Yeah, we realized this was needed, but I didn't have time (my work term
at the company was ending).
I've left instructions for people taking over this project on how to do
this (it just takes one setter and a well placed call from that setter).
I'm not sure when it will be done though.
- Sepand
Hiram Chirino wrote:
On 9/21/06, Hiram Chirino <[EMAIL PROTECTED]> wrote:
On 9/21/06, Kelly Campbell <[EMAIL PROTECTED]> wrote:
> Thanks for getting this submitted Sepand, and thanks for patching
it in Hiram.
>
> I'm looking at how best to configure the keystore settings more
> dynamically without using the default system properties or anything in
> the URL. It looks like I'd need to be able to pass in a
> javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able
> to pass these in so I can provide an implementation that does some
> extra security checks, e.g. checking that the server's DN is what we
> expect, turning off weak ciphers.
>
It would be nice if they were properties on the ssl transport server
so that you can configure them using the URI... like:
ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts
> The part I'm struggling with now is where to create this API for the
> client. Should it be a new constructor on ActiveMQConnectionFactory,
> or should I add a new overridden ActiveMQSecureConnectionFactory? Or
> should I just override it in my own code base, and not have this in
> the activemq code at all?
Just add properties to the SslTransportServer and make sure they have
setters.
And properties to the SslTransport if you want to set those properties
on the client connect URL
>
> Thanks,
> Kelly
>
> On 9/11/06, Hiram Chirino <[EMAIL PROTECTED]> wrote:
> > starting to look into it now. thx for the patch!
> >
> > On 9/5/06, Sepand M <[EMAIL PROTECTED]> wrote:
> > > Hey guys,
> > >
> > > The patch is done.
> > > It's here: https://issues.apache.org/activemq/browse/AMQ-912
> > > Hope you like it.
> > > It would be really great if you could give an estimate of when
you will
> > > decide if it goes in or not (although I doubt you can =) ).
> > >
> > > Regards,
> > > Sepand
> > >
> > >
> >
> >
> > --
> > Regards,
> > Hiram
> >
> > Blog: http://hiramchirino.com
> >
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
