qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cullen Davis <cullen.da...@commitent.com>
Subject RE: Question about C++ broker, C++ client, and SSL encryption
Date Fri, 14 Aug 2009 15:46:24 GMT
I followed your lead and modified the tests to pass a protocol into the Connection::open. 
When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed
with an "Unknown Protocol" error.   I was using "ssl" as the target protocol. 

Any additional thoughts?

Cullen J. Davis
CommIT Enterprises, Inc.

________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Friday, August 14, 2009 3:34 AM
To: users@qpid.apache.org
Subject: Re: Question about C++ broker, C++ client, and SSL encryption

Cullen Davis wrote:
> I have two questions regarding SSL and the C++ broker / C++ client running qpidd (qpidc)
version 0.5 from a trunk build.
>
> 1) Start c++ qpid broker as follows
>    qpidd --log-enable debug:ssl --log-source yes \
>       --log-function yes \
>       --auth no \
>       --load-module src/.libs/ssl.so \
>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>       --ssl-cert-name commit.CjD \
>       --ssl-require-client-authentication \
>       --require-encryption
>
> 2) Run the c++ direct example on port 5672
>    ./examples/direct/declare_queues localhost 5672
>    ./examples/direct/direct_producer localhost 5672
>    ./examples/direct/listener localhost 5672
> The queue is created, populated, and read with no problems.
>
> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>    ./examples/direct/declare_queues localhost 5671
>
> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues
terminates, the broker outputs:
> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&):
DISCONNECTED [127.0.0.1:57801]
>
>
> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module
src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.

That is because the of the auth=no option, this is a known issue and
should be fixed in the next release.

https://issues.apache.org/jira/browse/QPID-1899

> Question 2 - What is the declare_queue code from #3 blocking on?

To use ssl in the client you have to select 'ssl' as the protocol. The
examples don't currently allow you to do that at present. However if you
make the following modifications then you can specify 'ssl' after host
and port and it should work:

Index: examples/direct/declare_queues.cpp
===================================================================
--- examples/direct/declare_queues.cpp  (revision 797423)
+++ examples/direct/declare_queues.cpp  (working copy)
@@ -53,12 +53,14 @@


  int main(int argc, char** argv) {
-    const char* host = argc>1 ? argv[1] : "127.0.0.1";
-    int port = argc>2 ? atoi(argv[2]) : 5672;
+    ConnectionSettings settings;
+    if (argc>1) settings.host = argv[1];
+    if (argc>2) settings.port = atoi(argv[2]);
+    if (argc>3) settings.protocol = argv[3];
      Connection connection;

      try {
-      connection.open(host, port);
+      connection.open(settings);
        Session session =  connection.newSession();

The same change would be required on the other example programs. We
should get this changed for the next release also. I've raised a Jira to
track it:

https://issues.apache.org/jira/browse/QPID-2049




---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message