Return-Path: X-Original-To: apmail-qpid-users-archive@www.apache.org Delivered-To: apmail-qpid-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BFD2A1186B for ; Tue, 29 Jul 2014 11:32:48 +0000 (UTC) Received: (qmail 15391 invoked by uid 500); 29 Jul 2014 11:32:48 -0000 Delivered-To: apmail-qpid-users-archive@qpid.apache.org Received: (qmail 15331 invoked by uid 500); 29 Jul 2014 11:32:48 -0000 Mailing-List: contact users-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@qpid.apache.org Delivered-To: mailing list users@qpid.apache.org Received: (qmail 15318 invoked by uid 99); 29 Jul 2014 11:32:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Jul 2014 11:32:47 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [81.169.146.218] (HELO mo4-p00-ob.smtp.rzone.de) (81.169.146.218) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Jul 2014 11:32:44 +0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1406633540; l=2142; s=domk; d=comyno.com; h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:From: Date; bh=UJ1zoGE69kCLppbADv3I9EJN5hk=; b=rZTUqSDaticDlU1n4FSHX3le3UtcJYYR75G8fPI8YYgqtr3c05LGRZzkk4KqCzytF/Q Hm7pf24EzQH5yx4rRnylqFnpgfFuMhuYg6h2tASHWLEZCF3+AywGCNZQrBa4KAMKyaX58 m9SIzngaeFU0fjF0x6lwFjkEsaPwcsDLGlU= X-RZG-AUTH: :LWIAZ0WpaLHEp3guTphWsEKFlupQz4kxs7vDzOIt0vdV+P7tSPaTyDmBHXd6VWdIIlvFkO4L6rT/0g== X-RZG-CLASS-ID: mo00 Received: from [127.0.0.1] (pD9FAC48C.dip0.t-ipconnect.de [217.250.196.140]) by smtp.strato.de (RZmta 35.2 DYNA|AUTH) with ESMTPSA id D04a77q6TBWJqJp (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) for ; Tue, 29 Jul 2014 13:32:19 +0200 (CEST) Message-ID: <53D78649.5040303@comyno.com> Date: Tue, 29 Jul 2014 13:32:25 +0200 From: Andreas Welchlin User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: users@qpid.apache.org Subject: C++ Client: SSL connection configuration Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 140728-2, 28.07.2014), Outbound message X-Antivirus-Status: Clean X-Virus-Checked: Checked by ClamAV on apache.org Hi All, currently I am trying to connect to a third party AMQP broker using a c++ client with qpid 0.28. The broker is configured to use ssl. The client uses a self signed certificate. This certificate is available in the broker. I created the self signed certificate and added it into my certificate db. I also added the third party broker certificate. > mkdir clientCertDb > certutil -N -d clientCertDb > certutil -A -d clientCertDb -n "BrokerCert" -t "T,," -a -i clientCertDb/Broker.crt > certutil -A -d clientCertDb -n "ClientCert" -a -i clientCertDb/Client.crt -t ",," Then I set the environment for the client: export QPID_SSL_CERT_DB=./clientCertDb export QPID_SSL_CERT_NAME=ClientCert export QPID_SSL_CERT_PASSWORD_FILE=./pwfile The client fails to connect to the server. The client library log says: ------------------------------------------------------- Driver started Starting connection to amqp:ssl:: Connecting to ssl:: ssl:: Connecting ... Connecting: : Exception constructed: Failed: NSS error [-8179] (qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156) Failed to connect: Failed: NSS error [-8179] (qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156) Driver stopped ------------------------------------------------------- I do not get what is going wrong. As far as I understood I do not have to give the c++ client any hint where to find the broker certificate. Is this right? Unfortunately the error message in the client log is not helpful for me. I don't see any details what the problem is. I tried to get more information using openssl s_client: > openssl s_client -connect : -CAfile clientCertDb/Client.crt -debug -key Client.key -CApath clientCertDb/ It says: Verify return code: 20 (unable to get local issuer certificate) Does anyone of you know how to configure this or how I can get more information? Regards, Andreas --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org For additional commands, e-mail: users-help@qpid.apache.org