Correction to the original mail:
If I remove any of the commands, the last command no longer fail.
________________________________
From: Adel Boutros <Adelboutros@live.com>
Sent: Wednesday, February 1, 2017 12:35:35 PM
To: users@qpid.apache.org
Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the Dispatch
Router on Linux
Re-attaching the dispatch router log.
________________________________
From: Adel Boutros <Adelboutros@live.com>
Sent: Wednesday, February 1, 2017 12:10:45 PM
To: users@qpid.apache.org
Subject: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the Dispatch Router
on Linux
Hello,
We have launched our test suite on the dispatch router 0.7.0 and noticed that connections
on a Listener configured with SASL External was not working anymore.
With the below configuration and script, we have this exception ('SSL Failure: Unknown error.')
which keeps occurring.
If I remove any of the commands except the one failing, the last one fails. It seems we need
to query the Dispatch router once and create 2 entities on it for the 4th operation to fail.
If I replace the "create" commands by "delete" operation it doesn't seem to fail.
PS: All certificates used here are taken from the qpid-dispatch repository here https://github.com/apache/qpid-dispatch/tree/0.7.0/tests/ssl_certs
Exception client-side
---------------------------
ConnectionException: Connection amqps://green-lx-slave1:10498/$management disconnected: Condition('amqp:connection:framing-error',
'SSL Failure: Unknown error.')
Router config
-------------------------
container {
worker-threads: 4
containerName: qpid.dispatch.router.10501
}
sslProfile {
keyFile: server-private-key.pem
password: server-password
certFile: server-certificate.pem
name: ssl-test-profile
certDb: ca-certificate.pem
}
listener {
host: 0.0.0.0
port: 10498
saslMechanisms: EXTERNAL
sslProfile: ssl-test-profile
authenticatePeer: yes
requireSsl: yes
}
router {
mode: interior
routerId: router.10501
}
log {
module: DEFAULT
enable: trace+
source: false
output: dispatch.10501.log
}
Commands to launch in the below order
--------------------------------------------------------
* Restart Dispatch Router
* Restart Broker
* qdstat -g -b amqp://localhost:10501
* qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b amqps://localhost:10498 create
--type=address prefix=cluster.SSLMutualQueue waypoint=true name=cluster.SSLMutualQueue.addr
* qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b amqps://localhost:10498 create
--type=connector role=route-container addr=localhost port=10305 name=localhost.10305.connector
sslProfile=ssl-test-profile verifyHostName=no
* (Failing command) qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem
--ssl-key=client-private-key.pem --ssl-password=client-password --ssl-disable-peer-name-verify
-b amqps://localhost:10498 delete --type=autoLink --name localhost.10305.cluster.SSLMutualQueue.in
Dispatch Router log
---------------------------
See attached file
Regards,
Adel
|