Roddie Kieley created ARTEMIS-1919:
--------------------------------------
Summary: artemis-core-client TLS SNI and verifyHost operation are
not independent
Key: ARTEMIS-1919
URL: https://issues.apache.org/jira/browse/ARTEMIS-1919
Project: ActiveMQ Artemis
Issue Type: Bug
Components: Broker
Affects Versions: 2.6.0
Environment: Fedora 27
OpenJDK 1.8.0_171
Artemis master i.e. 2.7.0-SNAPSHOT build
OCP 3.9 running the default haproxy implementation
Reporter: Roddie Kieley
In testing connecting to the broker using the core client via ./bin/artemis
producer through a haproxy configured with a tls passthrough configuration that
requires sni it is observed that SNI information is not passed unless
verifyHost is true even if sniHost is set on the URI.
It is noted that with sniHost specified at the haproxy waypoint the if
verifyHost=false haproxy bounces the traffic to the no sni backend. If
verifyHost=true then haproxy passes it to the tcp backend and the traffic
reaches the broker at which point the connectivity fails.
As a point of comparison, testing using the Qpid JMS client over AMQP with
verifyHost = false this works without problem.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
