Hi kelly I think that's allready supported. The client can do something like ssl://localhost:61617?socket.socketOption=xxx
Not sure if the same works on the server side. I have a feeling that on the server side, it has to be: ssl://localhost:61617?transport.socket.socketOption=xxx On 9/22/06, Kelly Campbell <[EMAIL PROTECTED]> wrote:
Thanks Sepand. I did review those instructions earlier. What about the other requirements to be able to set specific options on the socket, e.g. not allowing weak ciphers? I think having the config in the URL is good, but not sufficient in this case. I'd like to propose adding a SocketFactory parameter to a new constructor on the ActiveMQConnectionFactory (actually the code for this is almost complete). This would be useful for not only SSL connections, but other tcp connections if the user wants to customize some of the socket options. Thanks, Kelly On 9/21/06, Sepand M <[EMAIL PROTECTED]> wrote: > Yeah, we realized this was needed, but I didn't have time (my work term > at the company was ending). > I've left instructions for people taking over this project on how to do > this (it just takes one setter and a well placed call from that setter). > I'm not sure when it will be done though. > > - Sepand > > Hiram Chirino wrote: > > On 9/21/06, Hiram Chirino <[EMAIL PROTECTED]> wrote: > >> On 9/21/06, Kelly Campbell <[EMAIL PROTECTED]> wrote: > >> > Thanks for getting this submitted Sepand, and thanks for patching > >> it in Hiram. > >> > > >> > I'm looking at how best to configure the keystore settings more > >> > dynamically without using the default system properties or anything in > >> > the URL. It looks like I'd need to be able to pass in a > >> > javax.net.ssl.SSLContext or SSLSocketFactory. I'd also like to be able > >> > to pass these in so I can provide an implementation that does some > >> > extra security checks, e.g. checking that the server's DN is what we > >> > expect, turning off weak ciphers. > >> > > >> > >> It would be nice if they were properties on the ssl transport server > >> so that you can configure them using the URI... like: > >> > >> ssl://localhost:61617?keystore=foo.ks&truststore=foo.ts > >> > >> > The part I'm struggling with now is where to create this API for the > >> > client. Should it be a new constructor on ActiveMQConnectionFactory, > >> > or should I add a new overridden ActiveMQSecureConnectionFactory? Or > >> > should I just override it in my own code base, and not have this in > >> > the activemq code at all? > >> > >> Just add properties to the SslTransportServer and make sure they have > >> setters. > >> > > > > And properties to the SslTransport if you want to set those properties > > on the client connect URL > > > >> > > >> > Thanks, > >> > Kelly > >> > > >> > On 9/11/06, Hiram Chirino <[EMAIL PROTECTED]> wrote: > >> > > starting to look into it now. thx for the patch! > >> > > > >> > > On 9/5/06, Sepand M <[EMAIL PROTECTED]> wrote: > >> > > > Hey guys, > >> > > > > >> > > > The patch is done. > >> > > > It's here: https://issues.apache.org/activemq/browse/AMQ-912 > >> > > > Hope you like it. > >> > > > It would be really great if you could give an estimate of when > >> you will > >> > > > decide if it goes in or not (although I doubt you can =) ). > >> > > > > >> > > > Regards, > >> > > > Sepand > >> > > > > >> > > > > >> > > > >> > > > >> > > -- > >> > > Regards, > >> > > Hiram > >> > > > >> > > Blog: http://hiramchirino.com > >> > > > >> > > >> > >> > >> -- > >> Regards, > >> Hiram > >> > >> Blog: http://hiramchirino.com > >> > > > > > >
-- Regards, Hiram Blog: http://hiramchirino.com
