使用Php Stomp的Active Directory与SSL一起出现问题
[英]Trouble with ActiveMq with Ssl using Php Stomp
问题描述
I'm having problems connecting a Php client app to an Ssl enabled ActiveMq installation. 
我在将Php客户端应用程序连接到启用了Ssl的ActiveMq安装时遇到问题。 I've looked at many sources and am getting more confused as I go. 我查看了许多资料,并且在我前进时变得越来越困惑。
My setup so far uses authentication via users/groups.properties and authorizationPlugin. 到目前为止,我的设置使用通过users / groups.properties和authorizationPlugin进行身份验证。 This works fine on regular connections 在常规连接上工作正常
For ActiveMq Ssl I followed a few articles and created the Jks store and certs and also configured with the following 对于ActiveMq Ssl,我关注了几篇文章,并创建了Jks存储和证书,并配置了以下内容
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/server.ks"
keyStorePassword="$STORE_PASS"
trustStore="file:${activemq.base}/conf/server.ts"
trustStorePassword="$STORE_PASS" />
</sslContext>
<transportConnector
name="stomp+ssl" uri="stomp+ssl://0.0.0.0:61617?needClientAuth=true"/>
I also tried the ACTIVEMQ_SSL_OPTS approach. 我还尝试了ACTIVEMQ_SSL_OPTS方法。 Both load fine when starting the server. 启动服务器时,两者均加载正常。 Logs show Sll connector started. 日志显示Sll连接器已启动。 I also checked the php cli to make sure Sll is enabled on stomp installation 我还检查了php cli以确保在stomp安装中启用了Sll
The problem I'm having is with the Php stomp client. 我遇到的问题是Php踩踏客户端。 First, these are the articles I read. 首先,这些是我阅读的文章。
http://activemq.apache.org/how-do-i-use-ssl.html http://activemq.apache.org/how-do-i-use-ssl.html
http://php.net/manual/en/stomp.construct.php http://php.net/manual/en/stomp.construct.php
https://github.com/stomp-php/stomp-php/wiki/Connectivity https://github.com/stomp-php/stomp-php/wiki/Connectivity
From my understanding, there are two php stomp libs based on the documentation I can't figure out how to set all this up. 据我了解,有两个基于文档的php stomp库,我不知道如何设置所有这些。 The php site docs simply give an example of using the constructor with ssl protocol php站点文档仅给出了将构造函数与ssl协议结合使用的示例
$link = stomp_connect('ssl://localhost:61612', $user, $pass, $headers);
This doesn't work, I get a null cert error in the logs. 这不起作用,我在日志中得到一个空证书错误。
The other article that uses FuseSource stomp has options for including a client cert when establishing a connection but after getting further into the article it looks like it's just to authenticate via Sll cert and not with a user/pass. 另一篇使用FuseSource stomp的文章提供了在建立连接时包括客户端证书的选项,但深入该文章后,似乎只是通过Sll证书而不是用户/密码进行身份验证。
https://github.com/rethab/php-stomp-cert-example/blob/master/README.md https://github.com/rethab/php-stomp-cert-example/blob/master/README.md
So I went back to the previous stomp installation thinking there's a way to pass the client cert files but there doesn't seem to be an interface for it and no docs on the headers param which I'm assuming is not how to go about this. 因此,我回到了以前的stomp安装,以为有一种方法可以传递客户端证书文件,但是似乎没有接口,并且我假设标头param上没有任何文档,该怎么办? 。
Can someone shed some light on were in this complex mess I went wrong. 有人可以向我弄错的那一堆复杂的混乱情况有所启发。
1 个解决方案
解决方案1
1 2019-09-03 08:35:32
I don't know if you're still interested, but just in case someone stumbles upon this question hoping for an answer. 我不知道您是否仍然感兴趣,但是以防万一有人偶然发现了这个问题,希望得到答案。
We're using https://github.com/stomp-php/stomp-php/ for our Stomp connection and this is roughly how we create the client: 我们将https://github.com/stomp-php/stomp-php/用于我们的Stomp连接,这大致就是我们创建客户端的方式:
function createClient($broker_url, $login, $password) {
$client = new \Stomp\Client($broker_url);
$sslContext = [
'ssl' => [
'cafile' => '/path/to/cert',
'verify_peer' => true,
'verify_peer_name' => false,
'ciphers' => 'HIGH',
],
];
$client->getConnection()->setContext($sslContext);
$client->setLogin($login, $password);
$client->connect();
return new \Stomp\StatefulStomp($client);
}
$broker_url should be in the format ssl://host:port . $ broker_url的格式应为ssl://host:port 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.