Re: initial release candidate
The following patch fixes the problem with older versions of the SSL library. It also works on the latest Fedora 17, so I think it's low risk. Shall I commit it? 8 diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c index 6ea951f..dd775cd 100644 --- a/proton-c/src/ssl/openssl.c +++ b/proton-c/src/ssl/openssl.c @@ -296,6 +296,14 @@ int pn_ssl_set_credentials( pn_ssl_t *ssl, ssl-has_certificate = true; + // bug in older versions of OpenSSL: servers may request client cert even if anonymous + // cipher was negotiated. TLSv1 will reject such a request. Hack: once a cert is + // configured, allow only authenticated ciphers. + if (!SSL_CTX_set_cipher_list( ssl-ctx, CIPHERS_AUTHENTICATE )) { + _log_ssl_error(ssl, Failed to set cipher list to %s\n, CIPHERS_AUTHENTICATE); + return -6; + } + _log( ssl, Configured local certificate file %s\n, certificate_file ); return 0; } @@ -543,6 +551,7 @@ pn_ssl_t *pn_ssl(pn_transport_t *transport) ssl_initialized = 1; SSL_library_init(); SSL_load_error_strings(); +OpenSSL_add_all_algorithms(); } pn_ssl_t *ssl = calloc(1, sizeof(pn_ssl_t)); 8 - Original Message - Interesting - that test uses a certificate I created and checked into the repo. I generated the certificate using a newer toolset. I'll have a look at it... -K - Original Message - My (64-bit) Ubuntu 12.04 works fine... On Ubuntu 10.04 I'm seeing SSL errors... presumably these are related to the age of the ssl library and the algorithms it supports... proton_tests.ssl.SslTest.test_client_authentication .SSL_CTX_use_PrivateKey_file( /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl_db/server-private-key.pem ) failed error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl.py, line 130, in test_client_authentication server-password) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2111, in set_credentials password) ) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2096, in _check raise exc(SSL failure.) SSLException: SSL failure. -- Rob On 24 October 2012 18:05, Ken Giusti kgiu...@redhat.com wrote: Ubuntu 12.04-1 LTS, fully patched and up to date: 1) had to install the following packages - similar to the README, but ubuntu specific: sudo apt-get install cmake swig libssl-dev python-dev ruby ruby-dev python-epydoc uuid-dev [note: cmake is version 2.8.7, so I didn't get that OPTIONAL issue] 2) make and install went well! 3) example/send.py and recv.py worked - need to try with SSL next.. 4) am seeing a failure in the python-tests: proton_tests.codec.DataTest.testDecimal128 pass proton_tests.codec.DataTest.testDecimal32 . pass proton_tests.codec.DataTest.testDecimal64 . fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 246, in testDecimal64 self._test(decimal64, 0, 1, 2, 3, 4, 2**60) File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 183, in _test putter(v) File /home/kgiusti/proton-rc/install/lib/python2.7/dist-packages/proton.py, line 1134, in put_decimal64 self._check(pn_data_put_decimal64(self._data, d)) TypeError: in method 'pn_data_put_decimal64', argument 2 of type 'pn_decimal64_t' proton_tests.codec.DataTest.testDescribedEmptyArray ... pass This happens to be on a 32-bit VM - I'll look into it. -K - Original Message - Hi Everyone, I've posted an initial release candidate here: http
Re: initial release candidate
On Wed, Oct 24, 2012 at 8:20 AM, Rob Godfrey rob.j.godf...@gmail.comwrote: The proton-j package doesn't seem to have a README or a LICENSE file included. The maven build can't run the tests as the directory structure doesn't include all the necessary files (nor does it have the same structure as the svn). Which files are missing? As an aside, the checkin for PROTON-85 caused failure of the tests when run against proton-j. This was due to Jython not converting Python UUIDs to Java UUIDs. I've now checked in a change to the shim which handles this conversion (inelegantly) and the tests now pass. This got picked up in RC2. --Rafael
Re: initial release candidate
Ubuntu 12.04-1 LTS, fully patched and up to date: 1) had to install the following packages - similar to the README, but ubuntu specific: sudo apt-get install cmake swig libssl-dev python-dev ruby ruby-dev python-epydoc uuid-dev [note: cmake is version 2.8.7, so I didn't get that OPTIONAL issue] 2) make and install went well! 3) example/send.py and recv.py worked - need to try with SSL next.. 4) am seeing a failure in the python-tests: proton_tests.codec.DataTest.testDecimal128 pass proton_tests.codec.DataTest.testDecimal32 . pass proton_tests.codec.DataTest.testDecimal64 . fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 246, in testDecimal64 self._test(decimal64, 0, 1, 2, 3, 4, 2**60) File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 183, in _test putter(v) File /home/kgiusti/proton-rc/install/lib/python2.7/dist-packages/proton.py, line 1134, in put_decimal64 self._check(pn_data_put_decimal64(self._data, d)) TypeError: in method 'pn_data_put_decimal64', argument 2 of type 'pn_decimal64_t' proton_tests.codec.DataTest.testDescribedEmptyArray ... pass This happens to be on a 32-bit VM - I'll look into it. -K - Original Message - Hi Everyone, I've posted an initial release candidate here: http://people.apache.org/~rhs/qpid-proton-0.1/ Please keep in mind there hasn't been a wide variety of install testing so go ahead and try on as many different OS distro/versions as you can find and let me know if/when things break. --Rafael
Re: initial release candidate
My (64-bit) Ubuntu 12.04 works fine... On Ubuntu 10.04 I'm seeing SSL errors... presumably these are related to the age of the ssl library and the algorithms it supports... proton_tests.ssl.SslTest.test_client_authentication .SSL_CTX_use_PrivateKey_file( /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl_db/server-private-key.pem ) failed error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl.py, line 130, in test_client_authentication server-password) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2111, in set_credentials password) ) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2096, in _check raise exc(SSL failure.) SSLException: SSL failure. -- Rob On 24 October 2012 18:05, Ken Giusti kgiu...@redhat.com wrote: Ubuntu 12.04-1 LTS, fully patched and up to date: 1) had to install the following packages - similar to the README, but ubuntu specific: sudo apt-get install cmake swig libssl-dev python-dev ruby ruby-dev python-epydoc uuid-dev [note: cmake is version 2.8.7, so I didn't get that OPTIONAL issue] 2) make and install went well! 3) example/send.py and recv.py worked - need to try with SSL next.. 4) am seeing a failure in the python-tests: proton_tests.codec.DataTest.testDecimal128 pass proton_tests.codec.DataTest.testDecimal32 . pass proton_tests.codec.DataTest.testDecimal64 . fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 246, in testDecimal64 self._test(decimal64, 0, 1, 2, 3, 4, 2**60) File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 183, in _test putter(v) File /home/kgiusti/proton-rc/install/lib/python2.7/dist-packages/proton.py, line 1134, in put_decimal64 self._check(pn_data_put_decimal64(self._data, d)) TypeError: in method 'pn_data_put_decimal64', argument 2 of type 'pn_decimal64_t' proton_tests.codec.DataTest.testDescribedEmptyArray ... pass This happens to be on a 32-bit VM - I'll look into it. -K - Original Message - Hi Everyone, I've posted an initial release candidate here: http://people.apache.org/~rhs/qpid-proton-0.1/ Please keep in mind there hasn't been a wide variety of install testing so go ahead and try on as many different OS distro/versions as you can find and let me know if/when things break. --Rafael
Re: initial release candidate
Interesting - that test uses a certificate I created and checked into the repo. I generated the certificate using a newer toolset. I'll have a look at it... -K - Original Message - My (64-bit) Ubuntu 12.04 works fine... On Ubuntu 10.04 I'm seeing SSL errors... presumably these are related to the age of the ssl library and the algorithms it supports... proton_tests.ssl.SslTest.test_client_authentication .SSL_CTX_use_PrivateKey_file( /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl_db/server-private-key.pem ) failed error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown pbe algorithm error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/rob/qpid-proton-c-0.1/tests/proton_tests/ssl.py, line 130, in test_client_authentication server-password) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2111, in set_credentials password) ) File /home/rob/qpid-proton-c-0.1/bindings/python/proton.py, line 2096, in _check raise exc(SSL failure.) SSLException: SSL failure. -- Rob On 24 October 2012 18:05, Ken Giusti kgiu...@redhat.com wrote: Ubuntu 12.04-1 LTS, fully patched and up to date: 1) had to install the following packages - similar to the README, but ubuntu specific: sudo apt-get install cmake swig libssl-dev python-dev ruby ruby-dev python-epydoc uuid-dev [note: cmake is version 2.8.7, so I didn't get that OPTIONAL issue] 2) make and install went well! 3) example/send.py and recv.py worked - need to try with SSL next.. 4) am seeing a failure in the python-tests: proton_tests.codec.DataTest.testDecimal128 pass proton_tests.codec.DataTest.testDecimal32 . pass proton_tests.codec.DataTest.testDecimal64 . fail Error during test: Traceback (most recent call last): File ./proton-test, line 331, in run phase() File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 246, in testDecimal64 self._test(decimal64, 0, 1, 2, 3, 4, 2**60) File /home/kgiusti/proton-rc/qpid-proton-c-0.1/tests/proton_tests/codec.py, line 183, in _test putter(v) File /home/kgiusti/proton-rc/install/lib/python2.7/dist-packages/proton.py, line 1134, in put_decimal64 self._check(pn_data_put_decimal64(self._data, d)) TypeError: in method 'pn_data_put_decimal64', argument 2 of type 'pn_decimal64_t' proton_tests.codec.DataTest.testDescribedEmptyArray ... pass This happens to be on a 32-bit VM - I'll look into it. -K - Original Message - Hi Everyone, I've posted an initial release candidate here: http://people.apache.org/~rhs/qpid-proton-0.1/ Please keep in mind there hasn't been a wide variety of install testing so go ahead and try on as many different OS distro/versions as you can find and let me know if/when things break. --Rafael