[ https://issues.apache.org/jira/browse/AMQ-9473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated AMQ-9473: -------------------------------------- Fix Version/s: 6.2.0 6.1.2 > Client SSL Socket configuration fails while settings parameters > --------------------------------------------------------------- > > Key: AMQ-9473 > URL: https://issues.apache.org/jira/browse/AMQ-9473 > Project: ActiveMQ Classic > Issue Type: Bug > Affects Versions: 6.0.1 > Environment: Windows and Java 21 > Reporter: Jukka Aalto > Assignee: Jean-Baptiste Onofré > Priority: Major > Fix For: 6.2.0, 6.1.2 > > > Client connection creation fails when setting socket parameters. > Exception was thrown, when I tried to set enabledProtocols parameter using > url: > ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3 > Exception is also thrown, when using tcpNoDelay parameter. It is thrown > probably with most of the parameters related to sockets. > Here is the exception thrown: > {code:java} > java.lang.reflect.InaccessibleObjectException: Unable to make public void > sun.security.ssl.SSLSocketImpl.setEnabledProtocols(java.lang.String[]) > accessible: module java.base does not "exports sun.security.ssl" to unnamed > module @48f2bd5b > 13:22:43.976 [main] ERROR org.apache.activemq.util.IntrospectionSupport - > Could not set property enabledProtocols on SSLSocket[hostname=127.0.0.1, > port=12345, Session(...)] > at > java.lang.reflect.AccessibleObject.throwInaccessibleObjectException(AccessibleObject.java:391) > ~[?:?] > at > java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:367) > ~[?:?] > at > java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:315) > ~[?:?] > at > java.lang.reflect.Method.checkCanSetAccessible(Method.java:203) ~[?:?] > at java.lang.reflect.Method.setAccessible(Method.java:197) ~[?:?] > at > org.apache.activemq.util.IntrospectionSupport.setProperty(IntrospectionSupport.java:184) > [test/:6.0.1] > at > org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:155) > [test/:6.0.1] > at > org.apache.activemq.util.IntrospectionSupport.setProperties(IntrospectionSupport.java:140) > [test/:6.0.1] > at > org.apache.activemq.transport.tcp.TcpTransport.initialiseSocket(TcpTransport.java:449) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.tcp.SslTransport.initialiseSocket(SslTransport.java:137) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.tcp.TcpTransport.connect(TcpTransport.java:542) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.tcp.TcpTransport.doStart(TcpTransport.java:488) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:55) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.AbstractInactivityMonitor.start(AbstractInactivityMonitor.java:172) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.InactivityMonitor.start(InactivityMonitor.java:52) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:72) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.transport.TransportFilter.start(TransportFilter.java:64) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:399) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:349) > [activemq-client-6.0.1.jar:6.0.1] > at > org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:245) > [activemq-client-6.0.1.jar:6.0.1] > at > test.ActiveMQClientSSLSocketParameter.main(ActiveMQClientSSLSocketParameter.java:25) > [test/:?] > {code} > Here is example to reproduce issue: > {code:java} > package test; > import java.io.IOException; > import java.net.ServerSocket; > import org.apache.activemq.ActiveMQSslConnectionFactory; > public class ActiveMQClientSSLSocketParameter { > public static void main(String[] args) throws Exception{ > // Dummy server > ServerSocket server = new ServerSocket(12345); > new Thread(() -> { > try { > var client = server.accept(); > client.close(); > }catch(Exception e) { > e.printStackTrace(); > } > }).start(); > var factory = new > ActiveMQSslConnectionFactory("ssl://127.0.0.1:12345?socket.enabledProtocols=TLSv1.3"); > // or socket.enabledCipherSuites=TLS_AES_256_GCM_SHA384 > try(var connection = factory.createConnection()){ > //NOP > } finally { > try { > server.close(); > } catch (IOException e) { > e.printStackTrace(); > } > } > } > } > {code} > Fix seems to be trivial, because same kind of issue is already corrected with > server side (SSLServerSocket). See line > https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-client/src/main/java/org/apache/activemq/util/IntrospectionSupport.java#L172 > Snippet from IntrospectionSupport: > {code} > public static boolean setProperty(Object target, String name, Object value) { > try { > Class<?> clazz = target.getClass(); > if (target instanceof SSLServerSocket) { > // overcome illegal access issues with internal > implementation class > clazz = SSLServerSocket.class; > } > // ... > {code} > Fix for this issue would be: > {code} > public static boolean setProperty(Object target, String name, Object value) { > try { > Class<?> clazz = target.getClass(); > if (target instanceof SSLServerSocket) { > // overcome illegal access issues with internal > implementation class > clazz = SSLServerSocket.class; > } else if (target instanceof javax.net.ssl.SSLSocket) { > // overcome illegal access issues with internal > implementation class > clazz = javax.net.ssl.SSLSocket.class; > } > // ... > {code} > > There is also similar code > (https://github.com/apache/activemq/blob/3636a497ede5b95cf8257c2f359a3bc8a02fb325/activemq-jms-pool/src/main/java/org/apache/activemq/jms/pool/IntrospectionSupport.java#L87), > which probably should be corrected the same manner. -- This message was sent by Atlassian Jira (v8.20.10#820010)