qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Qpid-tools and SSL certificates
Date Wed, 05 Oct 2011 09:07:29 GMT
On 10/04/2011 11:36 PM, Bruno Fran├ža wrote:
> Hi,
>
> when I set ssl-require-client-authentication and require-encryption on
> my Qpid C++ broker and try to connect to it using qpid-stat, I get the
> following error:
>
> $ export QPID_SSL_CERT_DB=/path/to/mycert_db
> $ export QPID_SSL_CERT_NAME=mycert
> $ ./bin/qpid-stat -q amqps://bruno.mz.digirati.com.br
> Failed: SSLError - [Errno 1] _ssl.c:499: error:14094412:SSL
> routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
> Seems like the client certificate is being ignored. Is there a way to
> inform qpid-stat which certificate to use? The above command works if I
> disable ssl-require-client-authentication. I'm using SVN rev 1177431 on
> Ubuntu 11.04 x86_64.

Unfortunately the python client (which qpid-stat uses) does not  support 
client authentication with SSL (the env vars above are only valid for 
the C++ client and those APIs that wrap it).

There is a JIRA open for this and a (modified) patch attached: 
https://issues.apache.org/jira/browse/QPID-3175. Rafi, are you happy 
with that now? Could we push to get that in for 0.14, it's been around a 
while now and would be an important gap to close.

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org


Mime
View raw message