Add support for hostname verification

(cherry picked from commit 69fad2a135)
This commit is contained in:
Christopher L. Shannon (cshannon) 2018-08-21 09:05:42 -04:00
parent 2373aa1320
commit bde7097fb8
24 changed files with 157 additions and 46 deletions

View File

@ -185,7 +185,7 @@ public class AmqpTestSupport {
}
if (isUseSslConnector()) {
connector = brokerService.addConnector(
"amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
"amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpSslPort = connector.getConnectUri().getPort();
amqpSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+ssl port " + amqpSslPort);
@ -199,7 +199,7 @@ public class AmqpTestSupport {
}
if (isUseNioPlusSslConnector()) {
connector = brokerService.addConnector(
"amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
"amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig());
amqpNioPlusSslPort = connector.getConnectUri().getPort();
amqpNioPlusSslURI = connector.getPublishableConnectURI();
LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);

View File

@ -79,7 +79,7 @@ public class JMSClientAutoSslAuthTest extends JMSClientTestSupport {
@Override
protected String getAdditionalConfig() {
return "?transport.needClientAuth=true";
return "?transport.needClientAuth=true&transport.verifyHostName=false";
}

View File

@ -30,6 +30,7 @@ import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLParameters;
import org.apache.activemq.thread.TaskRunnerFactory;
import org.apache.activemq.util.IOExceptionSupport;
@ -89,6 +90,12 @@ public class AutoInitNioSSLTransport extends NIOSSLTransport {
sslEngine = sslContext.createSSLEngine();
}
if (verifyHostName) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParams);
}
sslEngine.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslEngine.setEnabledCipherSuites(enabledCipherSuites);

View File

@ -36,6 +36,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
@ -56,6 +57,7 @@ public class NIOSSLTransport extends NIOTransport {
protected boolean wantClientAuth;
protected String[] enabledCipherSuites;
protected String[] enabledProtocols;
protected boolean verifyHostName = true;
protected SSLContext sslContext;
protected SSLEngine sslEngine;
@ -119,6 +121,12 @@ public class NIOSSLTransport extends NIOTransport {
sslEngine = sslContext.createSSLEngine();
}
if (verifyHostName) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParams);
}
sslEngine.setUseClientMode(false);
if (enabledCipherSuites != null) {
sslEngine.setEnabledCipherSuites(enabledCipherSuites);
@ -543,4 +551,12 @@ public class NIOSSLTransport extends NIOTransport {
public void setEnabledProtocols(String[] enabledProtocols) {
this.enabledProtocols = enabledProtocols;
}
public boolean isVerifyHostName() {
return verifyHostName;
}
public void setVerifyHostName(boolean verifyHostName) {
this.verifyHostName = verifyHostName;
}
}

View File

@ -17,11 +17,14 @@
package org.apache.activemq.transport.tcp;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketException;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@ -43,6 +46,8 @@ import org.apache.activemq.wireformat.WireFormat;
*/
public class SslTransport extends TcpTransport {
private Boolean verifyHostName = null;
/**
* Connect to a remote node such as a Broker.
*
@ -73,6 +78,37 @@ public class SslTransport extends TcpTransport {
}
}
@Override
protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException {
//This needs to default to null because this transport class is used for both a server transport
//and a client connection and if we default it to a value it might override the transport server setting
//that was configured inside TcpTransportServer
//The idea here is that if this is a server transport then verifyHostName will be set by the setter
//below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName
//then it will be null and we can check socketOptions
//Unfortunately we have to do this to stay consistent because every other SSL option on the client
//side is configured using socket. but this particular option isn't actually part of the socket
//so it makes it tricky
if (verifyHostName == null) {
if (socketOptions != null && socketOptions.containsKey("verifyHostName")) {
verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString());
socketOptions.remove("verifyHostName");
} else {
verifyHostName = true;
}
}
if (verifyHostName) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLSocket)this.socket).setSSLParameters(sslParams);
}
super.initialiseSocket(sock);
}
/**
* Initialize from a ServerSocket. No access to needClientAuth is given
* since it is already set within the provided socket.
@ -108,6 +144,10 @@ public class SslTransport extends TcpTransport {
super.doConsume(command);
}
public void setVerifyHostName(Boolean verifyHostName) {
this.verifyHostName = verifyHostName;
}
/**
* @return peer certificate chain associated with the ssl socket
*/

View File

@ -100,6 +100,7 @@ public class SslTransportServer extends TcpTransportServer {
*
* @throws IOException passed up from TcpTransportServer.
*/
@Override
public void bind() throws IOException {
super.bind();
if (needClientAuth) {
@ -119,6 +120,7 @@ public class SslTransportServer extends TcpTransportServer {
* @return The newly return (SSL) Transport.
* @throws IOException
*/
@Override
protected Transport createTransport(Socket socket, WireFormat format) throws IOException {
return new SslTransport(format, (SSLSocket)socket);
}

View File

@ -133,7 +133,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
protected final AtomicReference<CountDownLatch> stoppedLatch = new AtomicReference<CountDownLatch>();
protected volatile int receiveCounter;
private Map<String, Object> socketOptions;
protected Map<String, Object> socketOptions;
private int soLinger = Integer.MIN_VALUE;
private Boolean keepAlive;
private Boolean tcpNoDelay;
@ -751,6 +751,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S
return true;
}
@Override
public WireFormat getWireFormat() {
return wireFormat;
}

View File

@ -40,6 +40,7 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import org.apache.activemq.Service;
@ -79,6 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
protected int minmumWireFormatVersion;
protected boolean useQueueForAccept = true;
protected boolean allowLinkStealing;
protected boolean verifyHostName = true;
/**
* trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer
@ -172,6 +174,16 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
// see: https://issues.apache.org/jira/browse/AMQ-4582
//
if (socket instanceof SSLServerSocket) {
if (transportOptions.containsKey("verifyHostName")) {
verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString());
}
if (verifyHostName) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams);
}
if (transportOptions.containsKey("enabledCipherSuites")) {
Object cipherSuites = transportOptions.remove("enabledCipherSuites");
@ -180,6 +192,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements
"Invalid transport options {enabledCipherSuites=%s}", cipherSuites));
}
}
}
//AMQ-6599 - don't strip out set properties on the socket as we need to set them

View File

@ -55,7 +55,7 @@ public class MQTTAutoSslAuthTest extends MQTTTestSupport {
*/
public MQTTAutoSslAuthTest(String protocol) {
this.protocol = protocol;
protocolConfig = "transport.needClientAuth=true";
protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&";
}
@Override

View File

@ -54,13 +54,13 @@ public class StompSslAuthTest extends StompTest {
@Override
public void addOpenWireConnector() throws Exception {
TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?needClientAuth=true");
cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString());
TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false");
cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false");
}
@Override
protected String getAdditionalConfig() {
return "?needClientAuth=true";
return "?needClientAuth=true&transport.verifyHostName=false";
}
// NOOP - These operations handled by jaas cert login module

View File

@ -102,7 +102,7 @@ public class StompAutoSslAuthTest extends StompTestSupport {
@Override
protected String getAdditionalConfig() {
return "?transport.needClientAuth=true";
return "?transport.needClientAuth=true&transport.verifyHostName=false";
}
@Override

View File

@ -121,7 +121,7 @@ public class AMQ4126Test {
public void openwireConnectTo(String connectorName, String username, String password) throws Exception {
URI brokerURI = broker.getConnectorByName(connectorName).getConnectUri();
String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort();
String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort() + "?socket.verifyHostName=false";
ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory(uri);
cf.setTrustStore("org/apache/activemq/security/broker1.ks");
cf.setTrustStorePassword("password");

View File

@ -71,7 +71,7 @@ public class AMQ6599Test {
brokerService.setPersistent(false);
TransportConnector connector = brokerService.addConnector(protocol +
"://localhost:0?transport.soTimeout=3500");
"://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false");
connector.setName("connector");
uri = connector.getPublishableConnectString();

View File

@ -47,14 +47,14 @@ public class NetworkReconnectSslNioTest {
remote.setSslContext(sslContext);
remote.setUseJmx(false);
remote.setPersistent(false);
final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0");
final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false");
remote.start();
BrokerService local = new BrokerService();
local.setSslContext(sslContext);
local.setUseJmx(false);
local.setPersistent(false);
final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + ")?useExponentialBackOff=false&initialReconnectDelay=10");
final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + "?socket.verifyHostName=false" + ")?useExponentialBackOff=false&initialReconnectDelay=10");
local.start();
assertTrue("Bridge created", Wait.waitFor(new Wait.Condition() {

View File

@ -75,7 +75,7 @@ public class AutoSslAuthTest {
BrokerService brokerService = new BrokerService();
brokerService.setPersistent(false);
TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true");
TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
connector.setName("auto");
uri = connector.getPublishableConnectString();
@ -126,7 +126,7 @@ public class AutoSslAuthTest {
@Test(timeout = 60000)
public void testConnect() throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory();
factory.setBrokerURL(uri);
factory.setBrokerURL(uri + "?socket.verifyHostName=false");
//Create 5 connections to make sure all are properly set
for (int i = 0; i < 5; i++) {

View File

@ -103,8 +103,14 @@ public class AutoTransportConnectionsTest {
}
public void configureConnectorAndStart(String bindAddress) throws Exception {
if (bindAddress.contains("ssl")) {
bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false";
}
connector = service.addConnector(bindAddress);
connectionUri = connector.getPublishableConnectString();
if (connectionUri.contains("ssl")) {
connectionUri += connectionUri.contains("?") ? "&socket.verifyHostName=false" : "?socket.verifyHostName=false";
}
service.start();
service.waitUntilStarted();
}

View File

@ -17,14 +17,14 @@
package org.apache.activemq.transport.nio;
import javax.jms.Connection;
import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageConsumer;
import javax.jms.MessageProducer;
import javax.jms.Queue;
import javax.jms.Session;
import javax.jms.TextMessage;
import junit.framework.TestCase;
import javax.net.ssl.SSLHandshakeException;
import org.apache.activemq.ActiveMQConnectionFactory;
import org.apache.activemq.broker.BrokerService;
@ -33,6 +33,8 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import junit.framework.TestCase;
public class NIOSSLBasicTest {
public static final String KEYSTORE_TYPE = "jks";
@ -78,25 +80,40 @@ public class NIOSSLBasicTest {
@Test
public void basicConnector() throws Exception {
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledCipherSuites() throws Exception {
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
@Test
public void enabledProtocols() throws Exception {
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false");
stopBroker(broker);
}
//Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name
@Test(expected = Exception.class)
public void verifyHostNameError() throws Exception {
BrokerService broker = null;
try {
broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true");
basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort());
} finally {
if (broker != null) {
stopBroker(broker);
}
}
}
public void basicSendReceive(String uri) throws Exception {
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri);
Connection connection = factory.createConnection();

View File

@ -74,7 +74,7 @@ public class NIOSSLLoadTest {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA");
connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256");
broker.start();
broker.waitUntilStarted();
@ -113,6 +113,7 @@ public class NIOSSLLoadTest {
}
Wait.waitFor(new Wait.Condition() {
@Override
public boolean isSatisified() throws Exception {
return getReceived() == PRODUCER_COUNT * MESSAGE_COUNT;
}

View File

@ -30,11 +30,11 @@ import javax.jms.Session;
@SuppressWarnings("javadoc")
public class NIOSSLWindowSizeTest extends TestCase {
BrokerService broker;
Connection connection;
Session session;
public static final String KEYSTORE_TYPE = "jks";
public static final String PASSWORD = "password";
public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore";
@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase {
public static final int MESSAGE_SIZE = 65536;
byte[] messageData;
@Override
protected void setUp() throws Exception {
System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE);
@ -59,19 +59,19 @@ public class NIOSSLWindowSizeTest extends TestCase {
broker = new BrokerService();
broker.setPersistent(false);
broker.setUseJmx(false);
TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true");
TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false");
broker.start();
broker.waitUntilStarted();
messageData = new byte[MESSAGE_SIZE];
for (int i = 0; i < MESSAGE_SIZE; i++)
{
messageData[i] = (byte) (i & 0xff);
}
ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort());
connection = factory.createConnection();
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
connection.start();
}
@ -100,14 +100,14 @@ public class NIOSSLWindowSizeTest extends TestCase {
prod.send(msg);
} finally {
prod.close();
}
}
MessageConsumer cons = null;
try
try
{
cons = session.createConsumer(dest);
assertNotNull(cons.receive(30000L));
} finally {
cons.close();
}
}
}
}

View File

@ -33,10 +33,12 @@ public class SslTransportFactoryTest extends TestCase {
private SslTransportFactory factory;
private boolean verbose;
@Override
protected void setUp() throws Exception {
factory = new SslTransportFactory();
}
@Override
protected void tearDown() throws Exception {
super.tearDown();
}
@ -96,6 +98,12 @@ public class SslTransportFactoryTest extends TestCase {
// -1 since the option range is [-1,1], not [0,2].
optionSettings[j] = getMthNaryDigit(i, j, 3) - 1;
//We now always set options to a default we default verifyHostName to true
//so we setSSLParameters so make the not set value = 0
if (optionSettings[j] == -1) {
optionSettings[j] = 0;
}
if (optionSettings[j] != -1) {
options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false");
}

View File

@ -36,12 +36,12 @@
</sslContext>
<transportConnectors>
<transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true" />
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true" />
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
</transportConnectors>
</broker>

View File

@ -36,10 +36,10 @@
</sslContext>
<transportConnectors>
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" />
<transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
<transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&amp;transport.verifyHostName=false" />
</transportConnectors>
</broker>

View File

@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
<transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;transport.needClientAuth=true"/>
<transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;transport.needClientAuth=true&amp;transport.verifyHostName=false"/>
</transportConnectors>
</broker>
</beans>

View File

@ -171,7 +171,7 @@
</systemUsage>
<transportConnectors>
<transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;transport.needClientAuth=true"/>
<transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;transport.needClientAuth=true&amp;transport.verifyHostName=false"/>
</transportConnectors>
</broker>
</beans>