[ https://issues.apache.org/jira/browse/PROTON-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Gibson updated PROTON-1168: -------------------------------- Description: To use the attached config to enable 2 WAY SSL with “authenticate Peer” flag set to TRUE. Restart the qdrouterd instance to pick up the config changes. Make the client send a message based on the AMQP-CLIENT library (which uses Proton J). Code Repository with our client changes - : https://github.paypal.com/sivthiyagarajan/amqp-client Client Error Message: from the log file AMQP framing error EventImpl{type=TRANSPORT_ERROR, context=TransportImpl [_connectionEndpoint=org.apache.qpid.proton.engine.impl.ConnectionImpl@6ef351a0, org.apache.qpid.proton.engine.impl.TransportImpl@44c213d9]} Server Error Message: from the log file =64, totalFreeToHeap=0, transferBatchSize=64, type=org.apache.qpid.dispatch.allocator, typeName=qd_timer_t, typeSize=56) Wed Mar 30 12:00:47 2016 AGENT (info) Activating management agent on $management Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: $management Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: $management Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: FixedAddressEntity(bias=closest, fanout=single, identity=fixedAddress/0, name=fixedAddress/0, prefix=/, type=org.apache.qpid.dispatch.fixedAddress) Wed Mar 30 12:00:47 2016 ROUTER (info) Configured Address: prefix=/ phase=0 fanout=QD_SCHEMA_FIXEDADDRESS_FANOUT_SINGLE bias=QD_SCHEMA_FIXEDADDRESS_BIAS_CLOSEST Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: ListenerEntity(addr=0.0.0.0, authenticatePeer=True, certDb=/home/vsharda/protected/pprootca_cert.pem, certFile=/home/vsharda/protected/generic_cert.pem, identity=listener/0.0.0.0:20009, idleTimeoutSeconds=16, keyFile=/home/vsharda/protected/generic_key.pem, maxFrameSize=65536, name=listener/0.0.0.0:20009, password=pn2.GmdXmkKv.X7fPq.oYDFj8Cs, port=20009, requireEncryption=True, requireSsl=True, role=normal, saslMechanisms=EXTERNAL, stripAnnotations=both, type=org.apache.qpid.dispatch.listener) Wed Mar 30 12:00:47 2016 CONN_MGR (info) Configured Listener: 0.0.0.0:20009 proto=any role=normal Wed Mar 30 12:00:47 2016 SERVER (trace) Listening on 0.0.0.0:20009 Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: ConsoleEntity(identity=console/0, name=console/0, type=org.apache.qpid.dispatch.console, wsport=5673) Wed Mar 30 12:00:47 2016 SERVER (info) Operational, 4 Threads Running Wed Mar 30 12:01:06 2016 SERVER (debug) Accepting incoming connection from 10.225.90.106:51196 to 0.0.0.0:20009 Wed Mar 30 12:01:06 2016 SERVER (trace) Configuring SSL on incoming connection from 10.225.90.106:51196 to 0.0.0.0:20009 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Server SSL socket created. Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL/TLS connection detected Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=162 ) Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 162 bytes to BIO Layer, 0 left over Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Detected read-blocked Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl() returning 162 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Read 3651 bytes from BIO Layer Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 3651 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=205 ) Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 205 bytes to BIO Layer, 0 left over Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:ERROR amqp:connection:framing-error SSL Failure: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: <- EOS Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: -> EOS Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL socket freed. For your reference please find the attached client/server code which is written using the proton C where the 2 way SSL worked fine. (send_with_ssl.c & recv_with_ssl.c) > 2-way Authentication via Certificates Fails in Proton-J > ------------------------------------------------------- > > Key: PROTON-1168 > URL: https://issues.apache.org/jira/browse/PROTON-1168 > Project: Qpid Proton > Issue Type: Bug > Components: proton-j > Affects Versions: 0.12.0 > Environment: Ubuntu 15.10 & RHEL 7 > Qpid Dispatch 0.5 & 0.6 > Proton-C 0.12 and Proton-J 0.12 > Reporter: Jack Gibson > Priority: Critical > > To use the attached config to enable 2 WAY SSL with “authenticate Peer” flag > set to TRUE. > Restart the qdrouterd instance to pick up the config changes. > Make the client send a message based on the AMQP-CLIENT library (which uses > Proton J). Code Repository with our client changes - : > https://github.paypal.com/sivthiyagarajan/amqp-client > Client Error Message: from the log file > AMQP framing error > EventImpl{type=TRANSPORT_ERROR, context=TransportImpl > [_connectionEndpoint=org.apache.qpid.proton.engine.impl.ConnectionImpl@6ef351a0, > org.apache.qpid.proton.engine.impl.TransportImpl@44c213d9]} > Server Error Message: from the log file > =64, totalFreeToHeap=0, transferBatchSize=64, > type=org.apache.qpid.dispatch.allocator, typeName=qd_timer_t, typeSize=56) > Wed Mar 30 12:00:47 2016 AGENT (info) Activating management agent on > $management > Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: > $management > Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: > $management > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > FixedAddressEntity(bias=closest, fanout=single, identity=fixedAddress/0, > name=fixedAddress/0, prefix=/, type=org.apache.qpid.dispatch.fixedAddress) > Wed Mar 30 12:00:47 2016 ROUTER (info) Configured Address: prefix=/ phase=0 > fanout=QD_SCHEMA_FIXEDADDRESS_FANOUT_SINGLE > bias=QD_SCHEMA_FIXEDADDRESS_BIAS_CLOSEST > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > ListenerEntity(addr=0.0.0.0, authenticatePeer=True, > certDb=/home/vsharda/protected/pprootca_cert.pem, > certFile=/home/vsharda/protected/generic_cert.pem, > identity=listener/0.0.0.0:20009, idleTimeoutSeconds=16, > keyFile=/home/vsharda/protected/generic_key.pem, maxFrameSize=65536, > name=listener/0.0.0.0:20009, password=pn2.GmdXmkKv.X7fPq.oYDFj8Cs, > port=20009, requireEncryption=True, requireSsl=True, role=normal, > saslMechanisms=EXTERNAL, stripAnnotations=both, > type=org.apache.qpid.dispatch.listener) > Wed Mar 30 12:00:47 2016 CONN_MGR (info) Configured Listener: 0.0.0.0:20009 > proto=any role=normal > Wed Mar 30 12:00:47 2016 SERVER (trace) Listening on 0.0.0.0:20009 > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > ConsoleEntity(identity=console/0, name=console/0, > type=org.apache.qpid.dispatch.console, wsport=5673) > Wed Mar 30 12:00:47 2016 SERVER (info) Operational, 4 Threads Running > Wed Mar 30 12:01:06 2016 SERVER (debug) Accepting incoming connection from > 10.225.90.106:51196 to 0.0.0.0:20009 > Wed Mar 30 12:01:06 2016 SERVER (trace) Configuring SSL on incoming > connection from 10.225.90.106:51196 to 0.0.0.0:20009 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Server SSL socket created. > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL/TLS connection detected > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=162 ) > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 162 bytes to BIO Layer, 0 > left over > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Detected read-blocked > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl() returning 162 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Read 3651 bytes from BIO Layer > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning > 3651 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=205 ) > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 205 bytes to BIO Layer, 0 > left over > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:ERROR > amqp:connection:framing-error SSL Failure: error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: <- EOS > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: -> EOS > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL socket freed. > For your reference please find the attached client/server code which is > written using the proton C where the 2 way SSL worked fine. (send_with_ssl.c > & recv_with_ssl.c) -- This message was sent by Atlassian JIRA (v6.3.4#6332)