qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7567) [Java Broker] Select appropriate certificate for TLS based on SNIServerName
Date Thu, 01 Feb 2018 09:42:00 GMT

     [ https://issues.apache.org/jira/browse/QPID-7567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Keith Wall updated QPID-7567:
    Fix Version/s:     (was: Future)

> [Java Broker] Select appropriate certificate for TLS based on SNIServerName
> ---------------------------------------------------------------------------
>                 Key: QPID-7567
>                 URL: https://issues.apache.org/jira/browse/QPID-7567
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Broker-J
>            Reporter: Keith Wall
>            Priority: Major
>             Fix For: qpid-java-broker-7.1.0
> Enable SNI support for the Java Broker.
> We will need a X509ExtendedKeyManager implementation that gets the SNIServerName from
the SSL handshakes and then selects the most appropriate certificate alias for the indicated
> I found the following example helpful:
> https://github.com/grahamedgecombe/netty-sni-example/blob/master/src/main/java/SniKeyManager.java
> https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
> This change requires Java 8, but it is probably possible to retain support for Java 7
using reflection.
> It looks to me like the clients (Qpid JMS Client and Legacy) require no changes. They
both pass the hostname through to the SSLEngine, so the SNIServerName should already be passed
through. Client side support in Java was added at Java 7.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message