SSL federation in qpid broker doesn't work when used with hostname rather than IP
Issue
- SSL federation doesn't work when used with hostname rather than IP.
-
SSL federation using a hardcoded IP address instead of hostname because:
- It doesn't fit the nss library model (used everywhere else) where certificate wildcard should match hostname and validate via DNS.
- Secondly, DNS is important as it allows us to move & replace boxes without touching the connected brokers. This is important to reduce failures and time to deploy. Without this everything would have to have an ip based VIP.
-
There is a patch SslSocket.patch available in upstream JIRA. Could this be included in MRG?
Environment
- Red Hat Enterprise MRG Messaging 2.*
- qpid-cpp package version 0.18-* or older
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.