[jira] [Work logged] (ARTEMIS-4744) AMQP broker connections don't fully support multi host URIs

Thu, 25 Apr 2024 10:26:12 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4744?focusedWorklogId=916473&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-916473
 ]

ASF GitHub Bot logged work on ARTEMIS-4744:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 25/Apr/24 17:25
            Start Date: 25/Apr/24 17:25
    Worklog Time Spent: 10m 
      Work Description: gemmellr commented on code in PR #4906:
URL: https://github.com/apache/activemq-artemis/pull/4906#discussion_r1579867663


##########
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/amqp/connect/AMQPConnectSaslTest.java:
##########
@@ -214,4 +216,186 @@ private void doConnectWithExternalTestImpl(boolean 
requireClientCert) throws Exc
          peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
       }
    }
+
+   @Test(timeout = 20_000)
+   public void testReconnectConnectsWithVerifyHostOffOnSecondURI() throws 
Exception {
+      final String keyStorePath = 
this.getClass().getClassLoader().getResource(UNKNOWN_SERVER_KEYSTORE_NAME).getFile();
+
+      ProtonTestServerOptions server1Options = new ProtonTestServerOptions();
+      server1Options.setSecure(true);
+      server1Options.setKeyStoreLocation(keyStorePath);
+      server1Options.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+      server1Options.setVerifyHost(false);
+
+      ProtonTestServerOptions server2Options = new ProtonTestServerOptions();
+      server2Options.setSecure(true);
+      server2Options.setKeyStoreLocation(keyStorePath);
+      server2Options.setKeyStorePassword(SERVER_KEYSTORE_PASSWORD);
+      server2Options.setVerifyHost(false);
+
+      try (ProtonTestServer firstPeer = new ProtonTestServer(server1Options);
+           ProtonTestServer secondPeer = new ProtonTestServer(server2Options)) 
{
+
+         firstPeer.expectConnectionToDrop();
+         firstPeer.start();
+
+         secondPeer.expectSASLHeader().respondWithSASLHeader();
+         secondPeer.remoteSaslMechanisms().withMechanisms(EXTERNAL, 
PLAIN).queue();
+         
secondPeer.expectSaslInit().withMechanism(PLAIN).withInitialResponse(secondPeer.saslPlainInitialResponse(USER,
 PASSWD));
+         secondPeer.remoteSaslOutcome().withCode(SaslCode.OK).queue();
+         secondPeer.expectAMQPHeader().respondWithAMQPHeader();
+         secondPeer.expectOpen().respond();
+         secondPeer.expectBegin().respond();
+         secondPeer.start();
+
+         final URI firstPeerURI = firstPeer.getServerURI();
+         logger.debug("Connect test started, first peer listening on: {}", 
firstPeerURI);
+
+         final URI secondPeerURI = secondPeer.getServerURI();
+         logger.debug("Connect test started, second peer listening on: {}", 
secondPeerURI);
+
+         // First connection fails because we use a server certificate with 
whose common name
+         // doesn't match the host, second connection should work as we 
disable host verification
+         String amqpServerConnectionURI =
+            "(tcp://localhost:" + firstPeerURI.getPort() + "?verifyHost=true" +
+            ",tcp://localhost:" + secondPeerURI.getPort() + 
"?verifyHost=false)" +
+               "?sslEnabled=true;trustStorePath=" + SERVER_TRUSTSTORE_NAME +
+               ";trustStorePassword=" + SERVER_TRUSTSTORE_PASSWORD;

Review Comment:
   I have been fine with updating the docs to match the previous tests. Just 
seemed rather off for the 2 to dramatically differ is all :)





Issue Time Tracking
-------------------

    Worklog Id:     (was: 916473)
    Time Spent: 1h 10m  (was: 1h)

> AMQP broker connections don't fully support multi host URIs
> -----------------------------------------------------------
>
>                 Key: ARTEMIS-4744
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4744
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: AMQP
>    Affects Versions: 2.33.0
>            Reporter: Timothy A. Bish
>            Assignee: Timothy A. Bish
>            Priority: Major
>             Fix For: 2.34.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> When configuring a multi host connection URI for an AMQP broker connection 
> the connection will utilize some but not all of the configuration.  The 
> broker will attempt connection to each host and port part specific on the URI 
> but does not apply configuration specific to a given host.  This can lead to 
> failure on connect due to using the TLS configuration from the first host 
> when attempting to connect to the following N hosts.  Users need to be able 
> to configure TLS specific options per host as values such as host 
> verification, SNI and trust stores can vary amongst hosts.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to