qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cullen Davis <cullen.da...@commitent.com>
Subject RE: SSL with C++ client returns "Unknown protocol: ssl"
Date Mon, 24 Aug 2009 19:47:37 GMT
I have not been able to get the SSL client connector to be loaded for the direct examples.
 

Per Gordon's instructions, I modified the  direct/declare_queues.cpp example to add use a
ConnectionSetting object when opening a Connection.  I set the ConnectionSetting.protocol
property to "ssl".  

1) I start broker as detailed in step 1 of previous post.
2) I set and export QPID_SSL_CERT_DB
3) I set and export QPID_LOAD_MODULE (set ..../src/.libs/sslconnector.so - I used a fully
qualified path)
4) I Execute the c++ example from the direct use cases: 
    $ examples/declare_queues 127.0.0.1 5671 ssl
   The program errors with "Unknown protocol: ssl (qpid/client/Connector.cpp:66)"

Obviously I am not getting the client to run with the SSL connector .  I thought setting the
QPID_LOAD_MODULE would make that happen.  Any thoughts as to why I am not getting the sslconnector.so
library to load?  I am running all tests on a straight install of Fedora 10 with the latest
(807298) trunk code. 
 
Cullen J. Davis
CommIT
________________________________________
From: Gordon Sim [gsim@redhat.com]
Sent: Friday, August 14, 2009 12:05 PM
To: users@qpid.apache.org
Subject: Re: Question about C++ broker, C++ client, and SSL encryption

Cullen Davis wrote:
> I followed your lead and modified the tests to pass a protocol into the Connection::open.
 When the ConnectionImpl object was instantiated, the ProtocolRegistry().find(proto) failed
with an "Unknown Protocol" error.   I was using "ssl" as the target protocol.
>
> Any additional thoughts?

You need to have QPID_LOAD_MODULE=./src/.libs/sslconnector.so (or have
the ssl client plugin in the standard location for clients).

>
> Cullen J. Davis
> CommIT Enterprises, Inc.
>
> ________________________________________
> From: Gordon Sim [gsim@redhat.com]
> Sent: Friday, August 14, 2009 3:34 AM
> To: users@qpid.apache.org
> Subject: Re: Question about C++ broker, C++ client, and SSL encryption
>
> Cullen Davis wrote:
>> I have two questions regarding SSL and the C++ broker / C++ client running qpidd
(qpidc) version 0.5 from a trunk build.
>>
>> 1) Start c++ qpid broker as follows
>>    qpidd --log-enable debug:ssl --log-source yes \
>>       --log-function yes \
>>       --auth no \
>>       --load-module src/.libs/ssl.so \
>>       --ssl-cert-db /etc/pki/tls/qpid/test_cert_db
>>       --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \
>>       --ssl-cert-name commit.CjD \
>>       --ssl-require-client-authentication \
>>       --require-encryption
>>
>> 2) Run the c++ direct example on port 5672
>>    ./examples/direct/declare_queues localhost 5672
>>    ./examples/direct/direct_producer localhost 5672
>>    ./examples/direct/listener localhost 5672
>> The queue is created, populated, and read with no problems.
>>
>> 3) Run the c++ direct example on port 5671 (first set-up env variables)
>>    QPID_LOAD_MODULE=./src/.libs/sslconnector.so
>>    QPID_SSL_CERT_DB=/etc/pki/tls/qpid/test_cert_db
>>    ./examples/direct/declare_queues localhost 5671
>>
>> At this point, the declare_queues example hangs until CTRL C is pressed.  When declare_queues
terminates, the broker outputs:
>> debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eof(qpid::sys::ssl::SslIO&):
DISCONNECTED [127.0.0.1:57801]
>>
>>
>> Question 1 - Why did the examples on port 5672 (#2) succeed?  I thought --load-module
src/.libs/ssl.so and --require-encryption would cause the connection to be rejected.
>
> That is because the of the auth=no option, this is a known issue and
> should be fixed in the next release.
>
> https://issues.apache.org/jira/browse/QPID-1899
>
>> Question 2 - What is the declare_queue code from #3 blocking on?
>
> To use ssl in the client you have to select 'ssl' as the protocol. The
> examples don't currently allow you to do that at present. However if you
> make the following modifications then you can specify 'ssl' after host
> and port and it should work:
>
> Index: examples/direct/declare_queues.cpp
> ===================================================================
> --- examples/direct/declare_queues.cpp  (revision 797423)
> +++ examples/direct/declare_queues.cpp  (working copy)
> @@ -53,12 +53,14 @@
>
>
>   int main(int argc, char** argv) {
> -    const char* host = argc>1 ? argv[1] : "127.0.0.1";
> -    int port = argc>2 ? atoi(argv[2]) : 5672;
> +    ConnectionSettings settings;
> +    if (argc>1) settings.host = argv[1];
> +    if (argc>2) settings.port = atoi(argv[2]);
> +    if (argc>3) settings.protocol = argv[3];
>       Connection connection;
>
>       try {
> -      connection.open(host, port);
> +      connection.open(settings);
>         Session session =  connection.newSession();
>
> The same change would be required on the other example programs. We
> should get this changed for the next release also. I've raised a Jira to
> track it:
>
> https://issues.apache.org/jira/browse/QPID-2049
>
>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project:      http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message