qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adel Boutros <adelbout...@live.com>
Subject RE: [Qpid-dispatch] Duplication between sslProfile and connector options
Date Mon, 13 Jun 2016 08:45:24 GMT
Hello Ganesh,
I performed the modifications you asked but I still have the same issue using qdmanage.
Regards,Adel

> Date: Fri, 10 Jun 2016 12:40:48 -0400
> From: gmurthy@redhat.com
> To: users@qpid.apache.org
> Subject: Re: [Qpid-dispatch] Duplication between sslProfile and connector options
> 
> Hi Adel,
>   Can you please setup your listener like this - 
> 
> listener {
>     host: 0.0.0.0    
>     port: 10399    
>     saslMechanisms: ANONYMOUS
>     sslProfile: ssl-profile-name    
>     authenticatePeer: no    # Use authenticatePeer instead of requirePeerAuth
>     requireSsl: yes
> }
> 
> Thanks.
> ----- Original Message -----
> > From: "Adel Boutros" <adelboutros@live.com>
> > To: users@qpid.apache.org
> > Sent: Friday, June 10, 2016 10:47:53 AM
> > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector options
> > 
> > 
> > 
> > 
> > The page you provided suits my needs.
> > However, I have a problem running SSL. I have configured the dispatcher
> > (0.6.0 RC 4) as follows:
> > ssl-profile {
> >     name: ssl-profile-name    certFile: CERTIFICATE_DIR/cert_lx.pem
> >     keyFile: PRIVATE_KEY_DIR/key_lx.pem}
> > listener {    host: 0.0.0.0    port: 10399    sasl-mechanisms: ANONYMOUS
> > ssl-profile: ssl-profile-name    requirePeerAuth: no    requireSsl: yes}
> > Yet, I cannot even cannot using qdmanage:
> > qdmanage --ssl-certificate=CERTIFICATE_DIR/cert_lx.pem
> > --ssl-key=PRIVATE_KEY_DIR/key_lx.pem -b amqps://0.0.0.0:10399 create
> > --type=autoLink addr=queue dir=out connection=localhost.5672.connector
> > name=localhost.5672.queue
> > 
> > Exception client-side:
> > SSLUnavailable:
> > 
> > Weird incomplete message, no?
> > 
> > Regards,
> > Adel
> > 
> > > Date: Fri, 10 Jun 2016 10:11:25 -0400
> > > From: gmurthy@redhat.com
> > > To: users@qpid.apache.org
> > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and connector
> > > options
> > > 
> > > Hi Adel,
> > >     You can find the entire list of entities and attributes here -
> > > 
> > > http://qpid.apache.org/releases/qpid-dispatch-master/man/qdrouterd.conf.html
> > > 
> > > I will purge the book of dashed entity/attribute names on the master
> > > branch. I have entered a JIRA for this so it can be tracked -
> > > 
> > > https://issues.apache.org/jira/browse/DISPATCH-377
> > > 
> > > Thanks.
> > > 
> > > ----- Original Message -----
> > > > From: "Adel Boutros" <adelboutros@live.com>
> > > > To: users@qpid.apache.org
> > > > Sent: Friday, June 10, 2016 9:43:38 AM
> > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector
> > > > options
> > > > 
> > > > One last section, where in the book can I find the fields for ssl-profile
> > > > configuration? I searched in Configuration Entities and found everything
> > > > except "ssl-profile" fields.
> > > > > From: adelboutros@live.com
> > > > > To: users@qpid.apache.org
> > > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and
> > > > > connector
> > > > > options
> > > > > Date: Fri, 10 Jun 2016 15:39:13 +0200
> > > > > 
> > > > > Thank you Ganesh,
> > > > > Is this documented somewhere? Will the dashed properties be removed
> > > > > from
> > > > > the Book to avoid such confusion in the future?
> > > > > Regards,Adel
> > > > > 
> > > > > > Date: Fri, 10 Jun 2016 08:30:15 -0400
> > > > > > From: gmurthy@redhat.com
> > > > > > To: users@qpid.apache.org
> > > > > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile
and
> > > > > > connector
> > > > > > options
> > > > > > 
> > > > > > Hi Adel,
> > > > > >    Going forward please use the camelCase and abandon using
dashed
> > > > > >    properties (like cert-file). Following is an example of the
> > > > > >    *correct*
> > > > > >    way to use certFile
> > > > > > 
> > > > > > sslProfile {
> > > > > >     certFile: /home/gmurthy/opensource/server-certificate.pem
> > > > > >     keyFile: /home/gmurthy/opensource//server-private-key.pem
> > > > > >     password: some-password
> > > > > >     name: client-ssl-profile
> > > > > >     certDb: /home/gmurthy/opensource/ca-certificate.pem
> > > > > > }
> > > > > > 
> > > > > > connector {
> > > > > >     addr: 127.0.0.1
> > > > > >     role: inter-router
> > > > > >     sslProfile: client-ssl-profile # This connector will use
the
> > > > > >     sslProfile with the name client-ssl-profile
> > > > > >     port: 24976
> > > > > > }
> > > > > > 
> > > > > > Notice above that we specified certFile in only one place (inside
the
> > > > > > sslProfile)
> > > > > > 
> > > > > > Thanks.
> > > > > > 
> > > > > > ----- Original Message -----
> > > > > > > From: "Adel Boutros" <adelboutros@live.com>
> > > > > > > To: users@qpid.apache.org
> > > > > > > Sent: Friday, June 10, 2016 6:32:06 AM
> > > > > > > Subject: [Qpid-dispatch] Duplication between sslProfile
and
> > > > > > > connector
> > > > > > > options
> > > > > > > 
> > > > > > > Hello guys,
> > > > > > > In the ssl-profile, we can define some options such as
"cert-file".
> > > > > > > When we
> > > > > > > define a connector, we can provide the name of ssl-profile
and we
> > > > > > > can
> > > > > > > set
> > > > > > > "certFile". What is the behavior if we defined a cert-file
in the
> > > > > > > ssl-profile and set the certFile property?
> > > > > > > Is setting one of them enough? Or do we really need to
set both?
> > > > > > > Regards,Adel
> > > > > > 
> > > > > > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > > > > > For additional commands, e-mail: users-help@qpid.apache.org
> > > > > > 
> > > > >  		 	   		  
> > > > 
> > > 
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > > For additional commands, e-mail: users-help@qpid.apache.org
> > > 
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message