JmsBridgeConnectors need to be able to use the broker sslContext
----------------------------------------------------------------
Key: AMQ-2848
URL: https://issues.apache.org/activemq/browse/AMQ-2848
Project: ActiveMQ
Issue Type: Improvement
Components: Broker, Connector, Transport
Affects Versions: 5.3.2
Environment: all
Reporter: Straun
Priority: Minor
Currently if you specify a JmsBridgeConnection, with an outbound connection
factory where the broker URL is using the SSL transport, the only way you can
control its SSL connection details (keystore etc.) is via the VM level SSL_OPTS
method. This is because the ActiveMQConnectionFactory is configured outside the
broker and so does not use its SslContext which is broker specific.
Fundamentally the SSL connection details are related to the connections, rather
than the broker or the whole VM; so it would make sense to be able to configure
each and every 'connection' in the broker with a potentially different
SslContext. JMS bridge connections are highly likely to require SSL connections
as they tend to connect distinct networks, client connections are also likely
to use SSL and there is no easy way to configure those either.
So, the suggestion is that broker URL parameters be used to provide the details
of the path to the keystore, truststore and their password. In this way the
SslTransportFactory can decipher the required SslContext. If no connection
specific parameters are used then the transport factory should fall back on the
broker level SSL context, and if there was none defined then the VM level SSL
context would be the default. Named SslContext objects might also be a solution.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
