[
https://issues.apache.org/activemq/browse/AMQCPP-140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Teemu Torma updated AMQCPP-140:
-------------------------------
Attachment: amqcpp-ssl.patch2
Second draft, also tested only on Linux. This adds many connection properties
and some more final tuning. Configuration is still missing.
Supported properties:
sslCAFile=pem - CA certificate
sslCAPath=dir - CA certificate directory.
sslCertFile=pem - the client certificate
sslKeyFile=pem - the client private key (if not given assume cert contains it.)
sslPassword=pass - the certificate/key password. If one is needed and the
property is not given openssl will prompt one interactively.
sslVerifyPeer=boolean - If peer certificate and name should be verified (need
CA certificate for that.)
sslVerifyName=name - the CN to match in the peer certificate (hostname is the
default.)
sslCiphers=ciphers - the openssl string to specify the chipers to use.
I am sure the names will change and people will have differing opinions. So
far I used most native openssl terms.
One thing that would be really, really useful in a real life is to build some
kind of extension for setting certificates from some other source than files
(ldap for example.) I do not suggest that anything else would be supported by
activemq-cpp itself, but some extension mechanism that would allow tweaking it
without touching activemq-cpp code itself.
I don't right now have any good solution for that, and good ideas would be
appreciated.
> Add SSL transport
> -----------------
>
> Key: AMQCPP-140
> URL: https://issues.apache.org/activemq/browse/AMQCPP-140
> Project: ActiveMQ C++ Client
> Issue Type: New Feature
> Affects Versions: 2.2
> Reporter: Nathan Mittler
> Assignee: Nathan Mittler
> Fix For: 2.2
>
> Attachments: amqcpp-ssl.patch1, amqcpp-ssl.patch2
>
>
> Need a secure transport for activemq-cpp. Some options for ssl support:
> 1) OpenSSL - fairly robust set of ssl functions
> 2) APR - trunk has added support for ssl sockets. An attractive option,
> given that we're already starting to incorporate API in other areas.
> Should create a Java-like set of classes in decaf to add basic ssl support,
> then use those classes to make an SSLTransport in activemq-cpp.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
