[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723973#comment-14723973 ] ASF subversion and git services commented on ARTEMIS-206: - Commit 853d3665df22faf03623b42a71b310b214a8f3d6 in activemq-artemis's branch refs/heads/master from jbertram [ https://git-wip-us.apache.org/repos/asf?p=activemq-artemis.git;h=853d366 ] ARTEMIS-206 HTTP Upgrade does not work over HTTPS > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723974#comment-14723974 ] ASF GitHub Bot commented on ARTEMIS-206: Github user asfgit closed the pull request at: https://github.com/apache/activemq-artemis/pull/147 > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723909#comment-14723909 ] ASF GitHub Bot commented on ARTEMIS-206: GitHub user jbertram opened a pull request: https://github.com/apache/activemq-artemis/pull/147 ARTEMIS-206 HTTP Upgrade does not work over HTTPS You can merge this pull request into a Git repository by running: $ git pull https://github.com/jbertram/activemq-artemis ARTEMIS-206 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq-artemis/pull/147.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #147 commit 853d3665df22faf03623b42a71b310b214a8f3d6 Author: jbertram Date: 2015-08-27T18:15:27Z ARTEMIS-206 HTTP Upgrade does not work over HTTPS > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723496#comment-14723496 ] Justin Bertram commented on ARTEMIS-206: I made a small change to the NettyConnector to use "https" when SSL is enabled. Do you believe this is sufficient to resolve the issue? > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723131#comment-14723131 ] Jeff Mesnil commented on ARTEMIS-206: - I'm not sure it is working as expected. In your branch, NettyConnector is using a hard-coded "http" URI during the HTTP upgrade handshake[1]. The issue reported against our application server is that this HTTP upgrade should be done against the https URL when SSL is enabled. [1] https://github.com/jbertram/activemq-artemis/blob/ARTEMIS-206/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyConnector.java#L635 > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14720121#comment-14720121 ] Justin Bertram commented on ARTEMIS-206: I changed org.apache.activemq.artemis.tests.integration.transports.netty.NettyConnectorWithHTTPUpgradeTest to use SSL, and everything appears to work as expected. I didn't make any changes to the NettyConnector. If the client's connector has sslEnabled=true then it will already create the SslHandler and add it to the Netty pipeline to handle the SSL handshake. I've pushed my test code to https://github.com/jbertram/activemq-artemis/tree/ARTEMIS-206 so you can take a look to see if I've done anything incorrectly. There's some kind of thread leak when the test is torn down, but the test passes. > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14719969#comment-14719969 ] Justin Bertram commented on ARTEMIS-206: Nevermind. I got past the SSL handshake issue. Continuing to investigate... > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil >Assignee: Justin Bertram > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ARTEMIS-206) HTTP Upgrade does not work over HTTPS
[ https://issues.apache.org/jira/browse/ARTEMIS-206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14718586#comment-14718586 ] Justin Bertram commented on ARTEMIS-206: I'm trying to get a test-case set up for this, but I'm having trouble getting the little web server started in org.apache.activemq.artemis.tests.integration.transports.netty.NettyConnectorWithHTTPUpgradeTest.startWebServer() to handle the SSL handshake from the client. You got any ideas on how to implement that? > HTTP Upgrade does not work over HTTPS > - > > Key: ARTEMIS-206 > URL: https://issues.apache.org/jira/browse/ARTEMIS-206 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker >Affects Versions: 1.0.0 >Reporter: Jeff Mesnil > > For security reasons, we need to support creating Artemis connections over > HTTPS Upgrade. > Currently, the Upgrade code works only over HTTP. > We need to also support it over HTTPS for increased security. > This means that the NettyConnector code that deals with httpUpgradeEnabled > must also check if sslEnabled is set. > If that's the case, the GET request to upgrade the connection must be done > over HTTPS instead of HTTP (and add Netty's SSLHandler to handle the SSL > handshake) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
