Details
-
Bug
-
Status: Open
-
Blocker
-
Resolution: Unresolved
-
5.16.6, 5.17.5, 5.18.2
-
None
-
None
Description
In ActiveMQ 5.15.15, the following networkConnector URI works for connecting to an ActiveMQ broker over IPv6:
<networkConnector name="amq-broker" uri="static:(failover:(ssl://[fd00::15]:61617?verifyHostName=false)?initialReconnectDelay=100&randomize=false)"/>
However, in ActiveMQ 5.16, 5.17, and 5.18, this will fail with the following error (warning):
2023-07-17 12:52:30,825 | WARN | Failed to connect to [ssl://[fd00::15]:61617?verifyHostName=false] after: 1 attempt(s) with Contains non-LDH ASCII characters, continuing to retry. | org.apache.activemq.transport.failover.FailoverTransport | ActiveMQ Failover Worker: 1448780972
The problem is caused by this new code in the org.apache.activemq.transport.tcp.SslTransport.java class:
// Lets try to configure the SSL SNI field. Handy in case your using
// a single proxy to route to different messaging apps.
final SSLParameters sslParams = new SSLParameters();
if (remoteLocation != null) {
sslParams.setServerNames(Collections.singletonList(new SNIHostName(remoteLocation.getHost())));
{{ }}}
The remoteLocation.getHost() will return "[fd00::15]", which causes the exception in the SNIHostName constructor. It seems that the above condition should be:
if ((remoteLocation != null) && verifyHostName) {
sslParams.setServerNames(Collections.singletonList(new SNIHostName(remoteLocation.getHost())));
{{ }}}
Because the SNIHostName only makes sense in the context of verifying the hostname of the server certificate.