Apache Artemis - Don't receive all management notifications

[Raul Valdoleiros]

0


I'm trying to connect to the management notifications topic and get all the
messages, even before the client was connected.

What is happening is the client only get the notification messages that
happened after its connection.

The broker configuration is similar to his

notificationsTopic








And the code is this one:
https://github.com/apache/activemq-artemis/blob/main/examples/features/standard/management-notifications/src/main/java/org/apache/activemq/artemis/jms/example/ManagementNotificationExample.java

What I noticed was when the client connects to the notification management
topic it creates a new queue and reads from it, but the notificationsQueue
queue (configured in the broker.xml) remains there with all the messages
ready to be read.

Can anyone point me in the right direction please?

Re: File not found running MQTT PubSub example project.

[Raul Valdoleiros]

Hi,

I tried and it did work for me.

2018-02-27 3:47 GMT+00:00 pwjenkins :

> I don't know if this is a known issue or not. But I've pulled the current
> artemis master code to run some examples. The "mvn -Prelease install"
> succeeds but the "mvn verify" for examples for protocol/mqtt fail. Another
> developer pulled the code and did the same with the same failure.
>
> server-out:2018-02-26 17:20:58,595 ERROR
> [org.apache.activemq.artemis.core.server] AMQ224018: Failed to create
> session: java.lang.SecurityException: java.io.IOException: \login.config
> (No
> such file or directory)
>
> The server0 is constructed and the files are there.
>
> Anyone else seeing this?
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>

[Artemis] Remove queues with wildcard

[Raul Valdoleiros]

Hi,

I've the following scenario:

   - Wildcard configuration active
   - Some subscribers to a queue like "+/example/+"
   - Subscribers of queues like "1/example/1" or "2/example/1"
   - Publishers to queues like "1/example/2"
   - Two brokers connected in a dynamic cluster

I got the following error: AMQ224037: cluster connection Failed to handle
message: java.lang.IllegalStateException: Cannot find binding for
paho/3931EE3876A1F5FFEA.0.2/example/E7718C0BF5D32769791b5e173b-0b45-11e8-9a05-0021f6b39ad7
The impact is the clients are disconnected and I my service stops.

I tried to create a unit test for it:
https://github.com/Skiler/activemq-artemis/commit/195305031bd1b01d4ffa64a9370efceea41177e2

The error is the same but use doesn't seem to be the same.

I added a entry log
in ClusterConnectionImpl$MessageFlowRecordImpl.removeBinding and got the
following log.

[main] 16:37:47,045 INFO
[org.apache.activemq.artemis.core.server.cluster.impl.ClusterConnectionImpl]
#Remove
7f0196cc5a7dce5a.teste/1/some/18e3a6d92-0db7-11e8-be55-024285a49c96
[Thread-13 (ActiveMQ-client-global-threads)] 16:37:47,064 INFO
[org.apache.activemq.artemis.core.server.cluster.impl.ClusterConnectionImpl]
#Remove
7f0196cc5a7dce5a.teste/1/some/18e3a6d92-0db7-11e8-be55-024285a49c96
[Thread-13 (ActiveMQ-client-global-threads)] 16:37:47,075 ERROR
[org.apache.activemq.artemis.core.server] AMQ224037: cluster connection
Failed to handle message: java.lang.IllegalStateException: Cannot find
binding for queue
7f0196cc5a7dce5a.teste/1/some/18e3a6d92-0db7-11e8-be55-024285a49c96
at
org.apache.activemq.artemis.core.server.cluster.impl.ClusterConnectionImpl$MessageFlowRecordImpl.removeBinding(ClusterConnectionImpl.java:1259)
[:]

So my interpretation is the message for removing the queue is sent twice. I
think the best solution is ignore the action to remove the queue when the
queue doesn't exists, instead of guarantee that only one remove event is
sent.

This solution will make artemis more resilient, it will continue working
even when some inconsistency in the system happens.

I want to know what you think about it, and after that I'm available to fix
the problem.

Thanks,
Raul

[Artemis] Some data isn't delivered using Paho client

[Raul Valdoleiros]

Hi,

I'm using paho client to connect to Artemis using the MQTT protocol.
My test case is:

   - Send 50k messages to the broker
   - Connect 1 subscriber and start consuming the messages

Some messages aren't delivered and I need to restart the consumer for them
to be consumed.

I saw a topic regarding Apollo (
http://activemq.2283324.n4.nabble.com/Cannot-receive-every-message-by-mqtt-protocol-td4712595.html#a4712604)
but it didn't found a solution there.

Can you help me understand what is wrong here?

Thanks in advance,
Raul

Re: Artemis Connection failure has been detected

[Raul Valdoleiros]

Hi,

Thanks for your help :)

2018-01-26 9:10 GMT+00:00 Francesco Nigro :

> Hi,
>
> as Miroslav said, that warnings aren't a sign of any lost message, but I
> agree that they are somehow scary :)
> Maybe could worth to lower the log level to INFO.
>
> Thanks,
> Franz
>
>
> Il giorno ven 26 gen 2018 alle ore 09:28 Miroslav Novak  >
> ha scritto:
>
> > Hi,
> >
> > those messages are normal when server in Artemis cluster is shutdown. You
> > will not loose messages if you start the broker again. Note that messages
> > are usually load-balanced (distributed) to all nodes in cluster in round
> > robin fashion. So shutting down node in cluster (without proper scale
> down)
> > will cause that messages on shutdown node cannot be processed.
> >
> > Thanks,
> > Mirek
> >
> > - Original Message -
> > > From: "Raul Valdoleiros" 
> > > To: users@activemq.apache.org
> > > Sent: Thursday, January 25, 2018 6:34:11 PM
> > > Subject: Artemis Connection failure has been detected
> > >
> > > Hi,
> > >
> > > I'm trying to create a dynamic cluster of artemis brokers. I'm getting
> > the
> > > following messages when I shutdown one of the brokers.
> > >
> > > 17:24:47,747 WARN  [org.apache.activemq.artemis.core.client]
> AMQ212037:
> > > Connection failure has been detected: AMQ119015: The connection was
> > > disconnected because of server shutdown [code=DISCONNECTED]
> > > 17:24:47,763 WARN  [org.apache.activemq.artemis.core.client]
> AMQ212037:
> > > Connection failure has been detected: AMQ119015: The connection was
> > > disconnected because of server shutdown [code=DISCONNECTED]
> > > 17:24:47,755 WARN  [org.apache.activemq.artemis.core.client]
> AMQ212037:
> > > Connection failure has been detected: AMQ119015: The connection was
> > > disconnected because of server shutdown [code=DISCONNECTED]
> > > 17:24:47,769 WARN  [org.apache.activemq.artemis.core.server]
> AMQ222095:
> > > Connection failed with failedOver=false
> > > 17:24:47,797 WARN  [org.apache.activemq.artemis.core.server]
> AMQ222095:
> > > Connection failed with failedOver=false
> > > 17:24:47,801 INFO  [org.apache.activemq.artemis.core.server]
> AMQ221029:
> > > stopped bridge
> > > $.artemis.internal.sf.my-cluster.23bc5035-d11d-11e7-b017-8c705a641428
> > > 17:24:57,973 WARN  [org.apache.activemq.artemis.core.client]
> AMQ212034:
> > > There are more than one servers on the network broadcasting the same
> node
> > > id. You will see this message exactly once (per node) if a node is
> > > restarted, in which case it can be safely ignored. But if it is logged
> > > continuously it means you really do have more than one node on the same
> > > network active concurrently with the same node id. This could occur if
> > you
> > > have a backup node active at the same time as its live node.
> > > nodeID=23bc5035-d11d-11e7-b017-8c705a641428
> > >
> > > I suspect that this behavior makes the brokers lost messages.
> > >
> > > I attached the brokers configurations. Can someone help me understand
> > what
> > > is wrong?
> > >
> > > Thanks in advance,
> > > Raul
> > >
> >
>

Artemis Connection failure has been detected

[Raul Valdoleiros]

Hi,

I'm trying to create a dynamic cluster of artemis brokers. I'm getting the
following messages when I shutdown one of the brokers.

17:24:47,747 WARN  [org.apache.activemq.artemis.core.client] AMQ212037:
Connection failure has been detected: AMQ119015: The connection was
disconnected because of server shutdown [code=DISCONNECTED]
17:24:47,763 WARN  [org.apache.activemq.artemis.core.client] AMQ212037:
Connection failure has been detected: AMQ119015: The connection was
disconnected because of server shutdown [code=DISCONNECTED]
17:24:47,755 WARN  [org.apache.activemq.artemis.core.client] AMQ212037:
Connection failure has been detected: AMQ119015: The connection was
disconnected because of server shutdown [code=DISCONNECTED]
17:24:47,769 WARN  [org.apache.activemq.artemis.core.server] AMQ222095:
Connection failed with failedOver=false
17:24:47,797 WARN  [org.apache.activemq.artemis.core.server] AMQ222095:
Connection failed with failedOver=false
17:24:47,801 INFO  [org.apache.activemq.artemis.core.server] AMQ221029:
stopped bridge
$.artemis.internal.sf.my-cluster.23bc5035-d11d-11e7-b017-8c705a641428
17:24:57,973 WARN  [org.apache.activemq.artemis.core.client] AMQ212034:
There are more than one servers on the network broadcasting the same node
id. You will see this message exactly once (per node) if a node is
restarted, in which case it can be safely ignored. But if it is logged
continuously it means you really do have more than one node on the same
network active concurrently with the same node id. This could occur if you
have a backup node active at the same time as its live node.
nodeID=23bc5035-d11d-11e7-b017-8c705a641428

I suspect that this behavior makes the brokers lost messages.

I attached the brokers configurations. Can someone help me understand what
is wrong?

Thanks in advance,
Raul

Re: Artemis CRL

[Raul Valdoleiros]

Hi Justin,

I created a new pull request with the changes you mentioned.
https://github.com/apache/activemq-artemis/pull/1715

Somehow I'm having problems amending the commits, so I create a new pr.

Raul

2017-12-14 15:44 GMT+00:00 Justin Bertram :

> You'd need to add instructions to both the test (see an example here [1])
> and the example.
>
> Also, take a look at the modifications I made to your previous test
> submitted for the MQTT cluster issue [2].  It's preferable to have the
> configuration done programmatically rather than in a separate broker.xml
> file.
>
>
> Justin
>
> [1]
> https://github.com/apache/activemq-artemis/blob/master/
> tests/integration-tests/src/test/java/org/apache/activemq/
> artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java#L70
> [1]
> https://github.com/apache/activemq-artemis/blob/master/
> tests/integration-tests/src/test/java/org/apache/activemq/
> artemis/tests/integration/mqtt/imported/MqttClusterWildcardTest.java
>
> On Thu, Dec 14, 2017 at 9:33 AM, Raul Valdoleiros <
> raul.valdoleiros.olive...@gmail.com> wrote:
>
> > In this pull request ( https://github.com/apache/
> > activemq-artemis/pull/1708
> > ) you have:
> >
> >- an example ->  examples/features/standard/ssl-enabled-crl-mqtt/
> ><https://github.com/apache/activemq-artemis/pull/1708/files#diff-
> > 281889d37468a2ec2947c2269c302377>
> >- a test
> >-> tests/integration-tests/src/test/java/org/apache/activemq/
> > artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java
> >
> > I think I need to update this file
> > examples/features/standard/ssl-enabled-crl-mqtt/readme.html
> > <https://github.com/apache/activemq-artemis/pull/1708/files#diff-
> > fac926e01a6ee68f346e78d126d15f5c>
> >
> > There is any other place I need to add the instructions?
> >
> > Raul
> >
> >
> > 2017-12-14 14:49 GMT+00:00 Justin Bertram :
> >
> > > Are there instructions about how to do what you did in your example or
> > your
> > > test?  Any artifacts packaged with an example or a test should be able
> to
> > > be easily re-created by an interested user/developer.
> > >
> > >
> > > Justin
> > >
> > > On Thu, Dec 14, 2017 at 5:37 AM, Raul Valdoleiros <
> > > raul.valdoleiros.olive...@gmail.com> wrote:
> > >
> > > > Hi Justin,
> > > >
> > > > I created new certificates and crls, created from scratch.
> > > >
> > > > Thanks,
> > > > Raul
> > > >
> > > > 2017-12-12 10:09 GMT+00:00 Raul Valdoleiros <
> > > > raul.valdoleiros.olive...@gmail.com>:
> > > >
> > > > > Hi Justin,
> > > > >
> > > > > I copied the activemq-revoke.crl from the activemq repository. I
> will
> > > try
> > > > > to add the documentation today or tomorrow,I've a busy day today :(
> > > > >
> > > > > Thanks,
> > > > > Raul
> > > > >
> > > > > 2017-12-12 3:09 GMT+00:00 Justin Bertram :
> > > > >
> > > > >> If you look at Raul's commit you'll see support for OCSP in there.
> > > > Really
> > > > >> what's left is some testing and documentation to round it out
> (which
> > > was
> > > > >> why I was asking about how to generate the CRL).
> > > > >>
> > > > >> In any case, thanks (as always) for your input.
> > > > >>
> > > > >>
> > > > >> Justin
> > > > >>
> > > > >> On Mon, Dec 11, 2017 at 3:29 PM, Hadrian Zbarcea <
> > hzbar...@gmail.com>
> > > > >> wrote:
> > > > >>
> > > > >> > Keep in mind that CRLs are not used much because of a few
> reasons.
> > > One
> > > > >> of
> > > > >> > the main ones is the heavy burden on ops/maintenance. You may
> want
> > > to
> > > > >> take
> > > > >> > a look at ocsp.
> > > > >> >
> > > > >> > My $0.02,
> > > > >> > Hadrian
> > > > >> >
> > > > >> >
> > > > >> >
> > > > >> > On 12/11/2017 02:34 PM, Justin Bertram wrote:
> > > > >> >
> > > > >> >> Can you describe how you created the activemq-re

Re: Artemis CRL

[Raul Valdoleiros]

In this pull request ( https://github.com/apache/activemq-artemis/pull/1708
) you have:

   - an example ->  examples/features/standard/ssl-enabled-crl-mqtt/
   
<https://github.com/apache/activemq-artemis/pull/1708/files#diff-281889d37468a2ec2947c2269c302377>
   - a test
   -> 
tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/mqtt/imported/MQTTSecurityCRLTest.java

I think I need to update this file
examples/features/standard/ssl-enabled-crl-mqtt/readme.html
<https://github.com/apache/activemq-artemis/pull/1708/files#diff-fac926e01a6ee68f346e78d126d15f5c>

There is any other place I need to add the instructions?

Raul


2017-12-14 14:49 GMT+00:00 Justin Bertram :

> Are there instructions about how to do what you did in your example or your
> test?  Any artifacts packaged with an example or a test should be able to
> be easily re-created by an interested user/developer.
>
>
> Justin
>
> On Thu, Dec 14, 2017 at 5:37 AM, Raul Valdoleiros <
> raul.valdoleiros.olive...@gmail.com> wrote:
>
> > Hi Justin,
> >
> > I created new certificates and crls, created from scratch.
> >
> > Thanks,
> > Raul
> >
> > 2017-12-12 10:09 GMT+00:00 Raul Valdoleiros <
> > raul.valdoleiros.olive...@gmail.com>:
> >
> > > Hi Justin,
> > >
> > > I copied the activemq-revoke.crl from the activemq repository. I will
> try
> > > to add the documentation today or tomorrow,I've a busy day today :(
> > >
> > > Thanks,
> > > Raul
> > >
> > > 2017-12-12 3:09 GMT+00:00 Justin Bertram :
> > >
> > >> If you look at Raul's commit you'll see support for OCSP in there.
> > Really
> > >> what's left is some testing and documentation to round it out (which
> was
> > >> why I was asking about how to generate the CRL).
> > >>
> > >> In any case, thanks (as always) for your input.
> > >>
> > >>
> > >> Justin
> > >>
> > >> On Mon, Dec 11, 2017 at 3:29 PM, Hadrian Zbarcea 
> > >> wrote:
> > >>
> > >> > Keep in mind that CRLs are not used much because of a few reasons.
> One
> > >> of
> > >> > the main ones is the heavy burden on ops/maintenance. You may want
> to
> > >> take
> > >> > a look at ocsp.
> > >> >
> > >> > My $0.02,
> > >> > Hadrian
> > >> >
> > >> >
> > >> >
> > >> > On 12/11/2017 02:34 PM, Justin Bertram wrote:
> > >> >
> > >> >> Can you describe how you created the activemq-revoke.crl that's in
> > your
> > >> >> example?
> > >> >>
> > >> >>
> > >> >> Justin
> > >> >>
> > >> >> On Mon, Dec 11, 2017 at 9:47 AM, Justin Bertram <
> jbert...@apache.org
> > >
> > >> >> wrote:
> > >> >>
> > >> >> The CRL logic applies to the *trust* manager.  The way your example
> > is
> > >> >>> configured the CRL is specified on the broker side.  In order to
> > make
> > >> use
> > >> >>> of the CRL the client has to present a certificate for the broker
> to
> > >> >>> trust.  However, the acceptor in your example (and test) is not
> > >> >>> configured
> > >> >>> to require the client to present a certificate.  You need to add
> > >> >>> "needClientAuth=true" and then you should see the broker reject
> the
> > >> >>> client's cert.
> > >> >>>
> > >> >>>
> > >> >>> Justin
> > >> >>>
> > >> >>> On Mon, Dec 11, 2017 at 8:43 AM, Raul Valdoleiros <
> > >> >>> raul.valdoleiros.olive...@gmail.com> wrote:
> > >> >>>
> > >> >>> The server accepts the connection of the client with the revoked
> > >> >>>> certificate, I think it should reject the connection.
> > >> >>>> I add an example of that in the commit.
> > >> >>>>
> > >> >>>> 2017-12-11 14:05 GMT+00:00 Justin Bertram :
> > >> >>>>
> > >> >>>> I took a quick look over the code and it looks good to me.  What
> > >> >>>>> specifically isn't working?
> > >

Re: Artemis CRL

[Raul Valdoleiros]

Hi Justin,

I created new certificates and crls, created from scratch.

Thanks,
Raul

2017-12-12 10:09 GMT+00:00 Raul Valdoleiros <
raul.valdoleiros.olive...@gmail.com>:

> Hi Justin,
>
> I copied the activemq-revoke.crl from the activemq repository. I will try
> to add the documentation today or tomorrow,I've a busy day today :(
>
> Thanks,
> Raul
>
> 2017-12-12 3:09 GMT+00:00 Justin Bertram :
>
>> If you look at Raul's commit you'll see support for OCSP in there.  Really
>> what's left is some testing and documentation to round it out (which was
>> why I was asking about how to generate the CRL).
>>
>> In any case, thanks (as always) for your input.
>>
>>
>> Justin
>>
>> On Mon, Dec 11, 2017 at 3:29 PM, Hadrian Zbarcea 
>> wrote:
>>
>> > Keep in mind that CRLs are not used much because of a few reasons. One
>> of
>> > the main ones is the heavy burden on ops/maintenance. You may want to
>> take
>> > a look at ocsp.
>> >
>> > My $0.02,
>> > Hadrian
>> >
>> >
>> >
>> > On 12/11/2017 02:34 PM, Justin Bertram wrote:
>> >
>> >> Can you describe how you created the activemq-revoke.crl that's in your
>> >> example?
>> >>
>> >>
>> >> Justin
>> >>
>> >> On Mon, Dec 11, 2017 at 9:47 AM, Justin Bertram 
>> >> wrote:
>> >>
>> >> The CRL logic applies to the *trust* manager.  The way your example is
>> >>> configured the CRL is specified on the broker side.  In order to make
>> use
>> >>> of the CRL the client has to present a certificate for the broker to
>> >>> trust.  However, the acceptor in your example (and test) is not
>> >>> configured
>> >>> to require the client to present a certificate.  You need to add
>> >>> "needClientAuth=true" and then you should see the broker reject the
>> >>> client's cert.
>> >>>
>> >>>
>> >>> Justin
>> >>>
>> >>> On Mon, Dec 11, 2017 at 8:43 AM, Raul Valdoleiros <
>> >>> raul.valdoleiros.olive...@gmail.com> wrote:
>> >>>
>> >>> The server accepts the connection of the client with the revoked
>> >>>> certificate, I think it should reject the connection.
>> >>>> I add an example of that in the commit.
>> >>>>
>> >>>> 2017-12-11 14:05 GMT+00:00 Justin Bertram :
>> >>>>
>> >>>> I took a quick look over the code and it looks good to me.  What
>> >>>>> specifically isn't working?
>> >>>>>
>> >>>>>
>> >>>>> Justin
>> >>>>>
>> >>>>> On Mon, Dec 11, 2017 at 3:06 AM, Raul Valdoleiros <
>> >>>>> raul.valdoleiros.olive...@gmail.com> wrote:
>> >>>>>
>> >>>>> Hi Justin,
>> >>>>>>
>> >>>>>> What I did is available in the commit:
>> >>>>>> https://github.com/Skiler/activemq-artemis/commit/
>> >>>>>> 2e67595c3085eb62122906b22a3398f9de47
>> >>>>>> Definitely I did something wrong, perhaps some basic mistake. I
>> >>>>>>
>> >>>>>> Thanks in advance,
>> >>>>>> Raul
>> >>>>>>
>> >>>>>> 2017-12-08 20:51 GMT+00:00 Justin Bertram :
>> >>>>>>
>> >>>>>> FYI - I opened ARTEMIS-1548 [1] for this.
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> Justin
>> >>>>>>>
>> >>>>>>> [1] https://issues.apache.org/jira/browse/ARTEMIS-1548
>> >>>>>>>
>> >>>>>>> On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram <
>> jbert...@apache.org
>> >>>>>>>
>> >>>>>>
>> >>>>> wrote:
>> >>>>>>>
>> >>>>>>> I  copied the code and the certificates from activemq.
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> What code and certs did you copy and where did you copy it to?
>> >>>>>>>>
>> >>>>>>>> My guess 

Re: Artemis CRL

[Raul Valdoleiros]

Hi Justin,

I copied the activemq-revoke.crl from the activemq repository. I will try
to add the documentation today or tomorrow,I've a busy day today :(

Thanks,
Raul

2017-12-12 3:09 GMT+00:00 Justin Bertram :

> If you look at Raul's commit you'll see support for OCSP in there.  Really
> what's left is some testing and documentation to round it out (which was
> why I was asking about how to generate the CRL).
>
> In any case, thanks (as always) for your input.
>
>
> Justin
>
> On Mon, Dec 11, 2017 at 3:29 PM, Hadrian Zbarcea 
> wrote:
>
> > Keep in mind that CRLs are not used much because of a few reasons. One of
> > the main ones is the heavy burden on ops/maintenance. You may want to
> take
> > a look at ocsp.
> >
> > My $0.02,
> > Hadrian
> >
> >
> >
> > On 12/11/2017 02:34 PM, Justin Bertram wrote:
> >
> >> Can you describe how you created the activemq-revoke.crl that's in your
> >> example?
> >>
> >>
> >> Justin
> >>
> >> On Mon, Dec 11, 2017 at 9:47 AM, Justin Bertram 
> >> wrote:
> >>
> >> The CRL logic applies to the *trust* manager.  The way your example is
> >>> configured the CRL is specified on the broker side.  In order to make
> use
> >>> of the CRL the client has to present a certificate for the broker to
> >>> trust.  However, the acceptor in your example (and test) is not
> >>> configured
> >>> to require the client to present a certificate.  You need to add
> >>> "needClientAuth=true" and then you should see the broker reject the
> >>> client's cert.
> >>>
> >>>
> >>> Justin
> >>>
> >>> On Mon, Dec 11, 2017 at 8:43 AM, Raul Valdoleiros <
> >>> raul.valdoleiros.olive...@gmail.com> wrote:
> >>>
> >>> The server accepts the connection of the client with the revoked
> >>>> certificate, I think it should reject the connection.
> >>>> I add an example of that in the commit.
> >>>>
> >>>> 2017-12-11 14:05 GMT+00:00 Justin Bertram :
> >>>>
> >>>> I took a quick look over the code and it looks good to me.  What
> >>>>> specifically isn't working?
> >>>>>
> >>>>>
> >>>>> Justin
> >>>>>
> >>>>> On Mon, Dec 11, 2017 at 3:06 AM, Raul Valdoleiros <
> >>>>> raul.valdoleiros.olive...@gmail.com> wrote:
> >>>>>
> >>>>> Hi Justin,
> >>>>>>
> >>>>>> What I did is available in the commit:
> >>>>>> https://github.com/Skiler/activemq-artemis/commit/
> >>>>>> 2e67595c3085eb62122906b22a3398f9de47
> >>>>>> Definitely I did something wrong, perhaps some basic mistake. I
> >>>>>>
> >>>>>> Thanks in advance,
> >>>>>> Raul
> >>>>>>
> >>>>>> 2017-12-08 20:51 GMT+00:00 Justin Bertram :
> >>>>>>
> >>>>>> FYI - I opened ARTEMIS-1548 [1] for this.
> >>>>>>>
> >>>>>>>
> >>>>>>> Justin
> >>>>>>>
> >>>>>>> [1] https://issues.apache.org/jira/browse/ARTEMIS-1548
> >>>>>>>
> >>>>>>> On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram <
> jbert...@apache.org
> >>>>>>>
> >>>>>>
> >>>>> wrote:
> >>>>>>>
> >>>>>>> I  copied the code and the certificates from activemq.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> What code and certs did you copy and where did you copy it to?
> >>>>>>>>
> >>>>>>>> My guess is artemis is delegating the ssl infrastructure in
> >>>>>>>>>
> >>>>>>>> Netty
> >>>>
> >>>>> and
> >>>>>
> >>>>>> netty isn't supporting CRL by default. Not sure about it.
> >>>>>>>>
> >>>>>>>> The SSL handshake is done by Netty in Artemis.  However, the
> >>>>>>>>
> >>>>>>> SSLContext
> >>>>>
> >>>>>> used (which includes the

Re: Artemis CRL

[Raul Valdoleiros]

The server accepts the connection of the client with the revoked
certificate, I think it should reject the connection.
I add an example of that in the commit.

2017-12-11 14:05 GMT+00:00 Justin Bertram :

> I took a quick look over the code and it looks good to me.  What
> specifically isn't working?
>
>
> Justin
>
> On Mon, Dec 11, 2017 at 3:06 AM, Raul Valdoleiros <
> raul.valdoleiros.olive...@gmail.com> wrote:
>
> > Hi Justin,
> >
> > What I did is available in the commit:
> > https://github.com/Skiler/activemq-artemis/commit/
> > 2e67595c3085eb62122906b22a3398f9de47
> > Definitely I did something wrong, perhaps some basic mistake. I
> >
> > Thanks in advance,
> > Raul
> >
> > 2017-12-08 20:51 GMT+00:00 Justin Bertram :
> >
> > > FYI - I opened ARTEMIS-1548 [1] for this.
> > >
> > >
> > > Justin
> > >
> > > [1] https://issues.apache.org/jira/browse/ARTEMIS-1548
> > >
> > > On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram 
> > > wrote:
> > >
> > > > > I  copied the code and the certificates from activemq.
> > > >
> > > > What code and certs did you copy and where did you copy it to?
> > > >
> > > > > My guess is artemis is delegating the ssl infrastructure in Netty
> and
> > > > netty isn't supporting CRL by default. Not sure about it.
> > > >
> > > > The SSL handshake is done by Netty in Artemis.  However, the
> SSLContext
> > > > used (which includes the trust manager) is created by Artemis itself
> in
> > > the
> > > > class I specified in my previous email.
> > > >
> > > > > I need ocsp too, i thought i could add copy both features to
> artemis.
> > > No
> > > > luck until now.
> > > >
> > > > I don't think it will be too hard to implement both in Artemis.  I'll
> > > give
> > > > it a closer look when I get the chance.
> > > >
> > > >
> > > > Justin
> > > >
> > > > On Thu, Dec 7, 2017 at 4:23 PM, Raul Valdoleiros <
> > > > raul.valdoleiros.olive...@gmail.com> wrote:
> > > >
> > > >> Hi Justin,
> > > >>
> > > >> I already try it ( i tried before send the e-mail), and didn't
> work. I
> > > >> copied the code and the certificates from activemq. My guess is
> > artemis
> > > is
> > > >> delegating the ssl infrastructure in Netty and netty isn't
> supporting
> > > CRL
> > > >> by default. Not sure about it. I'm assuming activemq don't use
> netty.
> > > >> I need ocsp too, i thought i could add copy both features to
> artemis.
> > No
> > > >> luck until now.
> > > >>
> > > >> Thanks in advance,
> > > >> Raul
> > > >>
> > > >>
> > > >> Em 07/12/2017 5:36 p.m., "Justin Bertram" 
> > > escreveu:
> > > >>
> > > >> Artemis doesn't support CRL.  However, you should be able to adapt
> > > what's
> > > >> done in 5.x in org.apache.activemq.spring.SpringSslContext to work
> in
> > > >> Artemis in org.apache.activemq.artemis.core.remoting.impl.ssl.
> > > SSLSupport.
> > > >> Let me know if you're moving forward with this work otherwise I'll
> > take
> > > a
> > > >> closer look.
> > > >>
> > > >>
> > > >> Justin
> > > >>
> > > >> On Thu, Dec 7, 2017 at 2:27 AM, Raul Valdoleiros <
> > > >> raul.valdoleiros.olive...@gmail.com> wrote:
> > > >>
> > > >> > Hi,
> > > >> >
> > > >> > Artemis support certificate revogation list? If not, i'm available
> > to
> > > >> try
> > > >> > implement it if you give some insights about it.
> > > >> >
> > > >> > Thanks in advance,
> > > >> > Raul
> > > >> >
> > > >>
> > > >
> > > >
> > >
> >
>

Re: Artemis CRL

[Raul Valdoleiros]

Hi Justin,

What I did is available in the commit:
https://github.com/Skiler/activemq-artemis/commit/2e67595c3085eb62122906b22a3398f9de47
Definitely I did something wrong, perhaps some basic mistake. I

Thanks in advance,
Raul

2017-12-08 20:51 GMT+00:00 Justin Bertram :

> FYI - I opened ARTEMIS-1548 [1] for this.
>
>
> Justin
>
> [1] https://issues.apache.org/jira/browse/ARTEMIS-1548
>
> On Thu, Dec 7, 2017 at 6:54 PM, Justin Bertram 
> wrote:
>
> > > I  copied the code and the certificates from activemq.
> >
> > What code and certs did you copy and where did you copy it to?
> >
> > > My guess is artemis is delegating the ssl infrastructure in Netty and
> > netty isn't supporting CRL by default. Not sure about it.
> >
> > The SSL handshake is done by Netty in Artemis.  However, the SSLContext
> > used (which includes the trust manager) is created by Artemis itself in
> the
> > class I specified in my previous email.
> >
> > > I need ocsp too, i thought i could add copy both features to artemis.
> No
> > luck until now.
> >
> > I don't think it will be too hard to implement both in Artemis.  I'll
> give
> > it a closer look when I get the chance.
> >
> >
> > Justin
> >
> > On Thu, Dec 7, 2017 at 4:23 PM, Raul Valdoleiros <
> > raul.valdoleiros.olive...@gmail.com> wrote:
> >
> >> Hi Justin,
> >>
> >> I already try it ( i tried before send the e-mail), and didn't work. I
> >> copied the code and the certificates from activemq. My guess is artemis
> is
> >> delegating the ssl infrastructure in Netty and netty isn't supporting
> CRL
> >> by default. Not sure about it. I'm assuming activemq don't use netty.
> >> I need ocsp too, i thought i could add copy both features to artemis. No
> >> luck until now.
> >>
> >> Thanks in advance,
> >> Raul
> >>
> >>
> >> Em 07/12/2017 5:36 p.m., "Justin Bertram" 
> escreveu:
> >>
> >> Artemis doesn't support CRL.  However, you should be able to adapt
> what's
> >> done in 5.x in org.apache.activemq.spring.SpringSslContext to work in
> >> Artemis in org.apache.activemq.artemis.core.remoting.impl.ssl.
> SSLSupport.
> >> Let me know if you're moving forward with this work otherwise I'll take
> a
> >> closer look.
> >>
> >>
> >> Justin
> >>
> >> On Thu, Dec 7, 2017 at 2:27 AM, Raul Valdoleiros <
> >> raul.valdoleiros.olive...@gmail.com> wrote:
> >>
> >> > Hi,
> >> >
> >> > Artemis support certificate revogation list? If not, i'm available to
> >> try
> >> > implement it if you give some insights about it.
> >> >
> >> > Thanks in advance,
> >> > Raul
> >> >
> >>
> >
> >
>

Re: Artemis CRL

[Raul Valdoleiros]

Hi Justin,

I already try it ( i tried before send the e-mail), and didn't work. I
copied the code and the certificates from activemq. My guess is artemis is
delegating the ssl infrastructure in Netty and netty isn't supporting CRL
by default. Not sure about it. I'm assuming activemq don't use netty.
I need ocsp too, i thought i could add copy both features to artemis. No
luck until now.

Thanks in advance,
Raul


Em 07/12/2017 5:36 p.m., "Justin Bertram"  escreveu:

Artemis doesn't support CRL.  However, you should be able to adapt what's
done in 5.x in org.apache.activemq.spring.SpringSslContext to work in
Artemis in org.apache.activemq.artemis.core.remoting.impl.ssl.SSLSupport.
Let me know if you're moving forward with this work otherwise I'll take a
closer look.


Justin

On Thu, Dec 7, 2017 at 2:27 AM, Raul Valdoleiros <
raul.valdoleiros.olive...@gmail.com> wrote:

> Hi,
>
> Artemis support certificate revogation list? If not, i'm available to try
> implement it if you give some insights about it.
>
> Thanks in advance,
> Raul
>

Artemis CRL

[Raul Valdoleiros]

Hi,

Artemis support certificate revogation list? If not, i'm available to try
implement it if you give some insights about it.

Thanks in advance,
Raul

Re: Artemis LDAP SSL

[Raul Valdoleiros]

Thanks, it worked :)

2017-11-29 13:14 GMT+00:00 Justin Bertram :

> The actual LDAP connection is provided by com.sun.jndi.ldap.LdapCtxFactory
> which I believe already supports SSL.  I think you just need to set
> "connectionProtocol" config parameter to "ssl".
>
>
> Justin
>
> On Wed, Nov 29, 2017 at 3:18 AM, Raul Valdoleiros <
> raul.valdoleiros.olive...@gmail.com> wrote:
>
> > Hi,
> >
> > Do you know when ldap connection with ssl will be supported?
> >
> > Thanks in advance,
> > Raul
> >
>

Artemis LDAP SSL

[Raul Valdoleiros]

Hi,

Do you know when ldap connection with ssl will be supported?

Thanks in advance,
Raul

Artemis MQTT Cluster

[Raul Valdoleiros]

Hi,

I created a cluster with two nodes of artemis brokers, configured with mqtt
protocol.
The goal is to send a message, through mqtt, to broker 1 and receive it in
the subscriber of broker 2.

I've wrote a test for that:
https://github.com/Skiler/activemq-artemis/tree/master/examples/features/clustered/clustered-queue-mqtt

Can anyone help me understand what is wrong?

Thanks in advance,
Raul

Apache Artemis MQTT

[Raul Valdoleiros]

Hi everyone,

Sorry for the inconvinience, but I didn't found the information I need in
the documentation.

I'm trying to see if the Apache Artemis has two particular features:

   - A feature like shared subscription (MQTT version 5), or consumer
   session balancing from vernemq. Do you know if there is something like this?
   - CRL ( Certificate Revocation List)

If anyone can help me I appreciate.
Thanks in advance,
Raul