Kevin Smith wrote:
Robert Greig wrote:
On 22/01/07, Kevin Smith <[EMAIL PROTECTED]> wrote:
I'm going to take a swing at implementing this as a way to learn
parts of the
codebase. Are there any example config files in the tree I could look
at to see
how we're structuring the configs?
That's a good one to start with.
You might find this page in the wiki useful:
http://cwiki.apache.org/confluence/display/qpid/Qpid+Design+-+Configuration
Let us know if you have any questions though.
RG
OK. I've had a chance to look at the docs, and I think I have a handle
on how to do this. I'm thinking of adding a <ssl></ssl> block to the
configs containing all the info needed to fully configure the SSL
context factory:
<ssl>
<keystore-path>/some/path/to/keystore.ks</keystore-path>
<keystore-password>some_password</keystore-password>
<cert-type>SunX509</cert-type>
</ssl>
I do have a couple of questions surrounding this though:
1) Does more need to be configurable? For example, would we ever use a
protocol other than TLS for the SSLContext? My experience with SSL is
limited so it's quite likely I'm missing some use cases here.
2) Does this config need to be interchangeable with the C++ broker?
Thoughts?
--Kevin
Another question - how does the Java QPID client get its config? Purely from the
AMQP connect URL or is there a configuration mechanism similar to the code in
the server? I'm trying to find a place to read in keystore paths, passwords and
other types of useful SSL config info but haven't found it yet. I _could_ put
this info on the URL but I'm concerned it would make for a very long URL and
also introduce security issues since the keystore password would be embedded in
the URL also.
--Kevin
