qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adel Boutros <adelbout...@live.com>
Subject Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the Dispatch Router on Linux
Date Wed, 01 Feb 2017 11:55:35 GMT
Correction to the original mail:
If I remove any of the commands, the last command no longer fail.

________________________________
From: Adel Boutros <Adelboutros@live.com>
Sent: Wednesday, February 1, 2017 12:35:35 PM
To: users@qpid.apache.org
Subject: Re: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the Dispatch
Router on Linux


Re-attaching the dispatch router log.

________________________________
From: Adel Boutros <Adelboutros@live.com>
Sent: Wednesday, February 1, 2017 12:10:45 PM
To: users@qpid.apache.org
Subject: [Dispatch router 0.7.0] [Proton 0.16.0] SSL commands failing on the Dispatch Router
on Linux


Hello,


We have launched our test suite on the dispatch router 0.7.0 and noticed that connections
on a Listener configured with SASL External was not working anymore.


With the below configuration and script, we have this exception ('SSL Failure: Unknown error.')
which keeps occurring.

If I remove any of the commands except the one failing, the last one fails. It seems we need
to query the Dispatch router once and create 2 entities on it for the 4th operation to fail.
If I replace the "create" commands by "delete" operation it doesn't seem to fail.


PS: All certificates used here are taken from the qpid-dispatch repository here https://github.com/apache/qpid-dispatch/tree/0.7.0/tests/ssl_certs



Exception client-side

---------------------------

ConnectionException: Connection amqps://green-lx-slave1:10498/$management disconnected: Condition('amqp:connection:framing-error',
'SSL Failure: Unknown error.')


Router config

-------------------------

container {
    worker-threads: 4
    containerName: qpid.dispatch.router.10501
}

sslProfile {
    keyFile: server-private-key.pem
    password: server-password
    certFile: server-certificate.pem
    name: ssl-test-profile
    certDb: ca-certificate.pem
}

listener {
    host: 0.0.0.0
    port: 10498
    saslMechanisms: EXTERNAL
    sslProfile: ssl-test-profile
    authenticatePeer: yes
    requireSsl: yes
}

router {
    mode: interior
    routerId: router.10501
}

log {
    module: DEFAULT
    enable: trace+
    source: false
    output: dispatch.10501.log
}


Commands to launch in the below order

--------------------------------------------------------

* Restart Dispatch Router


* Restart Broker


* qdstat -g -b amqp://localhost:10501

* qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b amqps://localhost:10498 create
--type=address prefix=cluster.SSLMutualQueue waypoint=true name=cluster.SSLMutualQueue.addr

* qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem --ssl-key=client-private-key.pem
--ssl-password=client-password --ssl-disable-peer-name-verify -b amqps://localhost:10498 create
--type=connector role=route-container addr=localhost port=10305 name=localhost.10305.connector
sslProfile=ssl-test-profile verifyHostName=no

* (Failing command) qdmanage --ssl-trustfile=ca-certificate.pem --ssl-certificate=client-certificate.pem
--ssl-key=client-private-key.pem --ssl-password=client-password --ssl-disable-peer-name-verify
-b amqps://localhost:10498 delete --type=autoLink --name localhost.10305.cluster.SSLMutualQueue.in

Dispatch Router log
---------------------------
See attached file

Regards,
Adel


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message