Kevin Smith wrote:
Tomas Restrepo wrote:
I've got a couple of questions about the SSL support in the Java broker,
particularly after with the great work done by Kevin Smith to improve its
support.
1- It used to be possible (or at least it looked that way) to have a
single
broker listen simultaneously on both the regular non-ssl and ssl ports
(or
at least it looked that way). It appears this is not longer the case
on the
trunk, so if SSL is enabled, the server will only listen on the SSL
port. Is
that right or am I missing something?
At least for development purposes, I'd say it would be useful to be
able to
have both enabled at the same time, though for normal production
servers it
would likely not be usual to do so.
Based on my reading of the code when I did the SSL changes, it looked
like the broker only ever listened on one or the other. I'll take a look
and see about adding support for both, at least for debugging purposes.
<snip>
I have a fix for this which adds another config entry to the SSL config block in
config.xml like so:
<ssl>
<enabled>true</enabled>
<sslOnly>true</sslOnly>
<keystorePath>/path/to/keystore.ks</keystorePath>
<keystorePassword>keystorepass</keystorePassword>
</ssl>
org.apache.qpid.server.Main will use the sslOnly entry to determine whether or
not to listen on the non-SSL ports as well. So, for this use case you'd want to
set sslOnly to false so it listens on both ports.
This is all based on my assumption that you can bind multiple socket/port
combinations to a single IoAcceptor. Mina's javadoc is a little vague on this
point. Does anyone know if this is the case or not?
--Kevin
