Re-enable DNS round robin

[ogolberg]

Proposed Changes

This change reenables DNS round robin (#138) which was disabled because it was deemed incompatible with TLS hostname verification (#394).

To make DNS round robin work with hostname verification, this change subclasses Address to hold an InetAddress. The InetSocketAddress is then constructed from the InetAddress instead of the raw address.

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

• Bugfix (non-breaking change which fixes issue #NNNN)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation (correction or otherwise)
• Cosmetics (whitespace, appearance)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating
the PR. If you're unsure about any of them, don't hesitate to ask on the
mailing list. We're here to help! This is simply a reminder of what we are
going to look for before merging your code.

• I have read the CONTRIBUTING.md document
• I have signed the CA (see https://cla.pivotal.io/sign/rabbitmq)
• All tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)
• Any dependent changes have been merged and published in related repositories

[michaelklishin]

@acogoluegnes I think we can ship this in a minor release. Thoughts?

[acogoluegnes]

@michaelklishin Yes, it could go into 5.16.0.

@ogolberg Thanks for the contribution, it does not break anything as far as I can tell. Could you please provide the change for the NIO mode for consistency's sake? It happens in the corresponding FrameHandlerFactory? Thanks.

[ogolberg]

@acogoluegnes see https://github.com/rabbitmq/rabbitmq-java-client/pull/827/files#diff-5c2be42f8e857d6c231f610e8612934fde729d7f240838f90a284cdc78550fd9R88

[acogoluegnes]

@acogoluegnes see https://github.com/rabbitmq/rabbitmq-java-client/pull/827/files#diff-5c2be42f8e857d6c231f610e8612934fde729d7f240838f90a284cdc78550fd9R88

Sorry, I missed this one. There's still this line to create the SSL engine, I honestly don't know if it matters WRT hostname verification but if I follow the code correctly the original hostname should be used there anywhere, so it should be OK. @ogolberg @michaelklishin Any thoughts?

[ogolberg]

ResolvedInetAddress calls super(inetAddress.getHostName()..., so this will pass a resolved IP into createSslEngine

I am not sure if it matters for hostname validation, but from looking at the source of the SSLEngineImpl constructor, there may be some SNI implications; for reference:

    /**
     * Constructor for an SSLEngine from SSLContext.
     */
    SSLEngineImpl(SSLContextImpl sslContext,
            String host, int port) {
        super(host, port);
        this.sslContext = sslContext;
        HandshakeHash handshakeHash = new HandshakeHash();
        this.conContext = new TransportContext(sslContext, this,
                new SSLEngineInputRecord(handshakeHash),
                new SSLEngineOutputRecord(handshakeHash));

        // Server name indication is a connection scope extension.
        if (host != null) {
            this.conContext.sslConfig.serverNames =
                    Utilities.addToSNIServerNameList(
                            conContext.sslConfig.serverNames, host);
        }
    }

let me make a change to revert that behavior and pass the original hostname into createSslEngine

[acogoluegnes]

Thanks!

This will go into 5.16.0, we'll release an RC in September.