[
https://issues.apache.org/jira/browse/QPID-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13197121#comment-13197121
]
Keith Wall commented on QPID-3175:
----------------------------------
I think the change of the default SASL mechanism to ANONYMOUS broken the
Python/Javabuild:
{code}
Error during test: Traceback (most recent call last):
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid-python-test",
line 340, in run
phase()
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/tests/messaging/endpoints.py",
line 34, in testEstablish
self.conn = Connection.establish(self.broker, **self.connection_options())
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/messaging/endpoints.py",
line 68, in establish
conn.open()
File "<string>", line 6, in open
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/messaging/endpoints.py",
line 255, in open
self.attach()
File "<string>", line 6, in attach
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/messaging/endpoints.py",
line 273, in attach
self._ewait(lambda: self._transport_connected and not self._unlinked())
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/messaging/endpoints.py",
line 208, in _ewait
self.check_error()
File
"/home/jenkins/jenkins-slave/workspace/Qpid-Python-Java-Test/trunk/qpid/python/qpid/messaging/endpoints.py",
line 201, in check_error
raise self.error
AuthenticationFailure: sasl negotiation failed: no mechanism agreed
{code}
See:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Python-Java-Test/lastCompletedBuild/testReport/
Whilst I think we could change the test harness configuration to pass through
the sasl_mechanisms of PLAIN, I wonder why the decision to default has been
made? I don't see how this contributes to SSL support.
The old code would default to PLAIN if username/password was supplied and PLAIN
was support by the Broker (sasl.py:89) which I think was a useful default
regardless of Broker choice.
Any thoughts please?
> SSL support in Python client libraries
> --------------------------------------
>
> Key: QPID-3175
> URL: https://issues.apache.org/jira/browse/QPID-3175
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Affects Versions: 0.8
> Environment: Windows XP, Python 2.7.1, (broker Red Hat MRG 1.3 on
> RHEL 5.5)
> Reporter: JAkub Scholz
> Assignee: Rafael H. Schloming
> Fix For: 0.15
>
> Attachments: QPID-3175.patch, QPID-3175a.patch
>
>
> I was trying to connect to my broker with SSL encrypted connection (both
> PLAIN and EXTERNAL authentication methods). However, it seems to be not
> working. I get following error messages:
> Traceback (most recent call last):
> File "ssl-external.py", line 20, in <module>
> connection.open()
> File "<string>", line 6, in open
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 244, in open
> self.attach()
> File "<string>", line 6, in attach
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 262, in attach
> self._ewait(lambda: self._transport_connected and not self._unlinked())
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 197, in _ewait
> self.check_error()
> File
> "c:\opt\!_EUREX14\tests\qpid.python-0.8\python\qpid\messaging\endpoints.py",
> line 190, in check_error
> raise self.error
> qpid.messaging.exceptions.ConnectError: [Errno 1] _ssl.c:499:
> error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> In the source codes (messaging/transports.py), the SSL seems to be supported
> and implemented, but it is not working. I didn't found any possibilities how
> to pass the certificates to the SSL libraries and the wrap_socket call in
> transports.py is calling the wrap_socket without any additional attributes
> except the original socket.
> I didn't had the chance to test other platforms or Python versions, except
> Python 2.4.3 on RHEL 5.5, where the SSL is not supported at all (the SSL
> support in Python changed significantly with 2.6)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
