downstream federation with ssl does not use the given truststore

When using a downsteam federation, 2 connections are made:

• The first one uses the <static-connectors>/<connector-ref>. This one succeeds. The value is tcp://B:61617?sslEnabled=true;trustStorePath=filename-on-A;trustStorePassword=xyz.
• The second one must be made by the remote broker and uses the <upstream-connector-ref>. This one fails when using SSL. The url value is tcp://A:61617?sslEnabled=true;trustStorePath=filename-on-B;trustStorePassword=xyz. This one fails, as can be seen in the logs of B. it shows error "AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target".

we cannot use the default trust-stores, so we provide references to our own. these truststores and the other ssl configuration items properly work for cluster-connections, client-connections and upstream-federation-connections. we use self-signed certificates for development and test environments.

my theory is that the trustStorePath parameter is somehow ignored and the default truststore is then used (or none). this then causes validation of the certificate to fail as shown by the error message.