[qpid-proton] 11/15: PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl - Also make send-ssl tell you the remote peer

[robbie]

This is an automated email from the ASF dual-hosted git repository.

robbie pushed a commit to branch 0.27.x
in repository https://gitbox.apache.org/repos/asf/qpid-proton.git

commit 2d3ba8aadc6657410a9e9f020c4d371cb41cd41b
Author: Andrew Stitcher <astitc...@apache.org>
AuthorDate: Fri Mar 8 13:14:34 2019 -0500

    PROTON-2014: [c] Fix example broker to warn when it fails to set up ssl
    - Also make send-ssl tell you the remote peer
    
    (cherry picked from commit 159fac1f90d9b1ace1138d510176e7a5da54e9e9)
---
 c/examples/broker.c   |  8 ++++++--
 c/examples/send-ssl.c | 10 +++++++++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/c/examples/broker.c b/c/examples/broker.c
index 6ffe8ed..fd6aba2 100644
--- a/c/examples/broker.c
+++ b/c/examples/broker.c
@@ -301,6 +301,7 @@ static bool handle(broker_t* b, pn_event_t* e) {
      pn_sasl_allowed_mechs(pn_sasl(t), "ANONYMOUS");
      if (b->ssl_domain) {
        pn_ssl_init(pn_ssl(t), b->ssl_domain, NULL);
+       pn_transport_require_encryption(t, false); /* Must call this after 
pn_ssl_init */
      }
      pn_listener_accept2(pn_event_listener(e), NULL, t);
      break;
@@ -443,6 +444,7 @@ static void* broker_thread(void *void_broker) {
 int main(int argc, char **argv) {
   const char *host = (argc > 1) ? argv[1] : "";
   const char *port = (argc > 2) ? argv[2] : "amqp";
+  int err;
 
   broker_t b = {0};
   b.proactor = pn_proactor();
@@ -450,8 +452,10 @@ int main(int argc, char **argv) {
   b.container_id = argv[0];
   b.threads = 4;
   b.ssl_domain = pn_ssl_domain(PN_SSL_MODE_SERVER);
-  SET_CREDENTIALS(b.ssl_domain, "tserver");
-  pn_ssl_domain_allow_unsecured_client(b.ssl_domain); /* Allow SSL and plain 
connections */
+  err = SET_CREDENTIALS(b.ssl_domain, "tserver");
+  if (err) {
+    printf("Failed to set up server certificate: %s, private key: %s\n", 
CERTIFICATE("tserver"), SSL_FILE("tserver-private-key.pem"));
+  }
   {
   /* Listen on addr */
   char addr[PN_MAX_ADDR];
diff --git a/c/examples/send-ssl.c b/c/examples/send-ssl.c
index c8b9e0c..0228192 100644
--- a/c/examples/send-ssl.c
+++ b/c/examples/send-ssl.c
@@ -116,6 +116,7 @@ static bool handle(app_data_t* app, pn_event_t* event) {
      pn_connection_t* c = pn_event_connection(event);
      pn_session_t* s = pn_session(pn_event_connection(event));
      pn_connection_set_container(c, app->container_id);
+     pn_connection_set_hostname(c, app->host);
      pn_connection_open(c);
      pn_session_open(s);
      {
@@ -131,8 +132,15 @@ static bool handle(app_data_t* app, pn_event_t* event) {
      if (ssl) {
        char name[1024];
        pn_ssl_get_protocol_name(ssl, name, sizeof(name));
-       printf("secure connection: %s\n", name);
+       {
+       const char *subject = pn_ssl_get_remote_subject(ssl);
+       if (subject) {
+         printf("secure connection: to %s using %s\n", subject, name);
+       } else {
+         printf("anonymous connection: using %s\n", name);
+       }
        fflush(stdout);
+       }
      }
      break;
    }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org