SSL federation in qpid broker doesn't work when used with hostname rather than IP
Issue
- SSL federation doesn't work when used with hostname rather than IP.
-
SSL federation using a hardcoded IP address instead of hostname because:
- It doesn't fit the nss library model (used everywhere else) where certificate wildcard should match hostname and validate via DNS.
- Secondly, DNS is important as it allows us to move & replace boxes without touching the connected brokers. This is important to reduce failures and time to deploy. Without this everything would have to have an ip based VIP.
-
There is a patch SslSocket.patch available in upstream JIRA. Could this be included in MRG?
Environment
- Red Hat Enterprise MRG Messaging 2.*
- qpid-cpp package version 0.18-* or older
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
