Hi,
I have another SSL problem and potential fix, this time to the qpid-python
package. Any chance this could make it into the 0.30 release?
In summary, qpid-route is unable to connect to destination brokers with
TLS, which implies in practice that a federated topology cannot have
"require-encrypted" set.
Circumstances are:
* Configure a broker for both plain and TLS access
* Access plaintext service with eg: "qpid-route route list" - should show
an (empty) list of routes
* Access TLS service with eg: "qpid-route route list amqps://localhost" -
connection will fail with "Failed: ConnectionFailed - (None, 'connection
aborted')"
This happens because qpid/framer.py:93 reads the 8-byte AMQP protocol
header from the socket (waiting for sufficient data in a loop) with
s = self.sock.recv(n)
This is fine in plaintext when sufficient data is present, but with TLS
enabled the header is fragmented and it reads from the socket twice,
actually reading 9 bytes (1 byte into the next part of the connection
handshake). This byte is discarded and the handshake later fails.
Replacing the read with
s = self.sock.recv(n - len(self.rx_buf))
appears to fix the problem.
This error does not affect all python tools eg: qpid-stat, which use the
qpid::messaging::Connection instead of the qpid::connection::Connection
class.
Regards
--
*Chris Richardson*, System Architect
c...@fourc.eu
*FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu
<http://www.fourc.eu/>*
*Follow us on LinkedIn <http://bit.ly/fourcli>, Facebook
<http://bit.ly/fourcfb>, Google+ <http://bit.ly/fourcgp> and Twitter
<http://bit.ly/fourctw>!*
