C++ Client: SSL connection configuration

Tue, 29 Jul 2014 04:32:59 -0700 

Hi All,
currently I am trying to connect to a third party AMQP broker using a c++ client with qpid 0.28. 


The broker is configured to use ssl. The client uses a self signed 
certificate. This certificate is available in the broker.



I created the self signed certificate and added it into my certificate 
db. I also added the third party broker certificate.


> mkdir clientCertDb
> certutil -N -d clientCertDb

> certutil -A -d clientCertDb -n "BrokerCert"  -t "T,," -a -i 
clientCertDb/Broker.crt
> certutil -A -d clientCertDb -n "ClientCert"  -a -i 
clientCertDb/Client.crt -t ",,"


Then I set the environment for the client:
export QPID_SSL_CERT_DB=./clientCertDb
export QPID_SSL_CERT_NAME=ClientCert
export QPID_SSL_CERT_PASSWORD_FILE=./pwfile

The client fails to connect to the server. The client library log says:

-------------------------------------------------------
Driver started
Starting connection to amqp:ssl:<ipaddr>:<port>
Connecting to ssl:<ipaddr>:<port>
ssl:<ipaddr>:<port> Connecting ...
Connecting: <ipaddr>:<port>

Exception constructed: Failed: NSS error [-8179] 
(qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
Failed to connect: Failed: NSS error [-8179] 
(qpid-0.28/qpid-0.28/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)

Driver stopped
-------------------------------------------------------


I do not get what is going wrong. As far as I understood I do not have 
to give the c++ client any hint where to find the broker certificate.

Is this right?


Unfortunately the error message in the client log is not helpful for me. 
I don't see any details what the problem is.



I tried to get more information using openssl s_client:


> openssl s_client -connect <ipaddr>:<port> -CAfile 
clientCertDb/Client.crt -debug  -key Client.key -CApath clientCertDb/


It says:
Verify return code: 20 (unable to get local issuer certificate)



Does anyone of you know how to configure this or how I can get more 
information?


Regards,
Andreas





---
Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz 
ist aktiv.
http://www.avast.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org























					Reply via email to