On 02/09/2012 03:51 AM, Paul Colby wrote:
Hi guys,
Did something change with the way we enable SSL for clients in 0.14?
Not that I know of...
I'm trying 0.14 cpp clients to talk to 0.14 cpp brokers.
My current setup works correctly (ie uses SSL) with 0.12 client / servers,
but not 0.14.
I'm setting the client-side transport option to SSL. The, if I
intentionally don't set the NSS environment vars, then I (correctly) get
the Qpid error "SSL connector not enabled, you must set QPID_SSL_CERT_DB to
enable it.". If I set the env vars, then the error goes away, but the
connection just hangs for about 5 minutes trying to connect to the broker.
After the 5 minutes or so, the client stops with "Traffic timeout", and
the broker reports a read failed error.
If I stop the broker, and run netcat to listen on port 5671, I can see the
client begins with "AMQP" - in the clear, ie NOT an SSL handshake. Whereas
the exact same code compiled against the 0.12 client libs begins with
non-printable SSL handshake data. So it looks to me like the client is not
performing an SSL handshake (and presumably the broker is waiting for one,
since this is the broker's SSL-only port).
Could this be a change as a result of
https://issues.apache.org/jira/browse/QPID-3514 ? Or do we need to do
something different / extra to enable client-side SSL in 0.14?
I don't *think* so, but it is always possible...
Can you turn on debug level logging for the client (e.g. export
QPID_LOG_ENABLE=debug+)? We should then see something like 'SslConnector
created for ...' if the client is correctly setup. The
existence/non-existence of such a log statement would help direct
investigation a bit.
PS Non-SSL connections (via 5672) are working fine.
Thanks!
pc
----
http://colby.id.au
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
