Hi Marcello, Supplementing Jakub's reply, the source for the Org.Apache.Qpid.Messaging dll is written in C++/CLI (not C#). You can find it in the C++ Multiple component package or the full C++ source release. It will be in:
qpidXX/cpp/bindings/qpid/dotnet/src It is probably safer using the full source release if you are building from scratch. Look at the README-winsdk.txt file. Since the C++/CLI code relies on the underlying pure native C++ libraries to handle the certificates, you should first verify that a pure C++ test program works as you expect first. Cliff On Mon, Oct 29, 2012 at 6:14 AM, Jakub Scholz <ja...@scholz.cz> wrote: > Hi Marcello, > > The QPID-3914 JIRA delivers the SASL EXTERNAL support. You will need to > download the patch and apply it to the source codes and build your own > versionn of the library. > > If you follow the guide for building the C++/.NET library on Windows, which > is somewhere in the SVN trunk, it is fairly simple. > > Since the QPID-3914 is not part of the SVN, but just an patch which is not > committed, you will probably not find binaries for download which contain > the SASL EXTERNAL patch ... > > Regards > Jakub > Dne 23.10.2012 14:11 "Marcello" <mf...@euro-finance-systems.fr> napsal(a): > >> Hi, >> >> I’m trying to connect to a Red Hat MRG 2.0 (Qpid 0.10) broker (compliant >> with AMQP 0-10). >> >> My client application is a .Net Windows application and we use the Apache >> QPid 0.18 C++/C# module (compliant with AMQP 0-10), provided to us by >> Riverace ( http://www.riverace.com/qpid/downloads.htm >> <http://www.riverace.com/qpid/downloads.htm> ). >> >> In order to be connected and authenticate us to the remote broker we have >> currently referenced the .Net assembly org.apache.qpid.messaging.dll found >> in the installation package, which encapsulates the Apache QPid C++ native >> component. You will find the code source below. >> >> Any connection attempt fails and a QpidException is raised « Failed to >> connect (reconnect disabled) ». Stack trace : >> .Apache.Qpid.Messaging.Connection.Open() dans >> c:\qpid\0.18\qpid\cpp\bindings\qpid\dotnet\src\connection.cpp:ligne 243 >> >> The broker and the client run on different machines connected to the same >> VPN network, the client and the broker are directly connected on the same >> subnet. >> >> The authentication process to the broker is done via a SASL EXTERNAL >> mechanism, that uses SSL either for encryption and authentication. The >> authentication process uses certificates registered on the Windows machine >> where the client is running. >> >> On the Windows client machine the public broker certificate is currently >> registered on the “Root” store as well as the client certificate >> (self-signed and created by us) is currently registered on the “My” store. >> The public part of the client certificate has been correctly registered on >> the broker side. >> >> Our own .Net client set the following connection properties: >> >> using Org.Apache.Qpid.Messaging; >> >> ... >> >> Connection connection = null; >> connection = new Connection("amqp:ssl:<broker address>:<broker ssl >> port>"); >> >> connection.SetOption("reconnect", true); >> connection.SetOption("transport", "ssl"); >> connection.SetOption("reconnect_limit", <number of maximal attempts>); >> connection.SetOption("reconnect_urls", "amqp:ssl:<broker >> address>:<broker ssl port>"); >> >> // the following option, set username, is mandatory when an EXTERNAL >> sasl_mechanisms is provided >> connection.SetOption("username", "<client certificate>"); >> connection.SetOption("sasl_mechanisms", "EXTERNAL"); >> >> connection.Open(); >> >> When the Open command is executed the client attempts to connect to the >> default SSL port of the broker without success, raising the QpidException. >> >> Riverace ( http://www.riverace.com/ <http://www.riverace.com/> ), where >> we >> get the Apache Qpid component, warned us that the Apache QPid 0.18 C++/C# >> does not have native support for client-side certificate authentication. >> >> Then we have probably to build our own Apache QPid C++ component, starting >> from the source available onto the Apache Qpid site, after having applied >> some enhancements to the SSL handling for the Qpid C++ code. >> >> I would be glad if someone could answer the questions below: >> 1. The SSL enhancement I need is it provided applying the patch >> « >> SSL Client Authentication support for the Windows C++ client », >> https://issues.apache.org/jira/browse/QPID-3914 >> <https://issues.apache.org/jira/browse/QPID-3914> ? >> 2. The only .net source package available on the Apache QPid >> site >> ( http://qpid.apache.org/download.html ) is « C# (.NET, WCF) WCF channel >> (C++ Broker Compatible) » and the assembly we are currently using the >> org.apache.qpid.messaging dll is not available anymore or I am not able to >> found it, do you know where I can find the org.apache.qpid.messaging .Net >> source code ? >> 3. Do you know where I can find a QPid component installation >> package that includes SSL support with client-side certificate >> authentication and compliant with AMQP 0-10 standard? Maybe The Red Hat MRG >> Messaging ( http://www.redhat.com/mrg/messaging/ >> <http://www.redhat.com/mrg/messaging/> ) includes this feature ? >> >> Thanks in advance for your support >> >> Marcello >> >> >> >> >> -- >> View this message in context: >> http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696.html >> Sent from the Apache Qpid users mailing list archive at Nabble.com. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org >> For additional commands, e-mail: users-h...@qpid.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
