qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Welchlin <andreas.welch...@comyno.com>
Subject C++ Client: SSL connection configuration
Date Tue, 29 Jul 2014 11:32:25 GMT
Hi All,

currently I am trying to connect to a third party AMQP broker using a 
c++ client with qpid 0.28.

The broker is configured to use ssl. The client uses a self signed 
certificate. This certificate is available in the broker.

I created the self signed certificate and added it into my certificate 
db. I also added the third party broker certificate.

 > mkdir clientCertDb
 > certutil -N -d clientCertDb
 > certutil -A -d clientCertDb -n "BrokerCert"  -t "T,," -a -i 
clientCertDb/Broker.crt
 > certutil -A -d clientCertDb -n "ClientCert"  -a -i 
clientCertDb/Client.crt -t ",,"

Then I set the environment for the client:
export QPID_SSL_CERT_DB=./clientCertDb
export QPID_SSL_CERT_NAME=ClientCert
export QPID_SSL_CERT_PASSWORD_FILE=./pwfile

The client fails to connect to the server. The client library log says:

-------------------------------------------------------
Driver started
Starting connection to amqp:ssl:<ipaddr>:<port>
Connecting to ssl:<ipaddr>:<port>
ssl:<ipaddr>:<port> Connecting ...
Connecting: <ipaddr>:<port>
Exception constructed: Failed: NSS error [-8179] 
(qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
Failed to connect: Failed: NSS error [-8179] 
(qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
Driver stopped
-------------------------------------------------------

I do not get what is going wrong. As far as I understood I do not have 
to give the c++ client any hint where to find the broker certificate.
Is this right?

Unfortunately the error message in the client log is not helpful for me. 
I don't see any details what the problem is.


I tried to get more information using openssl s_client:

 > openssl s_client -connect <ipaddr>:<port> -CAfile 
clientCertDb/Client.crt -debug  -key Client.key -CApath clientCertDb/

It says:
Verify return code: 20 (unable to get local issuer certificate)


Does anyone of you know how to configure this or how I can get more 
information?

Regards,
Andreas





---
Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv.
http://www.avast.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message