Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BD98B106D8 for ; Wed, 23 Oct 2013 22:38:37 +0000 (UTC) Received: (qmail 97422 invoked by uid 500); 23 Oct 2013 22:38:36 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 97174 invoked by uid 500); 23 Oct 2013 22:38:34 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 97161 invoked by uid 99); 23 Oct 2013 22:38:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Oct 2013 22:38:32 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [209.85.192.174] (HELO mail-pd0-f174.google.com) (209.85.192.174) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Oct 2013 22:38:25 +0000 Received: by mail-pd0-f174.google.com with SMTP id y13so1909305pdi.19 for ; Wed, 23 Oct 2013 15:38:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=0mZ+5Lpk215HMb2UXqtHXBOfb4EuAVwbvXxQC0vN/OM=; b=hzl8wwtRR4qUB/ElmzVa3pYDGNvyq+zhOUuC7eJ7CJxm/F1ksyGoMGMnUmnEvPBzCD McOacOR5NSga52AbGljfLcVagp+cMtWCJJGmBE6bMS74nNHS384fHiWFywb/53a0pPqR NenBLyAveRKHB3HvKpxIpgCC874mQEhpLpMcb4O+Qinp188nog8k1/C+XCFdjncm7iD7 4nB2GUYRuqsABigRb5DF+QfeMkmzWa3cK6s/HADTjnCwI6sMPGgm2N7zI9GUSB7xeqTV BlGN5BGEukpSa/hrA0G77AaouRgL+X+xptPX8BMCeBfwkEW0xwhRJDWLmmoswdYP+sc4 mhaQ== X-Gm-Message-State: ALoCoQkLvy6j8qTrTmNVOwkqrqHkhhX1yE7Rbac0Og2QHR21fBJbUdD9y6sTuKMKs1q4sBsEMo5Z MIME-Version: 1.0 X-Received: by 10.66.162.195 with SMTP id yc3mr148256pab.64.1382567884153; Wed, 23 Oct 2013 15:38:04 -0700 (PDT) Received: by 10.70.27.163 with HTTP; Wed, 23 Oct 2013 15:38:04 -0700 (PDT) X-Originating-IP: [89.102.141.161] In-Reply-To: References: <5267A111.2000900@redhat.com> <5267D6C8.7090406@redhat.com> <5267EF63.6010601@redhat.com> Date: Thu, 24 Oct 2013 00:38:04 +0200 Message-ID: Subject: Re: QPid Ruby client and SSL From: Jakub Scholz To: users@qpid.apache.org Content-Type: multipart/alternative; boundary=047d7b6dc1a89cfd9c04e9702b42 X-Virus-Checked: Checked by ClamAV on apache.org --047d7b6dc1a89cfd9c04e9702b42 Content-Type: text/plain; charset=ISO-8859-1 In the Java client, the SSL issues are very easy to analyse using the SSL debugging mode which can be switched on using the system property "javax.net.debug=ssl". It would be great to have something similar in the C++ client (and in the scripting languages clients build on top of the C++ client). But to my understanding the C++ client is for the SSL negotiation using the NSS library for which I never found such a nice debugging option. Regards Jakub On Wed, Oct 23, 2013 at 6:15 PM, Trevor Vaughan wrote: > No errors on the client side and adding trace to the QPID log didn't show > anything except for dropped connections. > > That's when I started using openssl s_server to debug the SSL portion. > > We're using 0.14-22 currently. > > > On Wed, Oct 23, 2013 at 11:46 AM, Gordon Sim wrote: > > > On 10/23/2013 04:02 PM, Trevor Vaughan wrote: > > > >> amqp:ssl:myhost.mydomain:5671 > >> options << transport => 'ssl' > >> > >> But, no dice :-/ > >> > >> Thanks for the help though! > >> > > > > Do you get any errors on the client side? What if you export > > QPID_LOG_ENABLE=trace+ before trying to run the ruby client, does that > show > > up anything unusual looking? (I'm wondering if the sslconnector.so module > > is loaded, however if not then attempting to use ssl in the url should > > result in an error not a hang). > > > > What version of the client are you using? (I ran a simple test from ruby > > on trunk without a problem, so its either a different version or > different > > config in some way I think). > > > > > > ------------------------------**------------------------------**--------- > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.**org< > users-unsubscribe@qpid.apache.org> > > For additional commands, e-mail: users-help@qpid.apache.org > > > > > > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 > tvaughan@onyxpoint.com > > -- This account not approved for unencrypted proprietary information -- > --047d7b6dc1a89cfd9c04e9702b42--