[ https://issues.apache.org/jira/browse/QPID-2374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ken Giusti resolved QPID-2374. ------------------------------ Resolution: Fixed --auth no and --require-encryption will now correctly identify TSL connections and accept them. > qpidd: --require-encryption with "--auth no" will reject SSL connections as > being "un-encrypted" > ------------------------------------------------------------------------------------------------- > > Key: QPID-2374 > URL: https://issues.apache.org/jira/browse/QPID-2374 > Project: Qpid > Issue Type: Bug > Components: C++ Broker > Reporter: Ken Giusti > Assignee: Ken Giusti > > Running qpidd with "--auth no" and "--require-encryption" will reject > SSL-based encrypted connections. > Running qpidd like so: > $ ./qpidd --auth no --require-encryption --transport ssl --no-data-dir > --no-module-dir --load-module ./.libs/ssl.so --ssl-cert-db > /home/kgiusti/.test_ssl_cert_db/test_cert_db --ssl-cert-password-file > /home/kgiusti/.test_ssl_cert_db/cert.password --ssl-cert-name > localhost.localdomain > 2010-01-28 10:11:35 notice SASL disabled: No Authentication Performed > 2010-01-28 10:11:35 notice Listening on TCP port 5672 > 2010-01-28 10:11:35 notice Listening for SSL connections on TCP port 5671 > 5671 > 2010-01-28 10:11:35 notice Broker running > And running perftest using SSL: > $ export QPID_NO_MODULE_DIR=1 > $ export QPID_LOAD_MODULE=./.libs/sslconnector.so > $ export QPID_SSL_CERT_DB=/home/kgiusti/.test_ssl_cert_db/test_cert_db > $ export > QPID_SSL_CERT_PASSWORD_FILE=/home/kgiusti/.test_ssl_cert_db/cert.password > $ ./tests/perftest --count 1 -P ssl -b localhost.localdomain --summary --port > 5671 > The connection is rejected, and the broker logs: > 2010-01-28 10:13:18 error Rejected un-encrypted connection. > I think the proper behavior would have the broker allow encrypted SSL > connections, even if --auth no. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:dev-subscr...@qpid.apache.org