Hari Pyla created QPID-5788:
-------------------------------
Summary: Delay initialization of NSS library until the creation of
first SSL connection.
Key: QPID-5788
URL: https://issues.apache.org/jira/browse/QPID-5788
Project: Qpid
Issue Type: Bug
Components: C++ Client
Affects Versions: 0.28
Reporter: Hari Pyla
There are two issues here:
===Issue 1===
When a qpid C++ client sets the SSL client environment variables
programmatically prior(in program order) to opening a connection, qpid seems to
ignore the environment variables. This issue was reported to the mailing list.
Please find it at
http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
A simple example to reproduce this issue:
===source===
#include <qpid/messaging/Connection.h>
#include <cstdlib>
#include <iostream>
#include <stdlib.h>
using namespace qpid::messaging;
int main()
{
const char* url = "localhost:5671";
std::string connectionOptions =
"{username:admin,password:admin,transport:ssl}";
setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
setenv("QPID_SSL_CERT_PASSWORD_FILE", "/tmp/test/qpid-client-pfile", 1);
Connection connection(url, connectionOptions);
try
{
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
return (-1);
}
connection.close();
return 0;
}
===compilation===
g++ -o test test.cpp -lqpidmessaging
===error message===
Unknown protocol: ssl
(/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)
Gordon responded to this issue at
http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
This method of initialization has another side-effect and leads to the
following:
===Issue 2===
Due to this early initialization, the qid C++ precludes creating multiple
processes which in turn can create connections to the broker. See below
example.
===example===
#include <qpid/messaging/Connection.h>
#include<cstdlib>
#include<iostream>
#include<stdlib.h>
using namespace qpid::messaging;
int foo()
{
const char* url = "localhost:5672";
std::string connectionOptions =
"{username:test,password:test,transport:ssl}";
Connection connection(url, connectionOptions);
try
{
connection.open();
}
catch (const std::exception& e)
{
std::cout << e.what() << "\n";
}
connection.close();
return 0;
}
int main()
{
int retval = -1;
retval = fork();
if (retval == 0)
foo();
else
sleep(5);
return 0;
}
===error message===
On C++ qpid broker:
May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
Error reading socket: Success(0)
On C++ qpid client:
2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
[-8023]
(/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
2014-05-26 20:50:00 [Client] warning Connection closed
This issue has been reported at
http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
and Gordon's response to it is at
http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
