Hi Gordon,
I've turned on tracing (see logs below), and for the 0.14 client libs it's
creating a TCPConnector, whereas the 0.12 version creates an SslConnector
instead.
0.14:
Created connection redacted:5671 with {heartbeat:60, password:guest,
reconnect-urls:[redacted :5671], transport:ssl, username:guest}
Trying to connect to redacted:5671...
Created IO thread: 0
TCPConnector created for 0-10
Connecting: 192.168.9.92:5671
0.12:
Created connection redacted:5671 with {heartbeat:60, password:guest,
reconnect-urls:[redacted:5671], transport:ssl, username:guest}
Trying to connect to redacted :5671...
Created IO thread: 0
SslConnector created for \x00-
Any advice would be much appreciated :)
pc
----
http://colby.id.au
On Sat, Feb 11, 2012 at 1:08 AM, Gordon Sim <[email protected]> wrote:
> On 02/09/2012 03:51 AM, Paul Colby wrote:
>
>> Hi guys,
>>
>> Did something change with the way we enable SSL for clients in 0.14?
>>
>
> Not that I know of...
>
>
> I'm trying 0.14 cpp clients to talk to 0.14 cpp brokers.
>>
>> My current setup works correctly (ie uses SSL) with 0.12 client / servers,
>> but not 0.14.
>>
>> I'm setting the client-side transport option to SSL. The, if I
>> intentionally don't set the NSS environment vars, then I (correctly) get
>> the Qpid error "SSL connector not enabled, you must set QPID_SSL_CERT_DB
>> to
>> enable it.". If I set the env vars, then the error goes away, but the
>> connection just hangs for about 5 minutes trying to connect to the broker.
>> After the 5 minutes or so, the client stops with "Traffic timeout", and
>> the broker reports a read failed error.
>>
>> If I stop the broker, and run netcat to listen on port 5671, I can see the
>> client begins with "AMQP" - in the clear, ie NOT an SSL handshake.
>> Whereas
>> the exact same code compiled against the 0.12 client libs begins with
>> non-printable SSL handshake data. So it looks to me like the client is
>> not
>> performing an SSL handshake (and presumably the broker is waiting for one,
>> since this is the broker's SSL-only port).
>>
>> Could this be a change as a result of
>> https://issues.apache.org/**jira/browse/QPID-3514<https://issues.apache.org/jira/browse/QPID-3514>?
>> Or do we need to do
>> something different / extra to enable client-side SSL in 0.14?
>>
>
> I don't *think* so, but it is always possible...
>
> Can you turn on debug level logging for the client (e.g. export
> QPID_LOG_ENABLE=debug+)? We should then see something like 'SslConnector
> created for ...' if the client is correctly setup. The
> existence/non-existence of such a log statement would help direct
> investigation a bit.
>
>
> PS Non-SSL connections (via 5672) are working fine.
>>
>> Thanks!
>>
>> pc
>> ----
>> http://colby.id.au
>>
>>
>
> ------------------------------**------------------------------**---------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact:
> mailto:users-subscribe@qpid.**apache.org<[email protected]>
>
>
