activemq/5.15.5/apache-activemq-5.15.5-bin.tar.gz.sha512";>SHA512</a></p></td></tr></tbody></table></div><p></p><h2
id="ActiveMQ5.15.5Release-VerifytheIntegrityofDownloads">Verify the Integrity
of Downloads</h2><p>It is essential that you verify the integrity of the
downloaded files using the PGP or MD5 signatures. The PGP signatures can be
verified using PGP or GPG. Begin by following these steps:</p><ol><li>Download
the <a shape="rect" class="external-link"
href="http://www.apache.org/dist/activemq/KEYS";>KEYS</a></li><li>Download the
asc signature file for the relevant distribution</li><li><p>Verify the
signatures using the following commands, depending on your use of PGP or
GPG:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default">$ pgpk -a KEYS
$ pgpv apache-activemq-<version>-bin.tar.gz.asc
</pre>
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/ssl-transport-reference.html
==============================================================================
--- websites/production/activemq/content/ssl-transport-reference.html (original)
+++ websites/production/activemq/content/ssl-transport-reference.html Mon Sep
10 11:25:28 2018
@@ -90,7 +90,7 @@
ssl://localhost:61616?transport.needClientAuth=true
</pre>
</div></div><p> </p><h4
id="SSLTransportReference-Clientconfiguration">Client configuration</h4><p>JMS
clients can simply use the <a shape="rect" class="external-link"
href="http://activemq.apache.org/maven/5.9.0/apidocs/org/apache/activemq/ActiveMQSslConnectionFactory.html";>ActiveMQSslConnectionFactory</a>
together with an ssl:// broker url as the following Spring configuration
illustrates</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">
+<pre class="brush: java; gutter: false; theme: Default">
<bean id="AMQJMSConnectionFactory"
class="org.apache.activemq.ActiveMQSslConnectionFactory">
<property name="trustStore" value="/path/to/truststore.ts" />
<property name="trustStorePassword" value="password" />
@@ -101,11 +101,17 @@ ssl://localhost:61616?transport.needClie
<property name="password" value="admin" />
</bean>
</pre>
-</div></div><p>Unless the broker's SSL transport is configured for
transport.needClientAuth=true, the client won't need a keystore but requires a
truststore in order to validate the broker's certificate.</p><p>Similar to the
broker transport configuration you can pass on SSL transport options using
<strong>?socket.XXX</strong>, such
as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4
id="SSLTransportReference-OtherLinks">Other Links</h4><ul><li><a shape="rect"
href="how-do-i-use-ssl.html">How do I use SSL</a></li></ul><p>You can also turn
on SSL debug informations this way by adding:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">-Djavax.net.debug=ssl
+</div></div><p>Unless the broker's SSL transport is configured for
transport.needClientAuth=true, the client won't need a keystore but requires a
truststore in order to validate the broker's certificate.</p><p>Similar to the
broker transport configuration you can pass on SSL transport options using
<strong>?socket.XXX</strong>, such
as</p><pre>ssl://localhost:61616?socket.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA</pre><h4
id="SSLTransportReference-HostnameValidation(Startingwithversion5.15.6)">Hostname
Validation (Starting with version 5.15.6)</h4><p>From version 5.15.6 ActiveMQ
now supports TLS Hostname validation.  This has been enabled by default
for the ActiveMQ client and is off by default on the broker.  To
configure:</p><h4
id="SSLTransportReference-Serversideconfigurationofhostnamevalidation">Server
side configuration of hostname validation</h4><p>The default for the server
side is to <strong>disable</strong> Hostname validation
and this can be configured with
<strong>?transport.verifyHostName</strong>.  This is only relevant for
2-way SSL and will cause the client's CN of their certificate to be compared to
their hostname to verify they match.</p><p>Example for how to enable on server
side if desired:</p><div class="preformatted panel" style="border-width:
1px;"><div class="preformattedContent panelContent">
+<pre>ssl://localhost:61616?transport.verifyHostName=true
+</pre>
+</div></div><h4
id="SSLTransportReference-Clientsideconfigurationofhostnamevalidation"><br
clear="none">Client side configuration of hostname validation</h4><p>The
default for the ActiveMQ client is to <strong>enable</strong> Hostname
validation and this can be configured with
<strong>?socket.verifyHostName</strong>.  This will cause the CN of the
server certificate to be compared to the server hostname to verify they
match.</p><p>Example to disable:</p><div class="preformatted panel"
style="border-width: 1px;"><div class="preformattedContent panelContent">
+<pre>ssl://localhost:61616?socket.verifyHostName=false
+</pre>
+</div></div><p><br clear="none"></p><h4
id="SSLTransportReference-OtherLinks">Other Links</h4><ul><li><a shape="rect"
href="how-do-i-use-ssl.html">How do I use SSL</a></li></ul><p>You can also turn
on SSL debug informations this way by adding:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default">-Djavax.net.debug=ssl
</pre>
</div></div><p>this way you can see what goes wrong and why you get
connections closed.</p><div class="confluence-information-macro
confluence-information-macro-warning"><p class="title">"Be careful with
multicast discovery"</p><span class="aui-icon aui-icon-small aui-iconfont-error
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>If your XML configuration file
contains the following and you wish to use SSL</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;"> <networkConnector
uri="multicast://default"/>
+<pre class="brush: java; gutter: false; theme: Default">
<networkConnector uri="multicast://default"/>
</pre>
</div></div><p>Then you will currently need to comment that out.<br
clear="none"> The reason is to prevent ActiveMQ atempting to connect to itself
- if you do this with a self-signed<br clear="none"> certificate, you will get
a constant spam of certificate_unknown<br clear="none"> stacktraces to the
console, as the broker is not configured with the<br clear="none">
truststore,</p></div></div></div>
</td>
