Technically I updated it in both, I created ARTEMIS-3421 and made the change against it so its in the next release notes, and also mentioned ARTEMIS-3367 so it can also be seen by anyone happening across the original change via there.
I tweaked the default doc and clarified what the setting does a bit. I think perhaps Justin was thinking something more explicit about what a failure on mismatch means and what can be done. Robbie On Mon, 23 Aug 2021 at 08:01, Dondorp, Erwin <erwin.dond...@cgi.com> wrote: > > Justin, > > You just saved me a lot of time, thx! > > FYI, I see that Robbie updated the documentation on 18-aug, but in > ARTEMIS-3421. > > e. > > -----Oorspronkelijk bericht----- > Van: Justin Bertram <jbert...@apache.org> > Verzonden: maandag 23 augustus 2021 03:51 > Aan: users@activemq.apache.org > Onderwerp: Re: SSL error as of artemis 2.18.0 > > > EXTERNAL SENDER: Do not click any links or open any attachments unless you > trust the sender and know the content is safe. > EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce > jointe à moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez > l'assurance que le contenu provient d'une source sûre. > > The change in question is from ARTEMIS-3367 [1]. Since the hostname defined > in the SSL cert on your broker can't be verified then you should either get a > new cert for your broker for which the hostname *can* be verified or set > verifyHost=false on the connector for the cluster-connection. > > I'll make this more clear in the relevant documentation [1]. > > > Justin > > [1] > https://urldefense.com/v3/__https://issues.apache.org/jira/browse/ARTEMIS-3367__;!!AaIhyw!9jkvRaZw1t4ba7OJzuo06w1EHZjmVsuMXrIaZq_LM9dWoqg252BBlmBkKP1fenty$ > [2] > https://urldefense.com/v3/__https://activemq.apache.org/components/artemis/documentation/latest/versions.html__;!!AaIhyw!9jkvRaZw1t4ba7OJzuo06w1EHZjmVsuMXrIaZq_LM9dWoqg252BBlmBkKCNafbTO$ > > On Sun, Aug 22, 2021 at 8:09 PM Dondorp, Erwin <erwin.dond...@cgi.com> > wrote: > > > Hello! > > > > Since Artemis 2.18.0, the broker-broker connections (for clustering) > > refuse to connect due to "Caused by: > > java.security.cert.CertificateException: No name matching [hostname] > > found". I did not try any client connections yet, so these might just > > have the same problem. > > My setup is the simplest possible SSL with self-signed certificates > > since it is a development system. > > While looking through the release notes (and zooming in on some of the > > Jira issues), I did not quickly spot a change that would cause this. > > I did not have this problem when using the snapshot versions of > > 2.18.0, but the last version I actually checked was > > apache-artemis-2.18.0-20210730.150450-205-bin.tar.gz. > > So the question is: what was actually changed? (or is broken? can't > > believe that). > > > > thx, > > Erwin > >
