A few issues when using the new sslContext support. - the default client.ks/broker.ks are self signed, fails I get PKIX validation exceptions on startup (I think). If I use proper certs (signed by a CA) then no exceptions.
- The <sslContext> under <broker> seems to be evaluated immediately when the bean is read in, rather than when it is used to start the broker. This makes it difficult to have a sslContext params that comes out of a database (which I tried to do). If the sslcontext was evaluated lazily, the application could lookup some of the parameters from the DB and modify the bean before trying to start the embedded broker. - plain-text passwords for the keystore in the xml config file, typically not a good thing. I'm not sure how this is viewed within the apache dev community. - wish there was a way to lookup the SSL context using JNDI so it could be provisioned by the app server. Gary Tully wrote: > > I've cut a new release candidate for 5.2.0 > Could you guys review the release artifacts and vote? > -- View this message in context: http://www.nabble.com/-VOTE--ActiveMQ-5.2.0---RC2-tp19874910p20042634.html Sent from the ActiveMQ - Dev mailing list archive at Nabble.com.
