qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: QPid 0.18 C++/C# - client-side certificate authentication - QpidException
Date Mon, 29 Oct 2012 13:14:57 GMT
Hi Marcello,

The QPID-3914 JIRA delivers the SASL EXTERNAL support. You will need to
download the patch and apply it to the source codes and build your own
versionn of the library.

If you follow the guide for building the C++/.NET library on Windows, which
is somewhere in the SVN trunk, it is fairly simple.

Since the QPID-3914 is not part of the SVN, but just an patch which is not
committed, you will probably not find binaries for download which contain
the SASL EXTERNAL patch ...

Regards
Jakub
Dne 23.10.2012 14:11 "Marcello" <mfaga@euro-finance-systems.fr> napsal(a):

> Hi,
>
> I’m trying to connect to a Red Hat MRG 2.0 (Qpid 0.10) broker (compliant
> with AMQP 0-10).
>
> My client application is a .Net Windows application and we use the Apache
> QPid 0.18 C++/C# module (compliant with AMQP 0-10), provided to us by
> Riverace ( http://www.riverace.com/qpid/downloads.htm
> <http://www.riverace.com/qpid/downloads.htm>   ).
>
> In order to be connected and authenticate us to the remote broker we have
> currently referenced the .Net assembly org.apache.qpid.messaging.dll found
> in the installation package, which encapsulates the Apache QPid C++ native
> component. You will find the code source below.
>
> Any connection attempt fails and a QpidException is raised « Failed to
> connect (reconnect disabled) ». Stack trace :
>   .Apache.Qpid.Messaging.Connection.Open() dans
> c:\qpid\0.18\qpid\cpp\bindings\qpid\dotnet\src\connection.cpp:ligne 243
>
> The broker and the client run on different machines connected to the same
> VPN network, the client and the broker are directly connected on the same
> subnet.
>
> The authentication process to the broker is done via a SASL EXTERNAL
> mechanism, that uses SSL either for encryption and authentication. The
> authentication process uses certificates registered on the Windows machine
> where the client is running.
>
> On the Windows client machine the public broker certificate is currently
> registered on the “Root” store as well as the client certificate
> (self-signed and created by us) is currently registered on the “My” store.
> The public part of the client certificate has been correctly registered on
> the broker side.
>
> Our own .Net client set the following connection properties:
>
>      using Org.Apache.Qpid.Messaging;
>
>      ...
>
>      Connection connection = null;
>      connection = new Connection("amqp:ssl:<broker address>:<broker ssl
> port>");
>
>      connection.SetOption("reconnect", true);
>      connection.SetOption("transport", "ssl");
>      connection.SetOption("reconnect_limit", <number of maximal attempts>);
>      connection.SetOption("reconnect_urls", "amqp:ssl:<broker
> address>:<broker ssl port>");
>
>      // the following option, set username, is mandatory when an EXTERNAL
> sasl_mechanisms is provided
>      connection.SetOption("username", "<client certificate>");
>      connection.SetOption("sasl_mechanisms", "EXTERNAL");
>
>      connection.Open();
>
> When the Open command is executed the client attempts to connect to the
> default SSL port of the broker without success, raising the QpidException.
>
> Riverace ( http://www.riverace.com/ <http://www.riverace.com/>   ), where
> we
> get the Apache Qpid component, warned us that the  Apache QPid 0.18 C++/C#
> does not have native support for client-side certificate authentication.
>
> Then we have probably to build our own Apache QPid C++ component, starting
> from the source available onto the Apache Qpid site, after having applied
> some enhancements to the SSL handling for the Qpid C++ code.
>
> I would be glad if someone could answer the questions below:
> 1.            The SSL enhancement I need is it provided applying the patch
> «
> SSL Client Authentication support for the Windows C++ client »,
> https://issues.apache.org/jira/browse/QPID-3914
> <https://issues.apache.org/jira/browse/QPID-3914>   ?
> 2.            The only .net source package available on the Apache QPid
> site
> ( http://qpid.apache.org/download.html ) is « C# (.NET, WCF) WCF channel
> (C++ Broker Compatible) »  and the assembly we are currently using the
> org.apache.qpid.messaging dll is not available anymore or I am not able to
> found it, do you know where I can find the org.apache.qpid.messaging .Net
> source code ?
> 3.            Do you know where I can find a QPid component installation
> package that includes SSL support with client-side certificate
> authentication and compliant with AMQP 0-10 standard? Maybe The Red Hat MRG
> Messaging (  http://www.redhat.com/mrg/messaging/
> <http://www.redhat.com/mrg/messaging/>   ) includes this feature ?
>
> Thanks in advance for your support
>
> Marcello
>
>
>
>
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message