[
https://issues.apache.org/jira/browse/AMQCPP-422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13435219#comment-13435219
]
Jeffrey B commented on AMQCPP-422:
----------------------------------
I finally got it to work.
It doesnt seem to be written anywhere, but the CN field for the certificate has
to match the actual resolved hostname, and possibly the broker name too,
(probably not that though becuase you can have more than one).
so CN cant be your first and last name like java asks for or anything else, and
not your IP either i guess, so if youre working internally, somthing like
machxx1223, externally something like www.myserver.com
Also when i didnt specify an algorithm for keytool, it did SHA1withDSA, and I
dont think this was supported by openssl, if you say -keyalg RSA, you get
SHA1withRSA, which works.
Last thing, whenever you make changes to your certificates, you probably need
to shut down the broker, rerun setSSLOpts.bat, or whatever you have, and then
start the server again.
After all this, mine finally started working.
> When we specify self-signed certificate in PEM-formatted file as value of the
> "decaf.net.ssl.trustStore" property and SAN that does't match any name in
> failover URI, cms is crashing on "R6025 Pure Virtual Function Call" run-time
> error.
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: AMQCPP-422
> URL: https://issues.apache.org/jira/browse/AMQCPP-422
> Project: ActiveMQ C++ Client
> Issue Type: Bug
> Components: CMS Impl, Decaf
> Affects Versions: 3.4.0, 3.4.2
> Environment: Broker: 5.6.0,
> CMS 3.4.2
> Windows
> Reporter: Mikhail Melamud
> Assignee: Timothy Bish
> Attachments: AMQTest.cpp, brokerkeystore.pem
>
>
> When we specify self-signed certificate in PEM-formatted file as value of the
> "decaf.net.ssl.trustStore" property and SAN that does't match any name in
> failover URI, cms is crashing on "R6025 Pure Virtual Function Call" run-time
> error. I think, the issue can be attributed to multithreading... After
> ??Server Certificate Name doesn't match the URI Host Name value.?? exception
> is thrown, CMS is trying to fire an exception using listener pointer that is
> not instantiated properly in _void TransportFilter::fire( const
> decaf::lang::Exception& ex )_ method... It is not happening all the time,
> so a simple unit test won't do... I'm attaching a bit re-factored
> _HelloWorldProducer_ app and the certificate file that I used... There is
> possibility that it has something to with InactivityMonitor injected into
> transport filter chain... When I tried
> {color:blue}"failover://(ssl://dev1467:61618?transport.useInactivityMonitor=false){color}
> instead of {color:blue}"failover://(ssl://dev1467:61618)"{color} it behaves
> much more stable, i.e. client app can be re-run many more times without a
> crash, still crashing though in OpenFormatNegotiator
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
