Greg Rabil created AMQ-9291:
-------------------------------
Summary: networkConnector does not support IPv6 address
Key: AMQ-9291
URL: https://issues.apache.org/jira/browse/AMQ-9291
Project: ActiveMQ
Issue Type: Bug
Components: Connector
Affects Versions: 5.18.2, 5.17.5, 5.16.6
Reporter: Greg Rabil
In ActiveMQ 5.15.15, the following networkConnector URI works for connecting to
an ActiveMQ broker over IPv6:
<networkConnector name="amq-broker"
uri="static:(failover:(ssl://[fd00::15]:61617?verifyHostName=false)?initialReconnectDelay=100&randomize=false)"/>
However, in ActiveMQ 5.16, 5.17, and 5.18, this will fail with the following
error (warning):
2023-07-17 12:52:30,825 | WARN | Failed to connect to
[ssl://[fd00::15]:61617?verifyHostName=false] after: 1 attempt(s) with Contains
non-LDH ASCII characters, continuing to retry. |
org.apache.activemq.transport.failover.FailoverTransport | ActiveMQ Failover
Worker: 1448780972
The problem is caused by this new code in the
org.apache.activemq.transport.tcp.SslTransport.java class:
{{ // Lets try to configure the SSL SNI field. Handy in case your
using}}
{{ // a single proxy to route to different messaging apps.}}
{{ final SSLParameters sslParams = new SSLParameters();}}
{{ if (remoteLocation != null) {}}
{{ sslParams.setServerNames(Collections.singletonList(new
SNIHostName(remoteLocation.getHost())));}}
{{ }}}
The remoteLocation.getHost() will return "[fd00::15]", which causes the
exception in the SNIHostName constructor. It seems that the above condition
should be:
{{ if ((remoteLocation != null) && verifyHostName) {}}
{{ sslParams.setServerNames(Collections.singletonList(new
SNIHostName(remoteLocation.getHost())));}}
{{ }}}
Because the SNIHostName only makes sense in the context of verifying the
hostname of the server certificate.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
