Tomas Restrepo wrote:
Hi Kevin,
Based on my reading of the code when I did the SSL changes, it looked like
the
broker only ever listened on one or the other. I'll take a look and see
about
adding support for both, at least for debugging purposes.
Thanks, I really appreciate it. I think this is rather useful. FWIW, the old
code used to have two different Boolean switches in the configuration that
independently controlled if the broker listened on the ssl and non-ssl
ports. It seemed to work fine at the time (at least I remember being able to
get the broker to accept connections on both).
There's pretty good information on configuring keystores and setting up
self-signed certs (good enough for testing) here:
http://mindprod.com/jgloss/keytoolexe.html
The section entitled "Generating A Phony Certificate" has the steps I use
to
create and configure a keystore for SSL testing.
Fantastic, thanks. That did the trick (once I figured out the page used a
java applet to show the example scripts... yuk).
Tomas Restrepo
[EMAIL PROTECTED]
http://www.winterdom.com/weblog/
Work's been crazed lately so I haven't had a lot of time to spend on qpid, but I
have a patch to implement listening on both styles of sockets.
java/broker/etc/config.xml contains the updated config needed to get this
working. In a nutshell you'll need to add a <sslOnly>(true | false)</sslOnly>
tag to the <ssl> config block. The value defaults to true so as to get sane
behavior in normal use but it can be overridden by setting it false.
Let me know if this works for you and I'll get a JIRA open for this and attach
the patch. Like I said -- I haven't had much time to test it so I'm _pretty_
sure this sure work but you never know.... :)
--Kevin
Index:
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
===================================================================
---
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
(revision 509202)
+++
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
(working copy)
@@ -41,11 +41,7 @@
@Configured(path = "connector.bind",
defaultValue = "wildcard")
public String bindAddress;
-
- @Configured(path = "connector.sslport",
- defaultValue = SSL_PORT)
- public int sslPort;
-
+
@Configured(path = "connector.socketReceiveBuffer",
defaultValue = "32767")
public int socketReceiveBufferSize;
@@ -74,6 +70,14 @@
defaultValue = "false")
public boolean enableSSL;
+ @Configured(path = "connector.ssl.sslOnly",
+ defaultValue = "true")
+ public boolean disableNonSSL;
+
+ @Configured(path = "connector.ssl.port",
+ defaultValue = SSL_PORT)
+ public int sslPort;
+
@Configured(path = "connector.ssl.keystorePath",
defaultValue = "none")
public String keystorePath;
Index: broker/src/main/java/org/apache/qpid/server/Main.java
===================================================================
--- broker/src/main/java/org/apache/qpid/server/Main.java (revision
509202)
+++ broker/src/main/java/org/apache/qpid/server/Main.java (working copy)
@@ -67,9 +67,6 @@
private static final String DEFAULT_LOG_CONFIG_FILENAME = "log4j.xml";
-
- private static Main _instance;
-
protected static class InitException extends Exception
{
InitException(String msg)
@@ -324,7 +321,7 @@
sconfig.setThreadModel(ReadWriteThreadModel.getInstance());
}
- if (!connectorConfig.enableSSL)
+ if (!connectorConfig.disableNonSSL)
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
InetSocketAddress bindAddress;
@@ -340,7 +337,7 @@
_logger.info("Qpid.AMQP listening on non-SSL address " +
bindAddress);
}
- else
+ if (!connectorConfig.enableSSL)
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
try
@@ -364,7 +361,7 @@
public static void main(String[] args)
{
- _instance = new Main(args);
+ new Main(args);
}
private byte[] parseIP(String address) throws Exception
Index: broker/etc/config.xml
===================================================================
--- broker/etc/config.xml (revision 509202)
+++ broker/etc/config.xml (working copy)
@@ -28,6 +28,7 @@
to enable SSL support
<ssl>
<enabled>true</enabled>
+ <sslOnly>true</sslOnly>
<keystorePath>/path/to/keystore.ks</keystorePath>
<keystorePassword>keystorepass</keystorePassword>
</ssl>-->
