Qpid
  1. Qpid
  2. QPID-4858

[Java Broker] HTTP management ports configured with 'HTTP' protocol and 'SSL' transport options will silently fail to use SSL

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 0.21
    • Fix Version/s: 0.22
    • Component/s: Java Broker
    • Labels:
      None

      Description

      HTTP management ports configured with 'HTTP' protocol and 'SSL' transport options will silently fail to use SSL at all.

      Since the changes made in the 0.21/0.22 development cycle for QPID-4390 and related JIRAs to enable management of the broker entirely through the HTTP management interfaces, it has become possible to configure HTTP management ports in a way that suggests SSL is in use when it is in fact not.

      Fix:
      Remove the HTTPS protocol option leaving only HTTP, and making all ports consistent in using the SSL transport value to indicate their use of SSL.

      Additional Background:

      When the HTTP management plugin was added previously, it advertised HTTPS and HTTP as different protocol options, despite us using the transport option (TCP or SSL) alone to signal use of SSL for all other protocol types (AMQP and JMX/RMI). The influence over whether SSL was used for the port or not was simply a boolean in the brokers XML configuration file to indicate HTTPS. With the configuration model changes from QPID-4390 etc, ports now have a more specific configuration that is dependent on both the specified protocols and transports to determine what to do but the HTTP management plugin is still only using HTTPS protocol value to indicate that it should use SSL and is ignoring the SSL transport value, however the REST interface and management UI allow this configuration and do not make it in any way clear that SSL is in fact not being used.

        Activity

        Hide
        Alex Rudyy added a comment -

        Fix is committed into trunk under revision: http://svn.apache.org/r1483866

        Show
        Alex Rudyy added a comment - Fix is committed into trunk under revision: http://svn.apache.org/r1483866
        Hide
        Robbie Gemmell added a comment -

        I worked on the change along with Alex, it looks good to me.

        Show
        Robbie Gemmell added a comment - I worked on the change along with Alex, it looks good to me.
        Hide
        Robbie Gemmell added a comment -

        r1483866 merged to the 0.22 release branch via http://svn.apache.org/r1484433

        Show
        Robbie Gemmell added a comment - r1483866 merged to the 0.22 release branch via http://svn.apache.org/r1484433

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Robbie Gemmell
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development