qpidd: --require-encryption with "--auth no" will reject SSL connections as
being "un-encrypted"
-------------------------------------------------------------------------------------------------
Key: QPID-2374
URL: https://issues.apache.org/jira/browse/QPID-2374
Project: Qpid
Issue Type: Bug
Components: C++ Broker
Reporter: Ken Giusti
Assignee: Ken Giusti
Running qpidd with "--auth no" and "--require-encryption" will reject SSL-based
encrypted connections.
Running qpidd like so:
$ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir
--no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db
/home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file
/home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name
localhost.localdomain
2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
2010-01-28 10:11:35 notice Listening on TCP port 5672
2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
5671
2010-01-28 10:11:35 notice Broker running
And running perftest using SSL:
$ export QPID_NO_MODULE_DIR=1
$ export QPID_LOAD_MODULE=./.libs/sslconnector.so
$ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
$ export
QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
$ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port
5671
The connection is rejected, and the broker logs:
2010-01-28 10:13:18 error Rejected un-encrypted connection.
I think the proper behavior would have the broker allow encrypted SSL
connections, even if --auth no.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
