[jira] [Created] (PROTON-172) Implement SSL within proton-j
Philip Harvey created PROTON-172: Summary: Implement SSL within proton-j Key: PROTON-172 URL: https://issues.apache.org/jira/browse/PROTON-172 Project: Qpid Proton Issue Type: New Feature Components: proton-j Reporter: Philip Harvey Assignee: Philip Harvey Implement SSL within proton-j -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (PROTON-172) Implement SSL within proton-j
[ https://issues.apache.org/jira/browse/PROTON-172?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Keith Wall reassigned PROTON-172: - Assignee: Keith Wall (was: Philip Harvey) Implement SSL within proton-j - Key: PROTON-172 URL: https://issues.apache.org/jira/browse/PROTON-172 Project: Qpid Proton Issue Type: New Feature Components: proton-j Reporter: Philip Harvey Assignee: Keith Wall Attachments: 0001-PROTON-172-Java-SSL-implementation-enable-system-tes.patch, 0002-PROTON-172-Extra-tests-and-enhanced-pump-method.patch Implement SSL within proton-j -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-172) Implement SSL within proton-j
[ https://issues.apache.org/jira/browse/PROTON-172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506436#comment-13506436 ] Keith Wall commented on PROTON-172: --- First patch applied (0001-PROTON-172-Java-SSL-implementation-enable-system-tes.patch) Implement SSL within proton-j - Key: PROTON-172 URL: https://issues.apache.org/jira/browse/PROTON-172 Project: Qpid Proton Issue Type: New Feature Components: proton-j Reporter: Philip Harvey Assignee: Keith Wall Attachments: 0001-PROTON-172-Java-SSL-implementation-enable-system-tes.patch, 0002-PROTON-172-Extra-tests-and-enhanced-pump-method.patch Implement SSL within proton-j -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
Proton 0.3 ETA?
Hi guys, proton-j has really mad some major advancements in stability/correctness since the 0.2 release. I'm really happy with the current state of proton's trunk. What are the chances we can cut a 0.3 release soon? -- ** *Hiram Chirino* *Engineering | Red Hat, Inc.* *hchir...@redhat.com hchir...@redhat.com | fusesource.com | redhat.com* *skype: hiramchirino | twitter: @hiramchirinohttp://twitter.com/hiramchirino * *blog: Hiram Chirino's Bit Mojo http://hiramchirino.com/blog/*
[jira] [Commented] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506551#comment-13506551 ] Hiram Chirino commented on PROTON-168: -- OS X is generating too many warnings to fix at this point in time. I'd like to have at least compiling version of proton on OS X since that is my primary development platform and I'd like to be able to test against it. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: clock.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-164) Messenger not handling connection errors properly
[
https://issues.apache.org/jira/browse/PROTON-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506646#comment-13506646
]
Rafael H. Schloming commented on PROTON-164:
Having looked into this a little more, I believe one of the issues here is that
the peer is sending a close frame without ever sending an open frame. Strictly
speaking this is not a valid protocol sequence, although obviously it's still
incorrect to hang under these circumstances.
Messenger not handling connection errors properly
-
Key: PROTON-164
URL: https://issues.apache.org/jira/browse/PROTON-164
Project: Qpid Proton
Issue Type: Bug
Components: proton-c
Affects Versions: 0.2
Reporter: Affan Dar
Labels: messenger
Fix For: 0.3
There seems to be an issue with redirects and maybe connection level errors
in general where the client seems to get stuck.
E.g. in the following scenario where the server sends back a CLOSE frame to
the proton client with the ‘redirect’ error. The client should sent back a
CLOSE frame but instead it gets stuck (the send sample app does not proceed
and eventually you have to Ctrl+C it).
Connected to INT7-SN1-008-23257-0-9.servicebus.int7.windows-int.net:5671
- SASL
[0x25dd720:0] - SASL-INIT @65 [:PLAIN, b]
- SASL
[0x25dd720:0] - SASL-MECHANISMS @64 [@PN_SYMBOL[:PLAIN, :EXTERNAL]]
[0x25dd720:0] - SASL-OUTCOME @68 [0, bWelcome!]
- AMQP
[0x25d7e60:0] - OPEN @16 [0c753746-89de-4c4c-bd17-fb6d6e36a081,
INT7-SN1-008-23257-0-9.servicebus.int7.windows-int.net, null, null, null,
null, null, null, null]
[0x25d7e60:1] - BEGIN @17 [null, 0, 1024, 1024]
[0x25d7e60:1] - ATTACH @18 [sender-xxx, 1, false, null, null, @40 [q1,
0, null, 0, false, null, null, null, null, null, null], @41 [q1, 0, null,
0, false, null, null], null, null, 0]
- AMQP
[0x25d7e60:0] - CLOSE @24 [@29 [:amqp:connection:redirect, Exception of
type 'Microsoft.ServiceBus.Messaging.Amqp.AmqpException' was
thrown..TrackingId:eb33c8f31c9f4b0c9a2c8aa7c2622ca7_G3,TimeStamp:11/27/2012
6:06:24 AM,
{:hostname=INT7-SN1-008-23257-0-9.servicebus.int7.windows-int.net,
:network-host=70.37.116.39, :port=5671}]]
Debugging through the code a little bit, it seems like the client is
expecting to receive more data from the socket and keeps on waiting since the
default timeout is infinite.
Please let me know if more details are required.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506767#comment-13506767 ] Hiram Chirino commented on PROTON-168: -- Hi Andrew, Warnings would still be on, and you can seem them when you build. The change only disables failing the build when on OS X due to the warnings. Until all warnings are resolved on OS X, I see no other sensible solution. A slightly buggy build is better than no build at all in my book. Here are the warnings: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘_log_ssl_error’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:134: warning: ‘ERR_get_error’ is deprecated (declared at /usr/include/openssl/err.h:266) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:136: warning: ‘ERR_error_string_n’ is deprecated (declared at /usr/include/openssl/err.h:280) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:138: warning: ‘ERR_get_error’ is deprecated (declared at /usr/include/openssl/err.h:266) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘ssl_failed’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:158: warning: ‘ERR_get_error’ is deprecated (declared at /usr/include/openssl/err.h:266) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:160: warning: ‘ERR_error_string_n’ is deprecated (declared at /usr/include/openssl/err.h:280) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘get_dh2048’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:250: warning: ‘DH_new’ is deprecated (declared at /usr/include/openssl/dh.h:184) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:251: warning: ‘BN_bin2bn’ is deprecated (declared at /usr/include/openssl/bn.h:422) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:252: warning: ‘BN_bin2bn’ is deprecated (declared at /usr/include/openssl/bn.h:422) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:254: warning: ‘DH_free’ is deprecated (declared at /usr/include/openssl/dh.h:185) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘pn_ssl_set_credentials’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:273: warning: ‘SSL_CTX_use_certificate_chain_file’ is deprecated (declared at /usr/include/openssl/ssl.h:1403) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:280: warning: ‘SSL_CTX_set_default_passwd_cb’ is deprecated (declared at /usr/include/openssl/ssl.h:1472) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:281: warning: ‘SSL_CTX_set_default_passwd_cb_userdata’ is deprecated (declared at /usr/include/openssl/ssl.h:1473) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:284: warning: ‘SSL_CTX_use_PrivateKey_file’ is deprecated (declared at /usr/include/openssl/ssl.h:1401) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:289: warning: ‘SSL_CTX_check_private_key’ is deprecated (declared at /usr/include/openssl/ssl.h:1475) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:300: warning: ‘SSL_CTX_set_cipher_list’ is deprecated (declared at /usr/include/openssl/ssl.h:1345) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘pn_ssl_set_trusted_ca_db’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:337: warning: ‘SSL_CTX_load_verify_locations’ is deprecated (declared at /usr/include/openssl/ssl.h:1572) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘pn_ssl_set_peer_authentication’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:398: warning: ‘SSL_load_client_CA_file’ is deprecated (declared at /usr/include/openssl/ssl.h:1404) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:400: warning: ‘SSL_CTX_set_client_CA_list’ is deprecated (declared at /usr/include/openssl/ssl.h:1542) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:407: warning: ‘SSL_CTX_set_verify’ is deprecated (declared at /usr/include/openssl/ssl.h:1459) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:416: warning: ‘SSL_CTX_set_verify’ is deprecated (declared at /usr/include/openssl/ssl.h:1459) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘pn_ssl_get_cipher_name’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:457: warning: ‘SSL_get_current_cipher’ is deprecated (declared at /usr/include/openssl/ssl.h:1357) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:458: warning: ‘SSL_CIPHER_get_name’ is deprecated (declared at /usr/include/openssl/ssl.h:1360) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c: In function ‘pn_ssl_get_protocol_name’: /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:472: warning: ‘SSL_get_current_cipher’ is deprecated (declared at /usr/include/openssl/ssl.h:1357) /Users/chirino/sandbox/proton/proton-c/src/ssl/openssl.c:473: warning: ‘SSL_CIPHER_get_version’ is
[jira] [Commented] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506771#comment-13506771 ] Andy Goldstein commented on PROTON-168: --- Apple has essentially deprecated OpenSSL in OS X Lion and beyond. You get tons of deprecation warnings that become errors with -Werror (although now that I build this with the latest cmake from homebrew, the warnings are generated but don't appear to become errors). For reference, see: http://stackoverflow.com/questions/7406946/why-is-apple-deprecating-openssl-in-macos-10-7-lion http://ludovicrousseau.blogspot.com/2011/08/mac-os-x-lion-and-openssl.html I'll attach the output from my build. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Andy Goldstein updated PROTON-168: -- Attachment: build.log Output from make on my Mac Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Comment Edited] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506776#comment-13506776 ] Andrew Stitcher edited comment on PROTON-168 at 11/29/12 8:51 PM: -- Since the wholesale deprecation is only openSSL I suggest we just turn the -Werror off only for openssl.c on MacOS. I note from Andy's log that the compiler is actually clang not gcc, so I'll give that a try on my box and fix any obvious problems. was (Author: astitcher): Since the wholesale depracation is only openSSL I suggest we just turn the -Werror off only for openssl.c on MacOS. I note from Andy's log that the compiler is actually clang not gcc, so I'll give that a try on my box and fix any obvious problems. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506776#comment-13506776 ] Andrew Stitcher commented on PROTON-168: Since the wholesale depracation is only openSSL I suggest we just turn the -Werror off only for openssl.c on MacOS. I note from Andy's log that the compiler is actually clang not gcc, so I'll give that a try on my box and fix any obvious problems. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Hiram Chirino updated PROTON-168: - Attachment: deprecate-pragma.patch Attaching a patch that uses a pragma to disable the ssl deprecation warnings. But there are still loads of other warnings. So I'd still want -Werror disabled until those are fixed. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, deprecate-pragma.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-136) Add support for SSL session resumption
[ https://issues.apache.org/jira/browse/PROTON-136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506780#comment-13506780 ] Rafael H. Schloming commented on PROTON-136: Looks good to me, it would be good if the Java guys could comment on whether this will fit with proton-j. Add support for SSL session resumption -- Key: PROTON-136 URL: https://issues.apache.org/jira/browse/PROTON-136 Project: Qpid Proton Issue Type: New Feature Components: proton-c Affects Versions: 0.3 Reporter: Affan Dar Assignee: Ken Giusti Labels: ssl, sslContext, sslresume Open SSL supports resumption of SSL sessions which by-pass the heavy SSL handshake process. This is critical for scenarios involving low powered devices especially on cellular data networks where bandwidth is precious. It would be great if Proton exposes this ssl resume feature to users. . From: rhs [mailto:rschlom...@gmail.com] Sent: Tuesday, November 13, 2012 11:34 AM To: Affan Dar Cc: David Ingham Subject: Re: SSL session resumption On Tue, Nov 13, 2012 at 8:05 PM, Affan Dar affan...@microsoft.com wrote: Serializing/restoring the whole session state for the messenger will work for the scenario I think. Ok, let's start with this step then. I'm open to providing something finer grained if there is a need, but my preference is to keep it simple for the moment. One more thing, RFC 5077 has another flavor of session resumption which openssl supports (original implemented as RFC 4057 back in 2007 I think). This allows us to resume sessions without carrying state on the server side which as you can imagine is a big deal for service vendors. Probably there is no API level impact if messenger handles the session state itself but just wanted to put this on your radar. Ok, good to know. Could one of you file a JIRA for this upstream? I'm trying to get things a little more organized on the process front and keep everything centralized in JIRA. ;-) --Rafael -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-168) Support for building on OS X
[ https://issues.apache.org/jira/browse/PROTON-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506785#comment-13506785 ] Andrew Stitcher commented on PROTON-168: Ok in order to allow individual developers to turn warnings as errors off I'll introduce a new cmake switch for this. That way you can turn it off for yourself. Support for building on OS X Key: PROTON-168 URL: https://issues.apache.org/jira/browse/PROTON-168 Project: Qpid Proton Issue Type: New Feature Components: proton-c Environment: Mac OS X Lion Reporter: Andy Goldstein Priority: Minor Attachments: build.log, clock.patch, deprecate-pragma.patch, nowerror.patch, proton-168.patch, PROTON-168-v2.patch, SO_NOSIGPIPE.patch I did some quick hacky work to get proton-c to compile on my Mac running Lion. I also have homebrew installed and use that to supply any libraries that are necessary but not included by default on the Mac. I'm attaching my quick patch, and it would be great if someone could take it and update it so it's more robust and commit-quality :-) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (PROTON-92) Adds Perl language bindings to Proton.
[ https://issues.apache.org/jira/browse/PROTON-92?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Darryl L. Pierce resolved PROTON-92. Resolution: Fixed Fix Version/s: 0.3 Adds Perl language bindings to Proton. -- Key: PROTON-92 URL: https://issues.apache.org/jira/browse/PROTON-92 Project: Qpid Proton Issue Type: Sub-task Components: proton-c Reporter: Darryl L. Pierce Assignee: Darryl L. Pierce Fix For: 0.3 Attachments: 0001-PROTON-92-Adds-Perl-language-bindings-to-Proton.patch This change takes the basic Proton C APIs and makes them available as APIs witin the cproton_perl namespace. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (PROTON-95) Provide an upstream source tarball for the Perl language bindings
[ https://issues.apache.org/jira/browse/PROTON-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Darryl L. Pierce resolved PROTON-95. Resolution: Fixed Fix Version/s: 0.3 Provide an upstream source tarball for the Perl language bindings - Key: PROTON-95 URL: https://issues.apache.org/jira/browse/PROTON-95 Project: Qpid Proton Issue Type: Sub-task Components: proton-c Reporter: Darryl L. Pierce Assignee: Darryl L. Pierce Fix For: 0.3 Attachments: 0005-PROTON-95-Added-distribution-files-for-the-Perl-lang.patch, 0006-PROTON-95-Provides-a-new-release-target-for-tarring-.patch Adds new files for the distribution (README, TODO and ChangeLog). Also adds a target to the release.sh file to bundle these together into a tarball. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (PROTON-161) SSL impl does not allow verification of the peer's identity
[ https://issues.apache.org/jira/browse/PROTON-161?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13506847#comment-13506847 ] Ken Giusti commented on PROTON-161: --- Here's something to consider: The TLS handshake allows the client to send to the server the hostname the client is attempting to connect to at the start of the handshaking process (Server Name Indication - RFC3546). My understanding is that this hostname is also the name the client should use when checking the name given in the server's certificate. Since we can't advertise a wildcarded hostname, I'd like to supply two separate configuration options for hostname verification: 1) allow the configuration of the expected peer hostname for a given SSL connection. This name will be sent by client connections when the handshake starts. 2) optionally, specify a match pattern to use when verifying the received peer certificate. If only 1 is applied (2 not used - no pattern specified), then the default verification behavior would be to perform an exact match of the hostname against the name supplied in the peer's certificate. if 2 is applied, then the certificate match is performed using the given pattern/hostname string, perhaps restricted by some flag values. Neither applied - no hostname verification (risky). Perhaps something like: pn_ssl_set_peer_hostname( pn_ssl_t *, const char *) // send this exact string as SNI during handshake pn_ssl_set_peer_hostname_match( pn_ssl_t *, const char *pattern, enum match_flags) match_flags would be something like: MATCH_EXACT - default, perform simple exact string compare MATCH_WILDCARD - a * in the pattern string performs a greedy match: *.bar.com allows foo.bar.com, foo.boo.bar.com MATCH_DNS_WILDCARD - a * will not match ., so *.bar.com will match foo.bar.com, but not foo.boo.bar.com... others? Opinions? SSL impl does not allow verification of the peer's identity --- Key: PROTON-161 URL: https://issues.apache.org/jira/browse/PROTON-161 Project: Qpid Proton Issue Type: Bug Components: proton-c Affects Versions: 0.3 Reporter: Ken Giusti Assignee: Ken Giusti Priority: Blocker The current SSL implementation validates the peer's certificate, and will not permit the connection to come up if the certificate is invalid. However - it does not provide a way to check if the peer's identity as provided in the certificate is the expected identity (eg, the same hostname used to set up the TCP connection). While a certificate may be valid (that is, signed by a CA trusted by the client), it may not belong to the intended destination. RFC2818 explains how this should be done - see section 3.1 Server Identity. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
Perl language bindings are now pushed...
I've pushed the Perl language bindings as well as the send/recv examples for using the qpid::proton::Messenger and qpid::proton::Message classes. -- Darryl L. Pierce, Sr. Software Engineer @ Red Hat, Inc. Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ pgpx2SFeVXJm4.pgp Description: PGP signature
