2008/10/18 honeybun <[EMAIL PROTECTED]>: > > A few issues when using the new sslContext support. > > - the default client.ks/broker.ks are self signed, fails I get PKIX > validation exceptions on startup (I think). If I use proper certs (signed > by a CA) then no exceptions. > the default certs are really only used (sufficient) for unit testing.
> - The <sslContext> under <broker> seems to be evaluated immediately when > the bean is read in, rather than when it is used to start the broker. This > makes it difficult to have a sslContext params that comes out of a database > (which I tried to do). If the sslcontext was evaluated lazily, the > application could lookup some of the parameters from the DB and modify the > bean before trying to start the embedded broker. > The context is lazily initialised, on the first call to getSSLContext, which will be called the first time an ssl transport factory does some work. see source: https://svn.apache.org/repos/asf/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/SslContext.java
