[jira] Resolved: (QPID-2374) qpidd: --require-encryption with "--auth no" will reject SSL connections as being "un-encrypted"

Fri, 29 Jan 2010 06:50:56 -0800 

     [ 
https://issues.apache.org/jira/browse/QPID-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ken Giusti resolved QPID-2374.
------------------------------

    Resolution: Fixed

--auth no and --require-encryption will now correctly identify TSL connections 
and accept them.

> qpidd: --require-encryption with "--auth no" will reject SSL connections as 
> being "un-encrypted" 
> -------------------------------------------------------------------------------------------------
>
>                 Key: QPID-2374
>                 URL: https://issues.apache.org/jira/browse/QPID-2374
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>            Reporter: Ken Giusti
>            Assignee: Ken Giusti
>
> Running qpidd with "--auth no" and "--require-encryption" will reject 
> SSL-based encrypted connections.
> Running qpidd like so:
> $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir 
> --no-module-dir --load-module ./.libs/ssl.so  --ssl-cert-db 
> /home/kgiusti/.test_ssl_cert_db/test_cert_db  --ssl-cert-password-file 
> /home/kgiusti/.test_ssl_cert_db/cert.password  --ssl-cert-name 
> localhost.localdomain
> 2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed
> 2010-01-28 10:11:35 notice Listening on TCP port 5672
> 2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671
> 5671
> 2010-01-28 10:11:35 notice Broker running
> And running perftest using SSL:
> $ export QPID_NO_MODULE_DIR=1
> $ export QPID_LOAD_MODULE=./.libs/sslconnector.so
> $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db
> $ export 
> QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password
> $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port 
> 5671
> The connection is rejected, and the broker logs:
> 2010-01-28 10:13:18 error Rejected un-encrypted connection.
> I think the proper behavior would have the broker allow encrypted SSL 
> connections, even if --auth no.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to