[
https://issues.apache.org/jira/browse/QPID-5788?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14017679#comment-14017679
]
ASF subversion and git services commented on QPID-5788:
-------------------------------------------------------
Commit 1600188 from [~gsim] in branch 'qpid/trunk'
[ https://svn.apache.org/r1600188 ]
QPID-5788: delayed initiation of nss
> Delay initialization of NSS library until the creation of first SSL
> connection.
> -------------------------------------------------------------------------------
>
> Key: QPID-5788
> URL: https://issues.apache.org/jira/browse/QPID-5788
> Project: Qpid
> Issue Type: Bug
> Components: C++ Client
> Affects Versions: 0.28
> Reporter: Hari Pyla
> Assignee: Gordon Sim
> Fix For: 0.29
>
>
> There are two issues here:
> ===Issue 1===
> When a qpid C++ client sets the SSL client environment variables
> programmatically prior(in program order) to opening a connection, qpid seems
> to ignore the environment variables. This issue was reported to the mailing
> list. Please find it at
> http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
>
> A simple example to reproduce this issue:
> ===source===
> #include <qpid/messaging/Connection.h>
> #include <cstdlib>
> #include <iostream>
> #include <stdlib.h>
> using namespace qpid::messaging;
> int main()
> {
> const char* url = "localhost:5671";
> std::string connectionOptions =
> "{username:admin,password:admin,transport:ssl}";
> setenv("QPID_SSL_CERT_NAME", "QpidCppClient", 1);
> setenv("QPID_SSL_CERT_DB", "/tmp/test/client_db", 1);
> setenv("QPID_SSL_CERT_PASSWORD_FILE", "/tmp/test/qpid-client-pfile", 1);
> Connection connection(url, connectionOptions);
> try
> {
> connection.open();
> }
> catch (const std::exception& e)
> {
> std::cout << e.what() << "\n";
> return (-1);
> }
> connection.close();
> return 0;
> }
> ===compilation===
> g++ -o test test.cpp -lqpidmessaging
> ===error message===
> Unknown protocol: ssl
> (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/client/Connector.cpp:52)
> Gordon responded to this issue at
> http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
> This method of initialization has another side-effect and leads to the
> following:
> ===Issue 2===
> Due to this early initialization, the qid C++ precludes creating multiple
> processes which in turn can create connections to the broker. See below
> example.
> ===example===
> #include <qpid/messaging/Connection.h>
> #include<cstdlib>
> #include<iostream>
> #include<stdlib.h>
> using namespace qpid::messaging;
> int foo()
> {
> const char* url = "localhost:5672";
> std::string connectionOptions =
> "{username:test,password:test,transport:ssl}";
> Connection connection(url, connectionOptions);
> try
> {
> connection.open();
> }
> catch (const std::exception& e)
> {
> std::cout << e.what() << "\n";
> }
> connection.close();
> return 0;
> }
> int main()
> {
> int retval = -1;
> retval = fork();
> if (retval == 0)
> foo();
> else
> sleep(5);
> return 0;
> }
> ===error message===
> On C++ qpid broker:
> May 26 20:50:00 qa1 qpidd[21500]: 2014-05-26 20:50:00 [System] error
> Error reading socket: Success(0)
> On C++ qpid client:
> 2014-05-26 20:50:00 [Security] warning Connect failed: Failed: NSS error
> [-8023]
> (/builddir/build/BUILD/qpid-0.28-rc2/cpp/src/qpid/sys/ssl/SslSocket.cpp:156)
> 2014-05-26 20:50:00 [Client] warning Connection closed
> This issue has been reported at
> http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
> and Gordon's response to it is at
> http://mail-archives.apache.org/mod_mbox/qpid-users/201405.mbox/%[email protected]%3E
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
