qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Richardson ...@fourc.eu>
Subject C++ client connection fails with SSL and AMQP1.0
Date Wed, 27 Aug 2014 09:29:20 GMT

It seems that the combination of SSL and AMQP 1.0 does not work in 0.30
beta (connection fails). The issue looks exactly the same as
https://issues.apache.org/jira/browse/QPID-5648, which was reported fixed
in trunk and 0.28.

I'm running a 0.30 beta broker with ssl enabled. Without any QPID_SSL
settings present in my environment, I can successfully send a message like

QPID_SSL_CERT_DB=/var/lib/qpidd/ssl/client-db spout -b localhost:5671
 --content "hello" --connection-options "{transport:ssl}" amq.topic

Notes - /var/lib/qpidd/ssl/client-db holds an NSS database with the CA cert
for the broker. This example uses the default AMQP 0.10.

When I add the extra protocol option to use AMQP 1.0:

QPID_SSL_CERT_DB=/var/lib/qpidd/ssl/client-db spout -b localhost:5671
 --content "hello" --connection-options "{protocol:amqp1.0, transport:ssl}"

I get the error "Connect failed to amqp:ssl:localhost:5671: Reconnect
disabled". If I run this in a debugger I can get some more info on the
error (reported in the callback at
qpid::messaging::amqp::SslTransport::failed()) which is "NSS error
[-12268]". According to the NSS documentation this is "

I've done some experimentation and if I call NSS_InitContext() referencing
my NSS db before opening the AMQP connection, the SSL handshake (with
AMQP1.0) is successful.

My first guess would be that there is some difference in the way
qpid::messaging:amqp::ConnectoinHandle (used for AMQP1.0 connections)
and qpid::client::amqp0_10::ConnectionImpl (used for AMQP0.10 connections)
initialise the NSS subsystem. Hopefully that and not an error on my part...

Could you please look into this further?

Many thanks


*Chris Richardson*, System Architect

*FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu

*Follow us on LinkedIn <http://bit.ly/fourcli>, Facebook
<http://bit.ly/fourcfb>, Google+ <http://bit.ly/fourcgp> and Twitter

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message