ActiveMQ CPP Common Name and Subject Alternate Names

Question

I'm getting the below issue from CMSException while calling createSession()

Server Certificate Name doesn't match the URI Host Name value. 

I'm using ssl://172.12.12.13:61617. The "Common Name" value is Machine0x and the IP address I used in the URI is listed in the SubjectAlternativeName list in the keystore:

Extensions:
#1: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  IPAddress: 172.12.12.13
]

Why isn't ActiveMQ checking the Subject Alternative Name value?

This similar question was asked but wasn't answered, and I don't have enough experience points to add a non answer comment so had to make a new post.

Answer 1

Also I got it to work by changing CN to the ip address so yeah it is indeed an issue with checking the SAN.

Answer 2

The ActiveMQ C++ client in unmaintained for years now and is likely not looking at the subject alternate name and only or not correctly matching the values. It's unlikely that anyone will fix this since the client is unmaintained. You might want to look into the Qpid Proton project and make use of one the the native AMQP client libraries there.

If you have Java clients using the ActiveMQ JMS client they can interact with AMQP, STOMP, or MQTT clients as the broker does do translation. See the broker documentation for more information on the wire formats and interop.