[ https://issues.apache.org/jira/browse/PROTON-1168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jack Gibson updated PROTON-1168: -------------------------------- Attachment: recv_with_ssl.c send_with_ssl.c my_qdrouterd_B_standalone.conf Router configuration and working proton-c implementation. > 2-way Authentication via Certificates Fails in Proton-J > ------------------------------------------------------- > > Key: PROTON-1168 > URL: https://issues.apache.org/jira/browse/PROTON-1168 > Project: Qpid Proton > Issue Type: Bug > Components: proton-j > Affects Versions: 0.12.0 > Environment: Ubuntu 15.10 & RHEL 7 > Qpid Dispatch 0.5 & 0.6 > Proton-C 0.12 and Proton-J 0.12 > Reporter: Jack Gibson > Priority: Critical > Attachments: my_qdrouterd_B_standalone.conf, recv_with_ssl.c, > send_with_ssl.c > > > Using qpid dispatch, we are unable to enable 2 way SSL with proton-j but able > to with proton-c. > To reproduce use the attached config to enable 2 WAY SSL with “authenticate > Peer” flag set to TRUE. > Restart the qdrouterd instance to pick up the config changes. > Make the client send a message based on the AMQP-CLIENT library (which uses > Proton J). > Client Error Message: from the log file > AMQP framing error > EventImpl{type=TRANSPORT_ERROR, context=TransportImpl > [_connectionEndpoint=org.apache.qpid.proton.engine.impl.ConnectionImpl@6ef351a0, > org.apache.qpid.proton.engine.impl.TransportImpl@44c213d9]} > Server Error Message: from the log file > =64, totalFreeToHeap=0, transferBatchSize=64, > type=org.apache.qpid.dispatch.allocator, typeName=qd_timer_t, typeSize=56) > Wed Mar 30 12:00:47 2016 AGENT (info) Activating management agent on > $management > Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: > $management > Wed Mar 30 12:00:47 2016 ROUTER (info) In-Process Address Registered: > $management > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > FixedAddressEntity(bias=closest, fanout=single, identity=fixedAddress/0, > name=fixedAddress/0, prefix=/, type=org.apache.qpid.dispatch.fixedAddress) > Wed Mar 30 12:00:47 2016 ROUTER (info) Configured Address: prefix=/ phase=0 > fanout=QD_SCHEMA_FIXEDADDRESS_FANOUT_SINGLE > bias=QD_SCHEMA_FIXEDADDRESS_BIAS_CLOSEST > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > ListenerEntity(addr=0.0.0.0, authenticatePeer=True, > certDb=/home/vsharda/protected/pprootca_cert.pem, > certFile=/home/vsharda/protected/generic_cert.pem, > identity=listener/0.0.0.0:20009, idleTimeoutSeconds=16, > keyFile=/home/vsharda/protected/generic_key.pem, maxFrameSize=65536, > name=listener/0.0.0.0:20009, password=pn2.GmdXmkKv.X7fPq.oYDFj8Cs, > port=20009, requireEncryption=True, requireSsl=True, role=normal, > saslMechanisms=EXTERNAL, stripAnnotations=both, > type=org.apache.qpid.dispatch.listener) > Wed Mar 30 12:00:47 2016 CONN_MGR (info) Configured Listener: 0.0.0.0:20009 > proto=any role=normal > Wed Mar 30 12:00:47 2016 SERVER (trace) Listening on 0.0.0.0:20009 > Wed Mar 30 12:00:47 2016 AGENT (debug) Add entity: > ConsoleEntity(identity=console/0, name=console/0, > type=org.apache.qpid.dispatch.console, wsport=5673) > Wed Mar 30 12:00:47 2016 SERVER (info) Operational, 4 Threads Running > Wed Mar 30 12:01:06 2016 SERVER (debug) Accepting incoming connection from > 10.225.90.106:51196 to 0.0.0.0:20009 > Wed Mar 30 12:01:06 2016 SERVER (trace) Configuring SSL on incoming > connection from 10.225.90.106:51196 to 0.0.0.0:20009 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Server SSL socket created. > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL/TLS connection detected > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=162 ) > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 162 bytes to BIO Layer, 0 > left over > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Detected read-blocked > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl() returning 162 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Read 3651 bytes from BIO Layer > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning > 3651 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_output_ssl() returning 0 > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:process_input_ssl( data size=205 ) > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:Wrote 205 bytes to BIO Layer, 0 > left over > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:ERROR > amqp:connection:framing-error SSL Failure: error:140890C7:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: <- EOS > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]: -> EOS > Wed Mar 30 12:01:06 2016 SERVER (trace) [1]:SSL socket freed. > For your reference please find the attached client/server code which is > written using the proton C where the 2 way SSL worked fine. (send_with_ssl.c > & recv_with_ssl.c) -- This message was sent by Atlassian JIRA (v6.3.4#6332)