fix is now on trunk, will make 5.7: https://issues.apache.org/jira/browse/AMQ-3785?focusedCommentId=13415046&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13415046
On 13 July 2012 16:43, Alistair Young <alistair.yo...@uhi.ac.uk> wrote: > aha, seems it's already on the radar. failover uri masks out ssl uri. > Workaround is to force it to use the keystore and truststore via Java OPTS. > > http://activemq.2283324.n4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConnectionFactory-does-not-detect-ssl-request-in-failover-URIs-whens-td4501530.html > > > Alistair > > > > mov eax,1 > mov ebx,0 > int 80h > >>>> "Alistair Young" 13/07/12 4:32 PM >>> > > the problem is with failover ssl. Using ssl://localhost:61617 works fine > with ActiveMQSslConnectionFactory and client auth. > > failover:(ssl://localhost:61617) or failover:ssl://localhost:61617 breaks > ActiveMQSslConnectionFactory in that the keystore and truststore set in it > are ignored and you have to use the Java OPTS to get the connection to work. > > Is this how it's meant to work? > > Alistair > > > > mov eax,1 > mov ebx,0 > int 80h > >>>> "Alistair Young" 13/07/12 1:46 PM >>> > Not sure about this one but it's weird. If I use this code in a unit test > against an embedded SslBrokerService with client authentication enabled: > > connectionFactory.setKeyStore(keystorePath); > connectionFactory.setKeyStorePassword(keystorePassword); > connectionFactory.setTrustStore(truststorePath); > connectionFactory.setTrustStorePassword(truststorePassword); > connectionFactory.createConnection(); > > it works fine. If I use the exact same code from a tomcat webapp, > connectionFactory seems to ignore both the keystore and the truststore and > instead I have to set these: > > javax.net.ssl.keyStore > javax.net.ssl.trustStore > etc > > otherwise I get 'certificate_unknown' at the broker. > > Is there any explanation for this? > > thanks, > > Alistair > > > > mov eax,1 > mov ebx,0 > int 80h > -- http://fusesource.com http://blog.garytully.com
