qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Question about C++ broker, C++ client, and SSL encryption
Date Fri, 14 Aug 2009 16:05:14 GMT
Cullen Davis wrote:
> I followed your lead and modified the tests to pass a protocol into the Connection::open.
 When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed
with an "Unknown Protocol" error.   I was using "ssl" as the target protocol. 
> 
> Any additional thoughts?

You need to have QPID_LOAD_MODULE=./src/.libs/sslconnector.so (or have 
the ssl client plugin in the standard location for clients).

> 
> Cullen J. Davis
> CommIT Enterprises, Inc.
> 
> ________________________________________
> From: Gordon Sim [gsim@redhat.com]
> Sent: Friday, August 14, 2009 3:34 AM
> To: users@qpid.apache.org
> Subject: Re: Question about C++ broker, C++ client, and SSL encryption
> 
> Cullen Davis wrote:
>> I have two questions regarding SSL and the C++ broker / C++ client running qpidd
(qpidc) version 0.5 from a trunk build.
>>
>> 1) Start c++ qpid broker as follows
>>    qpidd --log-enable debug:ssl --log-source yes \
>>       --log-function yes \
>>       --auth no \
>>       --load-module src/.libs/ssl.so \
>>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>>       --ssl-cert-name commit.CjD \
>>       --ssl-require-client-authentication \
>>       --require-encryption
>>
>> 2) Run the c++ direct example on port 5672
>>    ./examples/direct/declare_queues localhost 5672
>>    ./examples/direct/direct_producer localhost 5672
>>    ./examples/direct/listener localhost 5672
>> The queue is created, populated, and read with no problems.
>>
>> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>>    ./examples/direct/declare_queues localhost 5671
>>
>> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues
terminates, the broker outputs:
>> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&):
DISCONNECTED [127.0.0.1:57801]
>>
>>
>> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module
src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.
> 
> That is because the of the auth=no option, this is a known issue and
> should be fixed in the next release.
> 
> https://issues.apache.org/jira/browse/QPID-1899
> 
>> Question 2 - What is the declare_queue code from #3 blocking on?
> 
> To use ssl in the client you have to select 'ssl' as the protocol. The
> examples don't currently allow you to do that at present. However if you
> make the following modifications then you can specify 'ssl' after host
> and port and it should work:
> 
> Index: examples/direct/declare_queues.cpp
> ===================================================================
> --- examples/direct/declare_queues.cpp  (revision 797423)
> +++ examples/direct/declare_queues.cpp  (working copy)
> @@ -53,12 +53,14 @@
> 
> 
>   int main(int argc, char** argv) {
> -    const char* host = argc>1 ? argv[1] : "127.0.0.1";
> -    int port = argc>2 ? atoi(argv[2]) : 5672;
> +    ConnectionSettings settings;
> +    if (argc>1) settings.host = argv[1];
> +    if (argc>2) settings.port = atoi(argv[2]);
> +    if (argc>3) settings.protocol = argv[3];
>       Connection connection;
> 
>       try {
> -      connection.open(host, port);
> +      connection.open(settings);
>         Session session =  connection.newSession();
> 
> The same change would be required on the other example programs. We
> should get this changed for the next release also. I've raised a Jira to
> track it:
> 
> https://issues.apache.org/jira/browse/QPID-2049
> 
> 
> 
> 
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
> 
> 
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
> 


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message