From users-return-7149-apmail-qpid-users-archive=qpid.apache.org@qpid.apache.org Tue Oct 23 12:11:52 2012 Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B09E5DC48 for ; Tue, 23 Oct 2012 12:11:52 +0000 (UTC) Received: (qmail 86115 invoked by uid 500); 23 Oct 2012 12:11:52 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 86019 invoked by uid 500); 23 Oct 2012 12:11:49 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 85987 invoked by uid 99); 23 Oct 2012 12:11:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Oct 2012 12:11:48 +0000 X-ASF-Spam-Status: No, hits=2.0 required=5.0 tests=SPF_NEUTRAL,URI_HEX X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [216.139.250.139] (HELO joe.nabble.com) (216.139.250.139) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Oct 2012 12:11:43 +0000 Received: from jim.nabble.com ([192.168.236.80]) by joe.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1TQdKH-0002tG-8P for users@qpid.apache.org; Tue, 23 Oct 2012 05:11:17 -0700 Date: Tue, 23 Oct 2012 05:11:17 -0700 (PDT) From: Marcello To: users@qpid.apache.org Message-ID: <1350994277244-7583696.post@n2.nabble.com> Subject: QPid 0.18 C++/C# - client-side certificate authentication - QpidException MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Hi, I=E2=80=99m trying to connect to a Red Hat MRG 2.0 (Qpid 0.10) broker (comp= liant with AMQP 0-10). My client application is a .Net Windows application and we use the Apache QPid 0.18 C++/C# module (compliant with AMQP 0-10), provided to us by Riverace ( http://www.riverace.com/qpid/downloads.htm ).=20 In order to be connected and authenticate us to the remote broker we have currently referenced the .Net assembly org.apache.qpid.messaging.dll found in the installation package, which encapsulates the Apache QPid C++ native component. You will find the code source below. Any connection attempt fails and a QpidException is raised =C2=AB Failed to connect (reconnect disabled) =C2=BB. Stack trace :=20 .Apache.Qpid.Messaging.Connection.Open() dans c:\qpid\0.18\qpid\cpp\bindings\qpid\dotnet\src\connection.cpp:ligne 243 The broker and the client run on different machines connected to the same VPN network, the client and the broker are directly connected on the same subnet.=20 The authentication process to the broker is done via a SASL EXTERNAL=20 mechanism, that uses SSL either for encryption and authentication. The authentication process uses certificates registered on the Windows machine where the client is running. On the Windows client machine the public broker certificate is currently registered on the =E2=80=9CRoot=E2=80=9D store as well as the client certif= icate (self-signed and created by us) is currently registered on the =E2=80=9CMy= =E2=80=9D store. The public part of the client certificate has been correctly registered on the broker side. =20 Our own .Net client set the following connection properties: using Org.Apache.Qpid.Messaging; ... Connection connection =3D null; connection =3D new Connection("amqp:ssl::"); connection.SetOption("reconnect", true); connection.SetOption("transport", "ssl"); connection.SetOption("reconnect_limit", ); connection.SetOption("reconnect_urls", "amqp:ssl::"); // the following option, set username, is mandatory when an EXTERNAL sasl_mechanisms is provided connection.SetOption("username", ""); connection.SetOption("sasl_mechanisms", "EXTERNAL"); connection.Open(); When the Open command is executed the client attempts to connect to the default SSL port of the broker without success, raising the QpidException. Riverace ( http://www.riverace.com/ ), where w= e get the Apache Qpid component, warned us that the Apache QPid 0.18 C++/C# does not have native support for client-side certificate authentication.=20 Then we have probably to build our own Apache QPid C++ component, starting from the source available onto the Apache Qpid site, after having applied some enhancements to the SSL handling for the Qpid C++ code.=20 I would be glad if someone could answer the questions below: 1. The SSL enhancement I need is it provided applying the patch = =C2=AB SSL Client Authentication support for the Windows C++ client =C2=BB, =20 https://issues.apache.org/jira/browse/QPID-3914 ? 2. The only .net source package available on the Apache QPid sit= e ( http://qpid.apache.org/download.html ) is =C2=AB C# (.NET, WCF) WCF chann= el (C++ Broker Compatible) =C2=BB and the assembly we are currently using the org.apache.qpid.messaging dll is not available anymore or I am not able to found it, do you know where I can find the org.apache.qpid.messaging .Net source code ? 3. Do you know where I can find a QPid component installation package that includes SSL support with client-side certificate authentication and compliant with AMQP 0-10 standard? Maybe The Red Hat MRG Messaging ( http://www.redhat.com/mrg/messaging/ ) includes this feature ? Thanks in advance for your support Marcello -- View this message in context: http://qpid.2158936.n2.nabble.com/QPid-0-18-C= -C-client-side-certificate-authentication-QpidException-tp7583696.html Sent from the Apache Qpid users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org