SSL federation in qpid broker doesn't work when used with hostname rather than IP

Solution Verified - Updated -

Issue

  • SSL federation doesn't work when used with hostname rather than IP.

  • SSL federation using a hardcoded IP address instead of hostname because:

    • It doesn't fit the nss library model (used everywhere else) where certificate wildcard should match hostname and validate via DNS.
    • Secondly, DNS is important as it allows us to move & replace boxes without touching the connected brokers. This is important to reduce failures and time to deploy. Without this everything would have to have an ip based VIP.

  • There is a patch SslSocket.patch available in upstream JIRA. Could this be included in MRG?

Environment

  • Red Hat Enterprise MRG Messaging 2.*
    • qpid-cpp package version 0.18-* or older

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content