Brent Driskill created QPID-6261:
------------------------------------
Summary: Federation with SSL is failing between two brokers
Key: QPID-6261
URL: https://issues.apache.org/jira/browse/QPID-6261
Project: Qpid
Issue Type: Bug
Components: C++ Broker
Affects Versions: 0.30
Environment: CentOS 7
Reporter: Brent Driskill
Priority: Critical
I am unable to get federation to work between two brokers that are SSL enabled
with different SASL configurations.
Reproduction Steps:
1. Deploy two separate brokers on the same machine. One has port 10000
(destination broker) and one has port 10002 (source broker). The configuration
for both these brokers are attached. The acl file for broker 10000 has "acl
allow all all" and the other has "acl allow all all" for a specific user.
2. Execute python scripts to create the queues and exchanges
3. Execute the following qpid-route command to federate between the two:
{noformat}
qpid-route queue add amqps://<username>/<password>@<ip>:10000
amqps://<username>/<password>@<ip>:10002 <destination_exchange> <source_queue>
-t ssl --ssl-certificate <path_to_pem>
{noformat}
The qpid-route throws the following error:
{noformat}
Failed: ConnectionFailed - (None, 'connection aborted')
{noformat}
I see the following error in the logs for broker 10000 around the same time
(not sure if it is related or not)
{noformat}
2014-12-02 14:18:07 [System] error Connection
qpid.192.168.10.104:10000-192.168.10.104:33642 No protocol received closing
2014-12-02 14:18:07 [System] debug DISCONNECTED
[qpid.192.168.10.104:10000-192.168.10.104:33642]
{noformat}
If I disable SSL, everything works perfectly (with the sasl configurations the
same). The c++ clients are able to connect to both brokers correctly using the
pem file.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
