[
https://issues.apache.org/jira/browse/QPID-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266037#comment-16266037
]
ASF subversion and git services commented on QPID-7567:
-------------------------------------------------------
Commit 09d7d8a19ed4e35d99c1b82e5e86aa135ea63c50 in qpid-broker-j's branch
refs/heads/master from [~godfrer]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=09d7d8a ]
QPID-7567 : Use SNI to select appropriate keystore alias
> [Java Broker] Select appropriate certificate for TLS based on SNIServerName
> ---------------------------------------------------------------------------
>
> Key: QPID-7567
> URL: https://issues.apache.org/jira/browse/QPID-7567
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Keith Wall
> Fix For: Future
>
>
> Enable SNI support for the Java Broker.
> We will need a X509ExtendedKeyManager implementation that gets the
> SNIServerName from the SSL handshakes and then selects the most appropriate
> certificate alias for the indicated hostname.
> I found the following example helpful:
> https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
> This change requires Java 8, but it is probably possible to retain support
> for Java 7 using reflection.
> It looks to me like the clients (Qpid JMS Client and Legacy) require no
> changes. They both pass the hostname through to the SSLEngine, so the
> SNIServerName should already be passed through. Client side support in Java
> was added at Java 7.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
