Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-5008

Support for certificate revocation checking (with patch)

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 5.12.0
    • Connector
    • None
    • Patch Available

    Description

      Currently it's possible to require client authentication during SSL/TLS handshake by adding needClientAuth=true query string to the respective connector URI. But it is not possible to configure revocation checking of the certificate submitted by the client.

      The attached patch adds the capability by introducing a new attribute - crl - of the org.apache.activemq.spring.SpringSslContext class and updating the org.apache.activemq.spring.SpringSslContext.createTrustManagers() method to make use of the value specified for the attribute in the corresponding <sslContext /> tag as appropriate.

      The code is inspired by a similar code in jetty webserver: https://github.com/eclipse/jetty.project/blob/release-9/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L927-L965
      Please consider it for merging.

      Attachments

        1. CRL_checking.patch
          4 kB
          Michal Růžička

        Activity

          People

            dejanb Dejan Bosanac
            mruza Michal Růžička
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: