[
https://issues.apache.org/jira/browse/DISPATCH-116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326596#comment-14326596
]
ASF subversion and git services commented on DISPATCH-116:
----------------------------------------------------------
Commit 1660733 from [~aconway] in branch 'dispatch/trunk'
[ https://svn.apache.org/r1660733 ]
DISPATCH-116: Qpid dispatch management tools do not use SSL and SASL correctly.
Added support for SSL connections from qdmanage and qdstat tools.
Common command line option handling and SSL config code in
qpid_dispatch_internal.tools.command
for existing and future tools.
Common options are:
Connection Options:
-b URL, --bus=URL URL of the messaging bus to connect to (default 0.0.0.0)
-r ROUTER-ID, --router=ROUTER-ID
Router to be queried
-t SECS, --timeout=SECS
Maximum time to wait for connection in seconds (default
5)
--ssl-certificate=CERT
Client SSL certificate (PEM Format)
--ssl-key=KEY Client SSL private key (PEM Format)
--ssl-trustfile=TRUSTED-CA-DB
Trusted Certificate Authority Database file (PEM Format)
--ssl-password=TRUSTED-CA-DB
Certificate password, will be prompted if not specifed.
NOTE: If --ssl options are present the tools will automatically assume the
amqps: scheme for the URL.
NOTE: --sasl-mechanism option was removed. Presently proton only supports
ANONYMOUS and PLAIN and will auto-detect the SASL mechanism from the URL as
follows:
amqp://host - no SASL at all
amqp://anonymous@host - ANONYMOUS mechanism
amqp://user:password@host - PLAIN mechanism
The tools will add anonymous@ if no user is present to force the use of SASL as
this
is most compatible with dispatch. Dispatch can allow no-SASL connections but
requires
explicit configuration, and SASL connections will always work.
Additional SASL support is in progress, we will update the tools when it is
clear how
additional mechanisms are specified.
> Qpid dispatch management tools do not use SSL and SASL correctly.
> -----------------------------------------------------------------
>
> Key: DISPATCH-116
> URL: https://issues.apache.org/jira/browse/DISPATCH-116
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Management Agent
> Affects Versions: 0.4
> Reporter: Alan Conway
> Assignee: Alan Conway
> Fix For: 0.4
>
>
> Recent changes in proton mean that proton clients do not do a SASL handshake
> by default unless there is a username in the connection URL.
> Since dispatch requires SASL the dispatch management tools need to add
> anonymous@ to connection URLs if there is not aleady a username specified,
> this enables SASL.
> The tools also do not appear to be applying SSL connectoin options correctly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
