Hi,
It seems that the combination of SSL and AMQP 1.0 does not work in 0.30
beta (connection fails). The issue looks exactly the same as
https://issues.apache.org/jira/browse/QPID-5648, which was reported fixed
in trunk and 0.28.
I'm running a 0.30 beta broker with ssl enabled. Without any QPID_SSL
settings present in my environment, I can successfully send a message like
this:
QPID_SSL_CERT_DB=/var/lib/qpidd/ssl/client-db spout -b localhost:5671
--content "hello" --connection-options "{transport:ssl}" amq.topic
Notes - /var/lib/qpidd/ssl/client-db holds an NSS database with the CA cert
for the broker. This example uses the default AMQP 0.10.
When I add the extra protocol option to use AMQP 1.0:
QPID_SSL_CERT_DB=/var/lib/qpidd/ssl/client-db spout -b localhost:5671
--content "hello" --connection-options "{protocol:amqp1.0, transport:ssl}"
amq.topic
I get the error "Connect failed to amqp:ssl:localhost:5671: Reconnect
disabled". If I run this in a debugger I can get some more info on the
error (reported in the callback at
qpid::messaging::amqp::SslTransport::failed()) which is "NSS error
[-12268]". According to the NSS documentation this is "
SSL_ERROR_SSL_DISABLED".
I've done some experimentation and if I call NSS_InitContext() referencing
my NSS db before opening the AMQP connection, the SSL handshake (with
AMQP1.0) is successful.
My first guess would be that there is some difference in the way
qpid::messaging:amqp::ConnectoinHandle (used for AMQP1.0 connections)
and qpid::client::amqp0_10::ConnectionImpl (used for AMQP0.10 connections)
initialise the NSS subsystem. Hopefully that and not an error on my part...
Could you please look into this further?
Many thanks
--
*Chris Richardson*, System Architect
c...@fourc.eu
*FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu
<http://www.fourc.eu/>*
*Follow us on LinkedIn <http://bit.ly/fourcli>, Facebook
<http://bit.ly/fourcfb>, Google+ <http://bit.ly/fourcgp> and Twitter
<http://bit.ly/fourctw>!*
