qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Jansen <cliffjan...@gmail.com>
Subject Re: QPid 0.18 C++/C# - client-side certificate authentication - QpidException
Date Mon, 29 Oct 2012 15:44:38 GMT
Hi Marcello,

Supplementing Jakub's reply, the source for the
Org.Apache.Qpid.Messaging dll is written in C++/CLI (not C#).  You can
find it in the C++ Multiple component package or the full C++ source
release.  It will be in:

  qpidXX/cpp/bindings/qpid/dotnet/src

It is probably safer using the full source release if you are building
from scratch.  Look at the README-winsdk.txt file.  Since the C++/CLI
code relies on the underlying pure native C++ libraries to handle the
certificates, you should first verify that a pure C++ test program
works as you expect first.

Cliff

On Mon, Oct 29, 2012 at 6:14 AM, Jakub Scholz <jakub@scholz.cz> wrote:
> Hi Marcello,
>
> The QPID-3914 JIRA delivers the SASL EXTERNAL support. You will need to
> download the patch and apply it to the source codes and build your own
> versionn of the library.
>
> If you follow the guide for building the C++/.NET library on Windows, which
> is somewhere in the SVN trunk, it is fairly simple.
>
> Since the QPID-3914 is not part of the SVN, but just an patch which is not
> committed, you will probably not find binaries for download which contain
> the SASL EXTERNAL patch ...
>
> Regards
> Jakub
> Dne 23.10.2012 14:11 "Marcello" <mfaga@euro-finance-systems.fr> napsal(a):
>
>> Hi,
>>
>> I’m trying to connect to a Red Hat MRG 2.0 (Qpid 0.10) broker (compliant
>> with AMQP 0-10).
>>
>> My client application is a .Net Windows application and we use the Apache
>> QPid 0.18 C++/C# module (compliant with AMQP 0-10), provided to us by
>> Riverace ( http://www.riverace.com/qpid/downloads.htm
>> <http://www.riverace.com/qpid/downloads.htm>   ).
>>
>> In order to be connected and authenticate us to the remote broker we have
>> currently referenced the .Net assembly org.apache.qpid.messaging.dll found
>> in the installation package, which encapsulates the Apache QPid C++ native
>> component. You will find the code source below.
>>
>> Any connection attempt fails and a QpidException is raised « Failed to
>> connect (reconnect disabled) ». Stack trace :
>>   .Apache.Qpid.Messaging.Connection.Open() dans
>> c:\qpid\0.18\qpid\cpp\bindings\qpid\dotnet\src\connection.cpp:ligne 243
>>
>> The broker and the client run on different machines connected to the same
>> VPN network, the client and the broker are directly connected on the same
>> subnet.
>>
>> The authentication process to the broker is done via a SASL EXTERNAL
>> mechanism, that uses SSL either for encryption and authentication. The
>> authentication process uses certificates registered on the Windows machine
>> where the client is running.
>>
>> On the Windows client machine the public broker certificate is currently
>> registered on the “Root” store as well as the client certificate
>> (self-signed and created by us) is currently registered on the “My” store.
>> The public part of the client certificate has been correctly registered on
>> the broker side.
>>
>> Our own .Net client set the following connection properties:
>>
>>      using Org.Apache.Qpid.Messaging;
>>
>>      ...
>>
>>      Connection connection = null;
>>      connection = new Connection("amqp:ssl:<broker address>:<broker ssl
>> port>");
>>
>>      connection.SetOption("reconnect", true);
>>      connection.SetOption("transport", "ssl");
>>      connection.SetOption("reconnect_limit", <number of maximal attempts>);
>>      connection.SetOption("reconnect_urls", "amqp:ssl:<broker
>> address>:<broker ssl port>");
>>
>>      // the following option, set username, is mandatory when an EXTERNAL
>> sasl_mechanisms is provided
>>      connection.SetOption("username", "<client certificate>");
>>      connection.SetOption("sasl_mechanisms", "EXTERNAL");
>>
>>      connection.Open();
>>
>> When the Open command is executed the client attempts to connect to the
>> default SSL port of the broker without success, raising the QpidException.
>>
>> Riverace ( http://www.riverace.com/ <http://www.riverace.com/>   ), where
>> we
>> get the Apache Qpid component, warned us that the  Apache QPid 0.18 C++/C#
>> does not have native support for client-side certificate authentication.
>>
>> Then we have probably to build our own Apache QPid C++ component, starting
>> from the source available onto the Apache Qpid site, after having applied
>> some enhancements to the SSL handling for the Qpid C++ code.
>>
>> I would be glad if someone could answer the questions below:
>> 1.            The SSL enhancement I need is it provided applying the patch
>> «
>> SSL Client Authentication support for the Windows C++ client »,
>> https://issues.apache.org/jira/browse/QPID-3914
>> <https://issues.apache.org/jira/browse/QPID-3914>   ?
>> 2.            The only .net source package available on the Apache QPid
>> site
>> ( http://qpid.apache.org/download.html ) is « C# (.NET, WCF) WCF channel
>> (C++ Broker Compatible) »  and the assembly we are currently using the
>> org.apache.qpid.messaging dll is not available anymore or I am not able to
>> found it, do you know where I can find the org.apache.qpid.messaging .Net
>> source code ?
>> 3.            Do you know where I can find a QPid component installation
>> package that includes SSL support with client-side certificate
>> authentication and compliant with AMQP 0-10 standard? Maybe The Red Hat MRG
>> Messaging (  http://www.redhat.com/mrg/messaging/
>> <http://www.redhat.com/mrg/messaging/>   ) includes this feature ?
>>
>> Thanks in advance for your support
>>
>> Marcello
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696.html
>> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
>> For additional commands, e-mail: users-help@qpid.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message