Is In-VM SSL/TLS capable?

Wed, 10 Jul 2024 11:53:43 -0700 

Hello,

Does the Artemis In-VM acceptor and/or JMS client support passing SSL/TLS 
certificate credentials for use with queue security? I'm running Artemis 2.31.2 
with an embedded Camel client. I get the following warnings and errors in the 
log:

2024-07-10 15:31:15,458 WARN  [org.apache.activemq.artemis.core.server] 
AMQ222216: Security problem while authenticating: AMQ229031: Unable to validate 
user from invm:0. Username: null; SSL certificate subject DN: unavailable

2024-07-10 15:31:20,478 ERROR 
[org.apache.camel.component.jms.DefaultJmsMessageListenerContainer] Could not 
refresh JMS Connection for destination 'my.queue.name' - retrying using 
FixedBackOff{interval=5000, currentAttempts=0, maxAttempts=unlimited}. Cause: 
AMQ229031: Unable to validate user from invm:0. Username: null; SSL certificate 
subject DN: unavailable

This is the relevant configuration info:

>From broker.xml:

         <acceptor name="in-vm">
            vm://0
            sslEnabled=true;
            keyStorePath=${artemis.broker.keyStore.uri};
            keyStorePassword=${artemis.broker.keyStorePassword};
            trustStorePath=${artemis.broker.trustStore.uri};
            trustStorePassword=${artemis.broker.trustStorePassword};
            enabledProtocols=TLSv1.2;
            needClientAuth=true;
            supportAdvisory=false;
            suppressInternalManagementObjects=true
         </acceptor>

>From camelApplicationContext.xml:

   <bean id="jmsConnectionFactoryLocal"
         
class="org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory">
      <property name="brokerURL" 
value="vm://0?sslEnabled=true;keyStorePath=${camel.client.keyStore.uri};keyStorePassword=${camel.client.keyStorePassword};trustStorePath=${camel.client.trustStore.uri};trustStorePassword=${camel.client.trustStorePassword};enabledProtocols=TLSv1.2"/>
   </bean>

Everything works as expected using Netty/TCP acceptors and clients with SSL 
parameters.

It seems more appropriate to use an In-VM acceptor for embedded clients, 
especially for performance.

I found the following bug report- 
https://bugzilla.redhat.com/show_bug.cgi?id=1807980, which led me to this 
project's solution- https://github.com/candlepin/candlepin/pull/2680. Based on 
my limited understanding of what they did, it seems like Artemis does not 
support passing SSL/TLS certificate credentials using In-VM connectors but I 
want to make sure.

Thank you,
Aaron

Reply via email to