Tomas Restrepo wrote:
Hi Kevin,
Work's been crazed lately so I haven't had a lot of time to spend on qpid,
but I have a patch to implement listening on both styles of sockets.
java/broker/etc/config.xml contains the updated config needed to get this
working. In a nutshell you'll need to add a <sslOnly>(true |
false)</sslOnly> tag to the <ssl> config block. The value defaults to true
so as to get sane behavior in normal use but it can be overridden by
setting it false.
Many thanks for the patch. I was able to get the server to listen on both ports, but it
does appear like the interpretation of the value for the <ssl><enabled/>
element got reversed: SSL only appears to get enabled if a set it to false!
That said, even when I got the broker to listen on both ports, non-ssl
connections worked fine, but SSL connections didn't work:
2007-02-19 20:02:39,365 INFO [main] server.Main (Main.java:337) - Qpid.AMQP
listening on
non-SSL address 0.0.0.0/0.0.0.0:5672
2007-02-19 20:02:39,375 INFO [main] server.Main (Main.java:347) - Qpid.AMQP
listening on
SSL port 8672
2007-02-19 20:03:39,131 INFO [SocketAcceptor-0] pool.PoolingFilter
(PoolingFilter.java:181) - Init called on PoolingFilter AsynchronousReadFilter
2007-02-19 20:03:39,131 INFO [SocketAcceptor-0] pool.PoolingFilter
(PoolingFilter.java:181) - Init called on PoolingFilter AsynchronousWriteFilter
2007-02-19 20:03:39,491 INFO [SocketAcceptorIoProcessor-0.0]
protocol.AMQPFastProtocolHandler (AMQPFastProtocolHandler.java:85) - Protocol
session created
2007-02-19 20:03:39,501 INFO [SocketAcceptorIoProcessor-0.0]
protocol.AMQPFastProtocolHandler (AMQPFastProtocolHandler.java:130) - Session
opened
2007-02-19 20:03:39,922 ERROR [pool-2-thread-1]
protocol.AMQPFastProtocolHandler (AMQPFastProtocolHandler.java:190) - Exception
caught inAMQProtocolSession(/127.0.0.1:4007), closing session explictly:
org.apache.mina.filter.codec.ProtocolDecoderException:
org.apache.qpid.framing.AMQProtocolHeaderException: Invalid protocol header -
read ▬♥☺ (Hexdump: 3D 01
00 00 39 03 01 45 DA 48 EB 7E A2 46 8D C7 4A 4A B4 15 54 83 6A 6B 96 36 B1 CE
67 10 CC 37
5A BC 05 E7 1A BE A6 00 00 12 00 35 00 2F 00 05 00 04 00 0A 00 09 00 03 00 06
00 08 01 00)
So it would appear like the server is indeed listening on the SSL port but with a without the SSL filter.
Update: Actually scratch that; even when only listening on the SSL port it
doesn't work, so it might be something else happening here. Might it be the
inversed ssl/enabled flag?
Thanks,
Tomas Restrepo
[EMAIL PROTECTED]
http://www.winterdom.com/weblog/
Color me sheepish....this is what I get for dashing code off when I don't take
the time to test it properly. Attached is a patch against current svn which
should actually work (imagine that! :) this time. I've tested it with the Java
client with SSL and non-SSL sockets.
I can pretty reliably reproduce this stack trace when the client closes its side
of the connection:
56303 [SocketAcceptorIoProcessor-0.0] ERROR
org.apache.qpid.server.protocol.AMQPFastProtocolHandler - IOException caught
inAMQProtocolSession(/127.0.0.1:47318), session closed implictly:
java.io.IOException: Connection reset by peer
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233)
at sun.nio.ch.IOUtil.read(IOUtil.java:206)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:207)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:272)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:246)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$500(SocketIoProcessor.java:44)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:564)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:43)
at java.lang.Thread.run(Thread.java:595)
Not really sure what's going on with this. It looks like the connection is
closed without proper notification.
--Kevin
Index:
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
===================================================================
---
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
(revision 509569)
+++
broker/src/main/java/org/apache/qpid/server/transport/ConnectorConfiguration.java
(working copy)
@@ -41,11 +41,7 @@
@Configured(path = "connector.bind",
defaultValue = "wildcard")
public String bindAddress;
-
- @Configured(path = "connector.sslport",
- defaultValue = SSL_PORT)
- public int sslPort;
-
+
@Configured(path = "connector.socketReceiveBuffer",
defaultValue = "32767")
public int socketReceiveBufferSize;
@@ -74,6 +70,14 @@
defaultValue = "false")
public boolean enableSSL;
+ @Configured(path = "connector.ssl.sslOnly",
+ defaultValue = "true")
+ public boolean sslOnly;
+
+ @Configured(path = "connector.ssl.port",
+ defaultValue = SSL_PORT)
+ public int sslPort;
+
@Configured(path = "connector.ssl.keystorePath",
defaultValue = "none")
public String keystorePath;
Index: broker/src/main/java/org/apache/qpid/server/Main.java
===================================================================
--- broker/src/main/java/org/apache/qpid/server/Main.java (revision
509569)
+++ broker/src/main/java/org/apache/qpid/server/Main.java (working copy)
@@ -67,9 +67,6 @@
private static final String DEFAULT_LOG_CONFIG_FILENAME = "log4j.xml";
-
- private static Main _instance;
-
protected static class InitException extends Exception
{
InitException(String msg)
@@ -323,8 +320,8 @@
{
sconfig.setThreadModel(ReadWriteThreadModel.getInstance());
}
-
- if (!connectorConfig.enableSSL)
+
+ if (!connectorConfig.sslOnly)
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
InetSocketAddress bindAddress;
@@ -340,7 +337,7 @@
_logger.info("Qpid.AMQP listening on non-SSL address " +
bindAddress);
}
- else
+ if (connectorConfig.enableSSL)
{
AMQPFastProtocolHandler handler = new
AMQPProtocolProvider().getHandler();
try
@@ -364,7 +361,7 @@
public static void main(String[] args)
{
- _instance = new Main(args);
+ new Main(args);
}
private byte[] parseIP(String address) throws Exception
Index: broker/etc/config.xml
===================================================================
--- broker/etc/config.xml (revision 509569)
+++ broker/etc/config.xml (working copy)
@@ -28,6 +28,7 @@
to enable SSL support
<ssl>
<enabled>true</enabled>
+ <sslOnly>true</sslOnly>
<keystorePath>/path/to/keystore.ks</keystorePath>
<keystorePassword>keystorepass</keystorePassword>
</ssl>-->
