Skip to content

Commit e4a7a23

Browse files
jeanouiijeanouii
committed
fix(jmx): set java.rmi.server.hostname to prevent SSL handshake failure on multi-homed hosts
1 parent cd686e6 commit e4a7a23

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

activemq-broker/src/test/java/org/apache/activemq/broker/jmx/ManagementContextSslTest.java

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ public class ManagementContextSslTest {
6161
private SSLContext savedDefaultSslContext;
6262
private String savedTrustStore;
6363
private String savedTrustStorePassword;
64+
private String savedRmiHostname;
6465

6566
@BeforeClass
6667
public static void createKeyStore() throws Exception {
@@ -109,6 +110,7 @@ public void setUp() throws Exception {
109110
savedDefaultSslContext = SSLContext.getDefault();
110111
savedTrustStore = System.getProperty("javax.net.ssl.trustStore");
111112
savedTrustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
113+
savedRmiHostname = System.getProperty("java.rmi.server.hostname");
112114
}
113115

114116
@After
@@ -119,6 +121,7 @@ public void tearDown() throws Exception {
119121
SSLContext.setDefault(savedDefaultSslContext);
120122
restoreSystemProperty("javax.net.ssl.trustStore", savedTrustStore);
121123
restoreSystemProperty("javax.net.ssl.trustStorePassword", savedTrustStorePassword);
124+
restoreSystemProperty("java.rmi.server.hostname", savedRmiHostname);
122125
}
123126

124127
@Test
@@ -192,6 +195,9 @@ public void testConnectorStartsWithSsl() throws Exception {
192195
SSLContext.setDefault(testSslContext);
193196
System.setProperty("javax.net.ssl.trustStore", keystoreFile.toString());
194197
System.setProperty("javax.net.ssl.trustStorePassword", KEYSTORE_PASSWORD);
198+
// Force RMI stubs to advertise "localhost" so SSL hostname verification
199+
// matches the certificate SAN (dns:localhost) instead of the machine's IP.
200+
System.setProperty("java.rmi.server.hostname", "localhost");
195201

196202
context = createSslManagementContext();
197203
context.start();
@@ -211,6 +217,11 @@ public void testSslJmxConnectionSucceeds() throws Exception {
211217
SSLContext.setDefault(testSslContext);
212218
System.setProperty("javax.net.ssl.trustStore", keystoreFile.toString());
213219
System.setProperty("javax.net.ssl.trustStorePassword", KEYSTORE_PASSWORD);
220+
// Force RMI stubs to advertise "localhost" so SSL hostname verification
221+
// matches the certificate SAN (dns:localhost) instead of the machine's actual IP.
222+
// RMI normally embeds InetAddress.getLocalHost() in stubs; on a multi-homed
223+
// machine this can be an IP not covered by the test certificate.
224+
System.setProperty("java.rmi.server.hostname", "localhost");
214225

215226
context = createSslManagementContext();
216227
context.start();

0 commit comments

Comments
 (0)