Hi, I'm attempting to set up a broker federation topology using purely SSL client authentication and the EXTERNAL SASL mechanism on qpid-cpp 0.34. This seems to be within an iota of working but I can't quite get the configuration correct for the inter-broker routes.
The point I have arrived at is that I have 2 brokers, both of which are configured to accept only connections over SSL with client cert authentication. Both python (qpid-stat et al) and c++ (qpid-send/receive) clients work perfectly - however the route between the brokers does not work because the broker establishing the connection does not use a suitable certificate. The connection fails with Inter-broker link disconnected from broker-2:5671 Failed: SSL peer cannot verify your certificate. [-12271] I've found I can fix this by setting the QPID_SSL_CERT_DB, QPID_SSL_CERT_PASSWORD_FILE and QPID_SSL_CERT_NAME variables in the environment of the source broker process, but c++ client connections to this broker then fail with Failed to connect: Failed: NSS error [-8101] (/var/tmp/portage/net-misc/qpid-cpp-0.34/work/qpid-cpp-0.34/src/qpid/sys/ssl/SslSocket.cpp:177) According to the NSS documentation this error is due to an invalid use of an SSL certificate (eg: server auth cert being used for client auth) but this is the same certificate which previously worked fine. Python client connections are unaffected. I have a swathe of configuration data and logs which I can share if needed, but to begin with can you tell me if this is something which should, at least in principle, work? Thanks in advance -- *Chris Richardson*, System Architect c...@fourc.eu *FourC AS, Vestre Rosten 81, Trekanten, NO-7075 Tiller, Norwaywww.fourc.eu <http://www.fourc.eu/>* *Follow us on LinkedIn <http://bit.ly/fourcli>, Facebook <http://bit.ly/fourcfb>, Google+ <http://bit.ly/fourcgp> and Twitter <http://bit.ly/fourctw>!*
