From users-return-1772-apmail-qpid-users-archive=qpid.apache.org@qpid.apache.org Fri Aug 14 15:46:48 2009 Return-Path: Delivered-To: apmail-qpid-users-archive@www.apache.org Received: (qmail 19558 invoked from network); 14 Aug 2009 15:46:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 14 Aug 2009 15:46:47 -0000 Received: (qmail 24306 invoked by uid 500); 14 Aug 2009 15:46:54 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 24289 invoked by uid 500); 14 Aug 2009 15:46:54 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 24279 invoked by uid 99); 14 Aug 2009 15:46:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Aug 2009 15:46:54 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [24.96.163.171] (HELO mailchs.commitent.com) (24.96.163.171) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Aug 2009 15:46:47 +0000 Received: from Commitchs1.commitent.com ([192.168.3.10]) by Commitchs1.commitent.com ([192.168.3.10]) with mapi; Fri, 14 Aug 2009 11:46:25 -0400 From: Cullen Davis To: "users@qpid.apache.org" Date: Fri, 14 Aug 2009 11:46:24 -0400 Subject: RE: Question about C++ broker, C++ client, and SSL encryption Thread-Topic: Question about C++ broker, C++ client, and SSL encryption Thread-Index: AcocsYrfJcd3poPBTJuVghnZIe9UaAAQ1Uok Message-ID: <951EAAA951E3AD4B82B5B30AA2A0AF2BC6DC41866F@Commitchs1.commitent.com> References: <951EAAA951E3AD4B82B5B30AA2A0AF2BC6DC41866C@Commitchs1.commitent.com>,<4A851397.9040803@redhat.com> In-Reply-To: <4A851397.9040803@redhat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org I followed your lead and modified the tests to pass a protocol into the Con= nection::open. When the ConnectionImpl object was instantiated, the Protoc= olRegistry().find(proto) failed with an "Unknown Protocol" error. I was u= sing "ssl" as the target protocol.=20 Any additional thoughts? Cullen J. Davis CommIT Enterprises, Inc. ________________________________________ From: Gordon Sim [gsim@redhat.com] Sent: Friday, August 14, 2009 3:34 AM To: users@qpid.apache.org Subject: Re: Question about C++ broker, C++ client, and SSL encryption Cullen Davis wrote: > I have two questions regarding SSL and the C++ broker / C++ client runnin= g qpidd (qpidc) version 0.5 from a trunk build. > > 1) Start c++ qpid broker as follows > qpidd --log-enable debug:ssl --log-source yes \ > --log-function yes \ > --auth no \ > --load-module src/.libs/ssl.so \ > --ssl-cert-db /etc/pki/tls/qpid/test_cert_db > --ssl-cert-password-file /etc/pki/tls/private/qpid_ssl.pass \ > --ssl-cert-name commit.CjD \ > --ssl-require-client-authentication \ > --require-encryption > > 2) Run the c++ direct example on port 5672 > ./examples/direct/declare_queues localhost 5672 > ./examples/direct/direct_producer localhost 5672 > ./examples/direct/listener localhost 5672 > The queue is created, populated, and read with no problems. > > 3) Run the c++ direct example on port 5671 (first set-up env variables) > QPID_LOAD_MODULE=3D./src/.libs/sslconnector.so > QPID_SSL_CERT_DB=3D/etc/pki/tls/qpid/test_cert_db > ./examples/direct/declare_queues localhost 5671 > > At this point, the declare_queues example hangs until CTRL C is pressed. = When declare_queues terminates, the broker outputs: > debug qpid/sys/ssl/SslHandler.cpp:143:void qpid::sys::ssl::SslHandler::eo= f(qpid::sys::ssl::SslIO&): DISCONNECTED [127.0.0.1:57801] > > > Question 1 - Why did the examples on port 5672 (#2) succeed? I thought -= -load-module src/.libs/ssl.so and --require-encryption would cause the conn= ection to be rejected. That is because the of the auth=3Dno option, this is a known issue and should be fixed in the next release. https://issues.apache.org/jira/browse/QPID-1899 > Question 2 - What is the declare_queue code from #3 blocking on? To use ssl in the client you have to select 'ssl' as the protocol. The examples don't currently allow you to do that at present. However if you make the following modifications then you can specify 'ssl' after host and port and it should work: Index: examples/direct/declare_queues.cpp =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- examples/direct/declare_queues.cpp (revision 797423) +++ examples/direct/declare_queues.cpp (working copy) @@ -53,12 +53,14 @@ int main(int argc, char** argv) { - const char* host =3D argc>1 ? argv[1] : "127.0.0.1"; - int port =3D argc>2 ? atoi(argv[2]) : 5672; + ConnectionSettings settings; + if (argc>1) settings.host =3D argv[1]; + if (argc>2) settings.port =3D atoi(argv[2]); + if (argc>3) settings.protocol =3D argv[3]; Connection connection; try { - connection.open(host, port); + connection.open(settings); Session session =3D connection.newSession(); The same change would be required on the other example programs. We should get this changed for the next release also. I've raised a Jira to track it: https://issues.apache.org/jira/browse/QPID-2049 --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscribe@qpid.apache.org --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:users-subscribe@qpid.apache.org