qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcello <mf...@euro-finance-systems.fr>
Subject QPid 0.18 C++/C# - client-side certificate authentication - QpidException
Date Tue, 23 Oct 2012 12:11:17 GMT
Hi,

I’m trying to connect to a Red Hat MRG 2.0 (Qpid 0.10) broker (compliant
with AMQP 0-10).

My client application is a .Net Windows application and we use the Apache
QPid 0.18 C++/C# module (compliant with AMQP 0-10), provided to us by
Riverace ( http://www.riverace.com/qpid/downloads.htm
<http://www.riverace.com/qpid/downloads.htm>   ). 

In order to be connected and authenticate us to the remote broker we have
currently referenced the .Net assembly org.apache.qpid.messaging.dll found
in the installation package, which encapsulates the Apache QPid C++ native
component. You will find the code source below.

Any connection attempt fails and a QpidException is raised « Failed to
connect (reconnect disabled) ». Stack trace : 
  .Apache.Qpid.Messaging.Connection.Open() dans
c:\qpid\0.18\qpid\cpp\bindings\qpid\dotnet\src\connection.cpp:ligne 243

The broker and the client run on different machines connected to the same
VPN network, the client and the broker are directly connected on the same
subnet. 

The authentication process to the broker is done via a SASL EXTERNAL 
mechanism, that uses SSL either for encryption and authentication. The
authentication process uses certificates registered on the Windows machine
where the client is running.

On the Windows client machine the public broker certificate is currently
registered on the “Root” store as well as the client certificate
(self-signed and created by us) is currently registered on the “My” store.
The public part of the client certificate has been correctly registered on
the broker side.  

Our own .Net client set the following connection properties:

     using Org.Apache.Qpid.Messaging;

     ...

     Connection connection = null;
     connection = new Connection("amqp:ssl:<broker address>:<broker ssl
port>");

     connection.SetOption("reconnect", true);
     connection.SetOption("transport", "ssl");
     connection.SetOption("reconnect_limit", <number of maximal attempts>);
     connection.SetOption("reconnect_urls", "amqp:ssl:<broker
address>:<broker ssl port>");

     // the following option, set username, is mandatory when an EXTERNAL
sasl_mechanisms is provided
     connection.SetOption("username", "<client certificate>");
     connection.SetOption("sasl_mechanisms", "EXTERNAL");

     connection.Open();

When the Open command is executed the client attempts to connect to the
default SSL port of the broker without success, raising the QpidException.

Riverace ( http://www.riverace.com/ <http://www.riverace.com/>   ), where we
get the Apache Qpid component, warned us that the  Apache QPid 0.18 C++/C#
does not have native support for client-side certificate authentication. 

Then we have probably to build our own Apache QPid C++ component, starting
from the source available onto the Apache Qpid site, after having applied
some enhancements to the SSL handling for the Qpid C++ code. 

I would be glad if someone could answer the questions below:
1.            The SSL enhancement I need is it provided applying the patch «
SSL Client Authentication support for the Windows C++ client »,  
https://issues.apache.org/jira/browse/QPID-3914
<https://issues.apache.org/jira/browse/QPID-3914>   ?
2.            The only .net source package available on the Apache QPid site
( http://qpid.apache.org/download.html ) is « C# (.NET, WCF) WCF channel
(C++ Broker Compatible) »  and the assembly we are currently using the
org.apache.qpid.messaging dll is not available anymore or I am not able to
found it, do you know where I can find the org.apache.qpid.messaging .Net
source code ?
3.            Do you know where I can find a QPid component installation
package that includes SSL support with client-side certificate
authentication and compliant with AMQP 0-10 standard? Maybe The Red Hat MRG
Messaging (  http://www.redhat.com/mrg/messaging/
<http://www.redhat.com/mrg/messaging/>   ) includes this feature ?

Thanks in advance for your support

Marcello




--
View this message in context: http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message