[
https://issues.apache.org/jira/browse/ARTEMIS-1919?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram reassigned ARTEMIS-1919:
---------------------------------------
Assignee: Justin Bertram
> artemis-core-client TLS SNI and verifyHost operation are not independent
> ------------------------------------------------------------------------
>
> Key: ARTEMIS-1919
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1919
> Project: ActiveMQ Artemis
> Issue Type: Bug
> Components: Broker
> Affects Versions: 2.6.0
> Environment: Fedora 27
> OpenJDK 1.8.0_171
> Artemis master i.e. 2.7.0-SNAPSHOT build
> OCP 3.9 running the default haproxy implementation
> Reporter: Roddie Kieley
> Assignee: Justin Bertram
> Priority: Major
> Fix For: 2.7.0, 2.6.4
>
>
> In testing connecting to the broker using the core client via ./bin/artemis
> producer through a haproxy configured with a tls passthrough configuration
> that requires sni it is observed that SNI information is not passed unless
> verifyHost is true even if sniHost is set on the URI.
> It is noted that with sniHost specified at the haproxy waypoint the if
> verifyHost=false haproxy bounces the traffic to the no sni backend. If
> verifyHost=true then haproxy passes it to the tcp backend and the traffic
> reaches the broker at which point the connectivity fails.
> As a point of comparison, testing using the Qpid JMS client over AMQP with
> verifyHost = false this works without problem.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
