[
https://issues.apache.org/jira/browse/PROTON-1473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16339604#comment-16339604
]
Andrew Stitcher commented on PROTON-1473:
-----------------------------------------
The trouble is that authentication doesn't fail in the example you are bringing:
The client will automatically choose to use pure AMQP with no SASL
authentication (or SSL authentication) because it has no authentication
credentials.
Then the server seeing that it is getting a connection with no SASL header
drops the connection as it is configured not to allow non authenticated
connections.
I'm not actually sure whether the confusing error message itself comes from the
client or server end. [It sounds like it comes from the server end as the
'Insufficient data...' message is from the protocol layer auto configure
process which is not turned on in a client.]
I you forced SASL on the client but still didn't provide authentication
credentials then you would likely get a message about mismatching mechs, which
also might not be somewhat cryptic.
To produce a more informative error message in this situation will take a bit
of thinking and design - I will look at the exact protocol flow and see if I
can come up with something.
> [cpp] Cryptic error message when authentication fails
> -----------------------------------------------------
>
> Key: PROTON-1473
> URL: https://issues.apache.org/jira/browse/PROTON-1473
> Project: Qpid Proton
> Issue Type: Bug
> Components: cpp-binding
> Affects Versions: proton-c-0.17.0
> Environment: Fedora 25
> Client: examples/cpp/helloworld
> Server: Dispatch router listener configured with authenticatePeer: yes and a
> suitable common sasl mechanism
> Reporter: Chuck Rolke
> Assignee: Andrew Stitcher
> Priority: Major
> Labels: sasl
> Fix For: proton-c-0.21.0
>
>
> If you specify the URL with no credentials:
> {noformat}
> cpp> ./helloworld 192.168.0.16:5674/aaa
> amqp:connection:framing-error: AMQP header mismatch: Insufficient data to
> determine protocol [''] (connection aborted)
> {noformat}
> This error message is true in a strict sense but does not give a user much of
> a clue about what's wrong.
> The same setup with good URL credentials:
> {noformat}
> cpp> ./helloworld user:[email protected]:5674/aaa
> Hello World!
> {noformat}
> The same setup with bad URL credentials:
> {noformat}
> cpp> ./helloworld user:[email protected]:5674/aaa
> amqp:unauthorized-access: Authentication failed [mech=DIGEST-MD5]
> {noformat}
> This error message is good.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
