Re: Using Qpid Dispatch (with C++ broker)

Ok, I have to correct my self ... with the extensions as critical it seems to work as desired. I will have to think which approach would be better for us. Either case, thanks a lot for your help. Regards Jakub On Mon, Aug 31, 2015 at 4:26 PM, Jakub Scholz wrote: > > On Mon, Aug 31, 2015 at 4:22

Re: Using Qpid Dispatch (with C++ broker)

On Mon, Aug 31, 2015 at 4:22 PM, Cliff Jansen wrote: > both the "basic constraint" and "extended k Ah, I don't think I set them both as critical - my mistake. I will try again :-).

Re: Using Qpid Dispatch (with C++ broker)

If you have set both the "basic constraint" and "extended key usage" fields AND marked them both critical, then I believe you are being limited by the RFC5280 section 6.2 murkiness exception for self-signed certificates. Cliff On Mon, Aug 31, 2015 at 6:50 AM, Jakub Scholz wrote: > BTW: I played

Re: Using Qpid Dispatch (with C++ broker)

BTW: I played with the CA:true / CA:false extensions and it doesn't seem that OpenSSL in Dispatch really cares about them. On Mon, Aug 31, 2015 at 9:32 AM, Jakub Scholz wrote: > Hi Cliff, > > Yes, you perfectly described how we use the NSS database in qpidd today. > > I was wondering whether the

Re: Using Qpid Dispatch (with C++ broker)

Hi Cliff, Yes, you perfectly described how we use the NSS database in qpidd today. I was wondering whether the CA:false and CA:true can play a role. I will test it to see. The idea of using the intermediate CAs to avoid the revocation list is interesting, I didn't though about it before, but it

Re: Using Qpid Dispatch (with C++ broker)

> From: "Jakub Scholz" > To: users@qpid.apache.org > Sent: Friday, August 28, 2015 9:54:35 AM > Subject: Re: Using Qpid Dispatch (with C++ broker) > > Thanks for the clarification regarding the certificate databases. As I see > it, the trustedCerts might be useful in case y

Re: Using Qpid Dispatch (with C++ broker)

Thanks for the clarification regarding the certificate databases. As I see it, the trustedCerts might be useful in case you don't use CAs but directly the end user certificates. This is what I usually use with self-signed certificates. In such case you don't wont to have them all listed during the

Re: Using Qpid Dispatch (with C++ broker)

Thanks for answering the questions. I didn't found any JIRA for enhancing the prefix in link routing, so I entered DISPATCH-159 . Regards Jakub On Tue, Aug 25, 2015 at 4:58 AM, Ted Ross wrote: > > > On 08/19/2015 11:15 AM, Jakub Scholz wrote:

Re: Using Qpid Dispatch (with C++ broker)

The certDb (proton: pn_ssl_domain_t::pn_ssl_domain_trusted_certificate_db) is the database/collection/store of CA certificates which are used to validate the authenticity of the peer's certificate (client or server). For self signed certificates, at least the public portion of the certificate itse

Re: Using Qpid Dispatch (with C++ broker)

On 08/19/2015 11:15 AM, Jakub Scholz wrote: I spent some time playing with Qpid Dispatch (0.4) in combination with Qpid C++ broker. I was impressed about what it does already. Big +1 to everyone involved. I still run into some issues / limitations / questions ... maybe someone can help with th

Using Qpid Dispatch (with C++ broker)

I spent some time playing with Qpid Dispatch (0.4) in combination with Qpid C++ broker. I was impressed about what it does already. Big +1 to everyone involved. I still run into some issues / limitations / questions ... maybe someone can help with them ... 1) Is there some technical reason why th