[
https://issues.apache.org/jira/browse/QPID-6261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14239612#comment-14239612
]
Gordon Sim commented on QPID-6261:
----------------------------------
For the broker listening on 10000 to connect to the broker listening on 10002,
it must be able to verify the certificate of the server it is connecting to and
check that it matches the correct hostname. How did you set up the certificate
database for the brokers, and do the server certificates match the hostname/ip
being used to connect?
That said, if qpid-route is throwing an error it may not even have successfully
asked the inter-broker connection to be established. Try running qpid-config
against the broker on 10000 using the same ssl settings. Are you also using
0.30 of the python libraries and tools? It sounds a little like
https://issues.apache.org/jira/browse/QPID-5773, though that *should* be
resolved in 0.30.
> Federation with SSL is failing between two brokers
> --------------------------------------------------
>
> Key: QPID-6261
> URL: https://issues.apache.org/jira/browse/QPID-6261
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.30
> Environment: CentOS 7
> Reporter: Brent Driskill
> Priority: Critical
> Attachments: qpidd10000.conf, qpidd10002.conf
>
>
> I am unable to get federation to work between two brokers that are SSL
> enabled with different SASL configurations.
> Reproduction Steps:
> 1. Deploy two separate brokers on the same machine. One has port 10000
> (destination broker) and one has port 10002 (source broker). The
> configuration for both these brokers are attached. The acl file for broker
> 10000 has "acl allow all all" and the other has "acl allow all all" for a
> specific user.
> 2. Execute python scripts to create the queues and exchanges
> 3. Execute the following qpid-route command to federate between the two:
> {noformat}
> qpid-route queue add amqps://<username>/<password>@<ip>:10000
> amqps://<username>/<password>@<ip>:10002 <destination_exchange>
> <source_queue> -t ssl --ssl-certificate <path_to_pem>
> {noformat}
> The qpid-route throws the following error:
> {noformat}
> Failed: ConnectionFailed - (None, 'connection aborted')
> {noformat}
> I see the following error in the logs for broker 10000 around the same time
> (not sure if it is related or not)
> {noformat}
> 2014-12-02 14:18:07 [System] error Connection
> qpid.192.168.10.104:10000-192.168.10.104:33642 No protocol received closing
> 2014-12-02 14:18:07 [System] debug DISCONNECTED
> [qpid.192.168.10.104:10000-192.168.10.104:33642]
> {noformat}
> If I disable SSL, everything works perfectly (with the sasl configurations
> the same). The c++ clients are able to connect to both brokers correctly
> using the pem file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
