[
https://issues.apache.org/jira/browse/QPID-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7567:
-----------------------------
Fix Version/s: (was: Future)
qpid-java-broker-7.1.0
> [Java Broker] Select appropriate certificate for TLS based on SNIServerName
> ---------------------------------------------------------------------------
>
> Key: QPID-7567
> URL: https://issues.apache.org/jira/browse/QPID-7567
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Keith Wall
> Priority: Major
> Fix For: qpid-java-broker-7.1.0
>
>
> Enable SNI support for the Java Broker.
> We will need a X509ExtendedKeyManager implementation that gets the
> SNIServerName from the SSL handshakes and then selects the most appropriate
> certificate alias for the indicated hostname.
> I found the following example helpful:
> https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
> This change requires Java 8, but it is probably possible to retain support
> for Java 7 using reflection.
> It looks to me like the clients (Qpid JMS Client and Legacy) require no
> changes. They both pass the hostname through to the SSLEngine, so the
> SNIServerName should already be passed through. Client side support in Java
> was added at Java 7.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
