[jira] [Work logged] (ARTEMIS-4744) AMQP broker connections don't fully support multi host URIs

Thu, 25 Apr 2024 10:04:19 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4744?focusedWorklogId=916456&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916456
 ]

ASF GitHub Bot logged work on ARTEMIS-4744:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Apr/24 17:02
            Start Date: 25/Apr/24 17:02
    Worklog Time Spent: 10m 
      Work Description: tabish121 commented on code in PR #4906:
URL: https://github.com/apache/activemq-artemis/pull/4906#discussion_r1579840786


##########
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java:
##########
@@ -214,4 +216,186 @@ private void doConnectWithExternalTestImpl(boolean 
requireClientCert) throws Exc
          peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
       }
    }
+
+   @Test(timeout = 20_000)
+   public void testReconnectConnectsWithVerifyHostOffOnSecondURI() throws 
Exception {
+      final String keyStorePath = 
this.getClass().getClassLoader().getResource(UNKNOWN_SERVER_KEYSTORE_NAME).getFile();
+
+      ProtonTestServerOptions server1Options = new ProtonTestServerOptions();
+      server1Options.setSecure(true);
+      server1Options.setKeyStoreLocation(keyStorePath);
+      server1Options.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+      server1Options.setVerifyHost(false);
+
+      ProtonTestServerOptions server2Options = new ProtonTestServerOptions();
+      server2Options.setSecure(true);
+      server2Options.setKeyStoreLocation(keyStorePath);
+      server2Options.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+      server2Options.setVerifyHost(false);
+
+      try (ProtonTestServer firstPeer = new ProtonTestServer(server1Options);
+           ProtonTestServer secondPeer = new ProtonTestServer(server2Options)) 
{
+
+         firstPeer.expectConnectionToDrop();
+         firstPeer.start();
+
+         secondPeer.expectSASLHeader().respondWithSASLHeader();
+         secondPeer.remoteSaslMechanisms().withMechanisms(EXTERNAL, 
PLAIN).queue();
+         
secondPeer.expectSaslInit().withMechanism(PLAIN).withInitialResponse(secondPeer.saslPlainInitialResponse(USER,
 PASSWD));
+         secondPeer.remoteSaslOutcome().withCode(SaslCode.OK).queue();
+         secondPeer.expectAMQPHeader().respondWithAMQPHeader();
+         secondPeer.expectOpen().respond();
+         secondPeer.expectBegin().respond();
+         secondPeer.start();
+
+         final URI firstPeerURI = firstPeer.getServerURI();
+         logger.debug("Connect test started, first peer listening on: {}", 
firstPeerURI);
+
+         final URI secondPeerURI = secondPeer.getServerURI();
+         logger.debug("Connect test started, second peer listening on: {}", 
secondPeerURI);
+
+         // First connection fails because we use a server certificate with 
whose common name
+         // doesn't match the host, second connection should work as we 
disable host verification
+         String amqpServerConnectionURI =
+            "(tcp://localhost:" + firstPeerURI.getPort() + "?verifyHost=true" +
+            ",tcp://localhost:" + secondPeerURI.getPort() + 
"?verifyHost=false)" +
+               "?sslEnabled=true;trustStorePath=" + SERVER_TRUSTSTORE_NAME +
+               ";trustStorePassword=" + SERVER_TRUSTSTORE_PASSWORD;

Review Comment:
   I think I have figured out the fragment style URI it wants and have updated 
the tests so it should match the broker connection documentation (although that 
is the least obvious format).





Issue Time Tracking
-------------------

    Worklog Id:     (was: 916456)
    Time Spent: 1h  (was: 50m)

> AMQP broker connections don't fully support multi host URIs
> -----------------------------------------------------------
>
>                 Key: ARTEMIS-4744
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4744
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 2.33.0
>            Reporter: Timothy A. Bish
>            Assignee: Timothy A. Bish
>            Priority: Major
>             Fix For: 2.34.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> When configuring a multi host connection URI for an AMQP broker connection 
> the connection will utilize some but not all of the configuration.  The 
> broker will attempt connection to each host and port part specific on the URI 
> but does not apply configuration specific to a given host.  This can lead to 
> failure on connect due to using the TLS configuration from the first host 
> when attempting to connect to the following N hosts.  Users need to be able 
> to configure TLS specific options per host as values such as host 
> verification, SNI and trust stores can vary amongst hosts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to