FUSE Message Broker
  1. FUSE Message Broker
  2. MB-906

SslConnectionFactory is not used when using composite URL's

    Details

    • Type: Bug Bug
    • Status: Open Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5.0-fuse-00-00
    • Fix Version/s: None
    • Component/s: broker
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      Hi,

      The attached test case highlights a problem with the way detect SSL connections when composite URL's are used. In "ActiveMQSslConnectionFactory.java", we have the following section of code:

          protected Transport createTransport() throws JMSException {
              // If the given URI is non-ssl, let superclass handle it.
              if (!brokerURL.getScheme().equals("ssl")) {
                  return super.createTransport();
              }
      
              try {
                  if (keyManager == null || trustManager == null) {
                      trustManager = createTrustManager();
                      keyManager = createKeyManager();
                      // secureRandom can be left as null
                  }
                  SslTransportFactory sslFactory = new SslTransportFactory();
                  SslContext ctx = new SslContext(keyManager, tru
      
      

      When using an SSL URL for failover, for example, brokerURL.getScheme="failover" and not "ssl" thus our special considerations for SSL are not picked up.

      The attached test case uses a custom Trust Manager. We can see that it works just fine with a URL of ""ssl://localhost:61618", however, when failover is added, ("failover://(ssl://localhost:61618)", it's not picked up. I ran this through the debugger to track it down but essentially in the good case, you'll see my output from test case:

      One works
      ============
       ** Hello ...  
       ** Setting Broker URL ...  
       ** Creating Queue Connection ...  
       ** Returning trust All certs
       ===> My manager: [Ljavax.net.ssl.TrustManager;
      trigger seeding of SecureRandom
      done seeding SecureRandom
      Allow unsafe renegotiation: false
      

      In the failing case, "My manager" line is not printed as its never invoked.

      I dropped the attached test case into org.apache.activemq.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Susan Javurek
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: